Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
http://www.searchqu.com - ändert die Startseite .

http://www.searchqu.com - ändert die Startseite .


Log-Analyse und Auswertung: http://www.searchqu.com - ändert die Startseite .

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.05.2011, 11:56   #1
sangria0815
 
http://www.searchqu.com - ändert die Startseite . - Standard

http://www.searchqu.com - ändert die Startseite .


Hi , also seit einer weile , glaube nach der Instalation von Landwirtschaftssimulatur 2011 , ändert folgende seite " hxxp://www.searchqu.com " immer wieder die Startseite von Firefox ... Danke für Eure unterstüzung . Ronny OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.05.2011 12:41:19 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marcus Albert\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,79 Gb Total Space | 190,56 Gb Free Space | 81,86% Space Free | Partition Type: NTFS
Drive D: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCUS | User Name: Marcus Albert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.04 12:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\OTL.exe
PRC - [2011.04.29 13:46:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\sched.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.13 19:40:04 | 000,481,960 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\AVWEBGRD.EXE
PRC - [2011.04.13 19:40:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\avguard.exe
PRC - [2011.03.22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.03.14 13:24:26 | 001,221,520 | ---- | M] (Bandoo Media Inc.) -- C:\PROGRA~2\Bandoo\BndCore.exe
PRC - [2011.03.14 13:24:24 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\PROGRA~2\Bandoo\Bandoo.exe
PRC - [2011.03.02 16:15:13 | 001,115,536 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.01.10 14:14:33 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\avmailc.exe
PRC - [2011.01.10 14:14:32 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\avfwsvc.exe
PRC - [2011.01.10 14:14:32 | 000,342,696 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\WISO Internet Security\avgnt.exe
PRC - [2010.08.23 13:22:10 | 000,102,224 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe
PRC - [2009.06.05 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.04.07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.05.28 18:47:14 | 000,582,360 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe
PRC - [2008.05.28 18:47:08 | 000,447,192 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden Korrektor\DKCore.exe
PRC - [2008.05.09 09:25:38 | 009,142,272 | ---- | M] (Bibliographisches Institut & F. A. Brockhaus AG) -- C:\Program Files (x86)\Office-Bibliothek\officebib.exe
PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.04 12:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.02.01 12:57:24 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.04.29 13:46:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\WISO Internet Security\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.13 23:47:52 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.04.13 19:40:04 | 000,481,960 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\WISO Internet Security\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.04.13 19:40:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\WISO Internet Security\avguard.exe -- (AntiVirService)
SRV - [2011.03.14 13:24:24 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\PROGRA~2\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011.01.10 14:14:33 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\WISO Internet Security\avmailc.exe -- (AntiVirMailService)
SRV - [2011.01.10 14:14:32 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\WISO Internet Security\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.01 13:02:24 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 12:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.04.14 10:42:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.04.14 10:42:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.10 14:15:03 | 000,126,792 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2011.01.10 14:15:03 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.01.10 14:15:03 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.06.17 14:22:16 | 000,098,120 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2010.03.23 02:17:06 | 002,061,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 12:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.06.18 04:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.06.18 04:07:38 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 C3 C1 DB 66 FA CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/"
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.04 08:16:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.13 23:31:14 | 000,000,000 | ---D | M]
 
[2011.04.14 13:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus Albert\AppData\Roaming\mozilla\Extensions
[2011.04.30 16:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus Albert\AppData\Roaming\mozilla\Firefox\Profiles\7oj22mpo.default\extensions
[2011.04.30 16:50:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Marcus Albert\AppData\Roaming\mozilla\Firefox\Profiles\7oj22mpo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.14 13:17:54 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Marcus Albert\AppData\Roaming\mozilla\Firefox\Profiles\7oj22mpo.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.04.14 13:17:33 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Marcus Albert\AppData\Roaming\mozilla\Firefox\Profiles\7oj22mpo.default\extensions\firefox@bandoo.com
[2011.05.04 08:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\MARCUS ALBERT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7OJ22MPO.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.02 10:09:41 | 000,005,529 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\WISO Internet Security\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Allway Sync] C:\Program Files (x86)\Allway Sync\Bin\syncappw.exe ()
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [Epson Stylus Office BX310FN(Netzwerk)] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\WISO Internet Security\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\progra~2\wia6eb~1\datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\iebho.dll) - c:\progra~2\wia6eb~1\datamngr\iebho.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a126e067-664f-11e0-927e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a126e067-664f-11e0-927e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe -- [2010.11.18 16:27:48 | 001,419,984 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.04 12:40:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.04 12:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.04 12:39:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.05.04 12:34:32 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Marcus Albert\Desktop\Erunt-setup.exe
[2011.05.04 12:34:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\OTL.exe
[2011.05.04 12:34:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\TFC.exe
[2011.05.04 08:15:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{4CD0FE4A-8999-46E7-9EAF-0BD916F7D89B}
[2011.05.03 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{6B8664F9-7F5E-4AD8-BD06-170A74D609F2}
[2011.05.02 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{5AE225F4-EB4B-4AFF-9755-67FF9077151B}
[2011.05.02 11:04:30 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{7DA76B2B-07B2-4DAB-8789-B71154C5C4D8}
[2011.05.02 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{3ACA2EA6-6EC3-4768-A1D6-C2B8FC28066D}
[2011.05.02 09:07:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{46B3C20B-D0C2-4D00-89BF-8752A9B3D148}
[2011.05.01 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{92D48671-EF56-4F42-BC54-6BACD7ABBD78}
[2011.05.01 10:32:19 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{034EE2CD-AB25-460A-B3EB-93D3DF9B3A18}
[2011.04.30 10:57:17 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{8AB1169D-5607-4401-9B17-BCCBD7ED2E87}
[2011.04.29 17:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2011.04.29 13:43:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{401E30F2-07D0-46B7-88A3-CA19D49D34AE}
[2011.04.22 07:58:51 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{7ED7948D-E258-43B0-ADF3-F087A6043AAD}
[2011.04.21 15:31:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{D2FCB9EC-EC71-4164-9D5C-A3BA4EDBC34C}
[2011.04.20 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{50CC3050-1A54-4D53-9B7B-83529F15B454}
[2011.04.19 18:11:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.19 12:42:25 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{E316777C-1A1B-4C3D-AA47-0981252EDC19}
[2011.04.18 18:54:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{B48490A2-76A9-4C67-9E5E-3643224F150D}
[2011.04.18 13:42:51 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{1EB9230D-E319-40CA-A64F-48AA4E8C5CE4}
[2011.04.17 20:27:52 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{1D35EF48-0DDC-40F8-85C1-03737EE37592}
[2011.04.17 08:27:26 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{C101DA6E-0B5B-464D-A8E0-5192544D5BDA}
[2011.04.17 08:27:26 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{5B73744C-FCD6-4FBD-B728-81CC7E671ADB}
[2011.04.16 12:12:48 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{3FE0B6F5-667A-44F0-9BEB-12FC0C9E659C}
[2011.04.15 21:06:47 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{B2621701-DA94-495C-B292-56D71F6D135D}
[2011.04.15 12:54:19 | 000,000,000 | ---D | C] -- C:\0375a911f87d3c0596978ff1
[2011.04.15 11:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
[2011.04.15 09:05:17 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{8B2D787F-27DC-48FA-BDBF-5B6AA1BD3DD6}
[2011.04.15 07:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011.04.15 07:50:21 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Epson
[2011.04.15 07:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011.04.15 07:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011.04.15 07:49:53 | 000,000,000 | ---D | C] -- C:\Programme\EpsonNet
[2011.04.15 07:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2011.04.15 07:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2011.04.15 07:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011.04.15 07:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011.04.15 07:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011.04.15 07:18:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{AAC0093D-6678-42C5-9D57-F838D77C9383}
[2011.04.14 19:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.04.14 19:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011.04.14 19:36:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011.04.14 19:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.04.14 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\PCTV Systems
[2011.04.14 13:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCTV Systems
[2011.04.14 13:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.04.14 13:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.04.14 13:20:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Documents\Meine empfangenen Dateien
[2011.04.14 13:17:55 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Bandoo
[2011.04.14 13:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2011.04.14 13:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011.04.14 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011.04.14 13:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo
[2011.04.14 13:14:58 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\{FD6A84F0-0377-46EE-8A22-648E6A67E239}
[2011.04.14 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Tracing
[2011.04.14 12:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011.04.14 12:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.04.14 12:54:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.04.14 12:52:29 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Windows Live
[2011.04.14 12:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011.04.14 12:31:52 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Documents\ANNO 1404 Venedig
[2011.04.14 11:00:23 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Ubisoft
[2011.04.14 10:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.04.14 10:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2011.04.14 10:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011.04.14 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Documents\My Games
[2011.04.14 10:28:38 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Documents\Updater
[2011.04.14 08:49:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\WISO Internet Security
[2011.04.14 08:45:56 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Buhl Data Service
[2011.04.14 08:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Internet Security
[2011.04.14 08:45:31 | 000,824,584 | ---- | C] (DataDesign AG) -- C:\Windows\SysWow64\ddbaccpl.cpl
[2011.04.14 08:45:31 | 000,658,432 | ---- | C] (Buhl Data Service GmbH) -- C:\Windows\fpuninst.exe
[2011.04.14 08:45:31 | 000,226,568 | ---- | C] (DataDesign AG) -- C:\Windows\SysWow64\ddbacctm.cpl
[2011.04.14 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LetsTrade
[2011.04.14 08:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\fun communications
[2011.04.14 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataDesign
[2011.04.14 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign
[2011.04.14 08:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Buhl Data Service
[2011.04.14 08:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.04.14 08:44:44 | 000,126,792 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011.04.14 08:44:44 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.04.14 08:44:44 | 000,098,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011.04.14 08:44:44 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.04.14 08:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WISO Internet Security
[2011.04.14 08:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WISO Internet Security
[2011.04.14 08:44:02 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\InstallShield
[2011.04.14 08:43:37 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Buhl Data Service
[2011.04.14 07:56:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.04.14 07:46:44 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Mozilla
[2011.04.14 07:46:44 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Mozilla
[2011.04.14 07:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.04.14 07:39:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Diagnostics
[2011.04.14 07:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.04.14 07:33:36 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2011.04.14 07:33:29 | 002,610,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.04.14 07:33:29 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.04.14 07:33:29 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.04.14 07:33:29 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.04.14 07:33:29 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.04.14 07:33:29 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.04.14 07:33:29 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.04.14 07:33:29 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.04.14 07:33:29 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.04.14 07:33:29 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.04.14 07:33:29 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.04.14 07:33:29 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.04.14 07:33:29 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.04.14 07:33:28 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.04.14 07:33:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.04.14 07:33:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.04.14 07:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.04.14 07:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.04.14 07:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.04.14 07:30:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.04.14 07:27:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.04.14 07:27:05 | 000,014,136 | R--- | C] (BIOSTAR Group) -- C:\Windows\SysWow64\drivers\BIOS64.sys
[2011.04.14 06:39:12 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.04.14 06:39:12 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Searches
[2011.04.14 06:39:12 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.04.14 06:39:03 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Identities
[2011.04.14 06:39:00 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Contacts
[2011.04.14 06:38:59 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\VirtualStore
[2011.04.14 06:38:50 | 000,000,000 | --SD | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Videos
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Saved Games
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Pictures
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Music
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Links
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Favorites
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Downloads
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Documents
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\Desktop
[2011.04.14 06:38:50 | 000,000,000 | R--D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Vorlagen
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\AppData\Local\Verlauf
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\AppData\Local\Temporary Internet Files
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Startmenü
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\SendTo
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Recent
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Netzwerkumgebung
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Lokale Einstellungen
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Documents\Eigene Videos
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Documents\Eigene Musik
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Eigene Dateien
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Documents\Eigene Bilder
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Druckumgebung
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Cookies
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\AppData\Local\Anwendungsdaten
[2011.04.14 06:38:50 | 000,000,000 | -HSD | C] -- C:\Users\Marcus Albert\Anwendungsdaten
[2011.04.14 06:38:50 | 000,000,000 | -H-D | C] -- C:\Users\Marcus Albert\AppData
[2011.04.14 06:38:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Temp
[2011.04.14 06:38:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Microsoft
[2011.04.14 06:38:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Media Center Programs
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.04.14 06:38:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.04.14 06:31:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.04.14 06:28:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.04.14 06:28:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.04.13 23:48:02 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.04.13 23:47:57 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.04.13 23:47:57 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.04.13 23:47:57 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.04.13 23:47:57 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.04.13 23:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
[2011.04.13 23:47:42 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\TuneUp Software
[2011.04.13 23:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2011.04.13 23:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.04.13 23:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.04.13 23:44:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.04.13 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duden
[2011.04.13 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2011.04.13 23:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duden
[2011.04.13 23:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\BIFAB
[2011.04.13 23:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office-Bibliothek
[2011.04.13 23:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office-Bibliothek
[2011.04.13 23:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.04.13 23:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011.04.13 23:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011.04.13 23:30:28 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.04.13 23:30:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.04.13 23:28:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.04.13 23:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.04.13 23:28:04 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Microsoft Help
[2011.04.13 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.04.13 23:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.04.13 23:27:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.04.13 23:16:27 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Corel
[2011.04.13 23:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011.04.13 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2011.04.13 23:10:21 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\Documents\Updater5
[2011.04.13 23:08:29 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.04.13 20:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.04.13 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Google
[2011.04.13 20:44:53 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Macromedia
[2011.04.13 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.13 20:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.04.13 20:37:28 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\WinRAR
[2011.04.13 20:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011.04.13 20:32:44 | 000,000,000 | -H-D | C] -- C:\Users\Marcus Albert\Documents\_SYNCAPP
[2011.04.13 20:26:22 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\vlc
[2011.04.13 20:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.13 20:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.04.13 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Sync App Settings
[2011.04.13 20:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sync App Settings
[2011.04.13 20:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allway Sync
[2011.04.13 20:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Allway Sync
[2011.04.13 20:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011.04.13 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011.04.13 20:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011.04.13 20:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.04.13 20:16:12 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Winamp
[2011.04.13 20:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011.04.13 20:16:12 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\OpenCandy
[2011.04.13 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\Adobe
[2011.04.13 20:10:20 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\Adobe
[2011.04.13 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.04.13 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.04.13 20:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.04.13 19:54:32 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Roaming\TuxPaint
[2011.04.13 19:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tux Paint
[2011.04.13 19:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuxPaint
[2011.04.13 19:25:16 | 000,000,000 | ---D | C] -- C:\Users\Marcus Albert\AppData\Local\ElevatedDiagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.04 12:41:36 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 12:41:36 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.04 12:39:41 | 000,000,928 | ---- | M] () -- C:\Users\Marcus Albert\Desktop\NTREGOPT.lnk
[2011.05.04 12:39:41 | 000,000,909 | ---- | M] () -- C:\Users\Marcus Albert\Desktop\ERUNT.lnk
[2011.05.04 12:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.04 12:36:25 | 3195,559,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.04 12:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\OTL.exe
[2011.05.04 12:34:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Marcus Albert\Desktop\Erunt-setup.exe
[2011.05.04 12:34:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus Albert\Desktop\TFC.exe
[2011.05.04 12:05:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312689796-2724781069-2204273198-1000UA.job
[2011.05.04 10:53:18 | 001,512,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.04 10:53:18 | 000,658,766 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.04 10:53:18 | 000,619,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.04 10:53:18 | 000,132,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.04 10:53:18 | 000,108,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.03 14:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312689796-2724781069-2204273198-1000Core.job
[2011.04.29 17:11:04 | 000,001,287 | ---- | M] () -- C:\Users\Marcus Albert\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011.04.19 18:11:14 | 342,772,812 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.19 12:41:39 | 000,434,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.15 10:57:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.04.15 09:04:16 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.14 13:51:20 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.14 12:12:05 | 000,002,795 | ---- | M] () -- C:\Users\Marcus Albert\Desktop\E-Mail.lnk
[2011.04.14 10:42:38 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.04.14 10:42:37 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.04.14 10:23:06 | 000,003,350 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.04.14 10:19:36 | 000,000,056 | RHS- | M] () -- C:\Windows\SysWow64\B038330148.sys
[2011.04.14 08:45:29 | 000,658,432 | ---- | M] (Buhl Data Service GmbH) -- C:\Windows\fpuninst.exe
[2011.04.14 08:44:51 | 000,129,092 | ---- | M] () -- C:\ProgramData\firstlsp.reg.dat
[2011.04.14 07:46:40 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Internet.lnk
[2011.04.14 06:32:01 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.04.14 06:32:01 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.04.13 23:37:41 | 000,002,697 | ---- | M] () -- C:\Users\Marcus Albert\Desktop\Word.lnk
[2011.04.13 23:09:54 | 000,008,704 | ---- | M] () -- C:\Users\Marcus Albert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 20:47:29 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.04.13 19:54:29 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Tux Paint.lnk
 
========== Files Created - No Company Name ==========
 
[2011.05.04 12:39:41 | 000,000,928 | ---- | C] () -- C:\Users\Marcus Albert\Desktop\NTREGOPT.lnk
[2011.05.04 12:39:41 | 000,000,909 | ---- | C] () -- C:\Users\Marcus Albert\Desktop\ERUNT.lnk
[2011.04.29 17:11:04 | 000,001,287 | ---- | C] () -- C:\Users\Marcus Albert\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011.04.19 18:11:14 | 342,772,812 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.15 10:57:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.04.15 07:53:32 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.15 07:42:45 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.04.15 07:42:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.04.15 07:42:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.04.15 07:42:45 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.04.15 07:42:45 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.04.15 07:42:45 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.04.15 07:42:45 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.04.15 07:42:45 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2011.04.15 07:42:45 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.04.15 07:42:45 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2011.04.15 07:42:45 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2011.04.15 07:42:45 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2011.04.15 07:42:45 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2011.04.15 07:42:45 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2011.04.15 07:42:45 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2011.04.15 07:42:45 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2011.04.15 07:42:45 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2011.04.15 07:42:45 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2011.04.15 07:42:45 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2011.04.15 07:42:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.04.15 07:42:45 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2011.04.15 07:42:45 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2011.04.15 07:42:45 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.04.15 07:42:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.04.15 07:42:45 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.04.15 07:42:45 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.04.15 07:42:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.04.15 07:42:45 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.04.15 07:42:45 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.04.15 07:42:45 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.04.15 07:42:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.04.15 07:42:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.04.14 13:50:50 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.04.14 13:17:30 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.04.14 13:01:07 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.04.14 12:12:05 | 000,002,795 | ---- | C] () -- C:\Users\Marcus Albert\Desktop\E-Mail.lnk
[2011.04.14 10:42:38 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.04.14 10:42:37 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.04.14 10:19:36 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\B038330148.sys
[2011.04.14 08:44:51 | 000,129,092 | ---- | C] () -- C:\ProgramData\firstlsp.reg.dat
[2011.04.14 07:46:40 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.14 07:46:40 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Internet.lnk
[2011.04.14 07:31:47 | 000,006,136 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2011.04.14 06:39:18 | 000,001,409 | ---- | C] () -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.04.14 06:39:14 | 000,001,443 | ---- | C] () -- C:\Users\Marcus Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.04.14 06:31:43 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.04.14 06:31:35 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.04.14 06:28:25 | 3195,559,936 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.13 23:47:51 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2011.04.13 23:37:41 | 000,002,697 | ---- | C] () -- C:\Users\Marcus Albert\Desktop\Word.lnk
[2011.04.13 23:12:39 | 000,003,350 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.04.13 23:09:30 | 000,008,704 | ---- | C] () -- C:\Users\Marcus Albert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 23:09:01 | 000,002,386 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.2.lnk
[2011.04.13 20:47:29 | 000,002,374 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.04.13 20:45:39 | 000,001,156 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312689796-2724781069-2204273198-1000UA.job
[2011.04.13 20:45:37 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2312689796-2724781069-2204273198-1000Core.job
[2011.04.13 20:09:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.13 19:54:29 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Tux Paint.lnk
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.09.06 02:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.05.27 05:17:32 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
 
========== LOP Check ==========
 
[2011.04.14 13:17:55 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\Bandoo
[2011.04.14 08:45:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\Buhl Data Service
[2011.04.15 09:05:00 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\Epson
[2011.04.13 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\OpenCandy
[2011.04.13 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\Sync App Settings
[2011.04.13 23:47:42 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\TuneUp Software
[2011.04.15 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\TuxPaint
[2011.04.14 12:28:38 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\Ubisoft
[2011.04.14 12:14:50 | 000,000,000 | ---D | M] -- C:\Users\Marcus Albert\AppData\Roaming\WISO Internet Security
[2011.04.15 09:04:16 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2009.07.14 07:08:49 | 000,017,262 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---
Alt 04.05.2011, 14:23   #2
markusg
/// Malware-holic
 
http://www.searchqu.com - ändert die Startseite . - Standard

http://www.searchqu.com - ändert die Startseite .


bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________

__________________
Antwort

Themen zu http://www.searchqu.com - ändert die Startseite .
64-bit, adobe, autorun, avgntflt.sys, avira, bandoo, bho, datamngr, datamngr.dll, downloader, error, explorer, firefox, format, google, helper, installation, langs, location, logfile, mozilla, netzwerk, object, oldtimer, photoshop, realtek, registry, scan, searchplugins, searchqu toolbar, security, senden, software, start menu, syswow64, webcheck, windows, wiso


« Internet-Aussetzer / Trojaner? / Bitte logfile ansehen | TR/Kazy.mekml.1 »


Ähnliche Themen: http://www.searchqu.com - ändert die Startseite .


  1. Vista - Malwarebytes findet http://www.searchqu.com/406 und PUP.Optional.Searchqu.A
    Log-Analyse und Auswertung - 16.09.2013 (5)
  2. http://searchqu.com/410 als Startseite – gut oder bösartig? Logs anbei.
    Log-Analyse und Auswertung - 15.07.2012 (11)
  3. ungewollte startseite "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (11)
  4. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 10.01.2012 (24)
  5. als startseite erscheint "http://www.searchqu.com/410"
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (10)
  6. http://www.searchqu.com/420 - Problem!
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (5)
  7. http://www.searchqu.com/410 als Startseite - Frust!
    Log-Analyse und Auswertung - 13.12.2011 (10)
  8. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (30)
  9. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (14)
  10. http://www.searchqu.com/410
    Log-Analyse und Auswertung - 20.11.2011 (36)
  11. nochmal: http://www.searchqu.com/413
    Plagegeister aller Art und deren Bekämpfung - 26.09.2011 (20)
  12. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 01.08.2011 (60)
  13. Startseite der Browser wird immer mit http://www.searchqu.com/406 gestartet
    Log-Analyse und Auswertung - 26.07.2011 (24)
  14. http://www.searchqu.com/406 als Startseite bekomme es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (1)
  15. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 07.07.2011 (8)
  16. Virus: http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (9)
  17. Startseite wird immer mit http://www.searchqu.com/406 gestartet
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema http://www.searchqu.com - ändert die Startseite . - Hi , also seit einer weile , glaube nach der Instalation von Landwirtschaftssimulatur 2011 , ändert folgende seite " hxxp://www.searchqu.com " immer wieder die Startseite von Firefox ... Danke für - http://www.searchqu.com - ändert die Startseite ....
Archiv
Du betrachtest: http://www.searchqu.com - ändert die Startseite . auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131