Fehlerhafte Internetlinks bei Suchmaschinen (Google, Bing..) mit IE / Firefox
Hallo,
ich habe folgendes Problem:
Auf meinem Rechner werden so gut wie alle Links über Suchmaschinen (Google, Bing...) falsch weitergeleitet, egal ob mit IE oder Firefox.
Darüber hinaus gibt es keine Schwierigkeiten, es lassen sich alle Programme öffnen und installieren.
Ich habe im abgesicherten Modus, Ccleaner und Malwarebytes über mein System laufen lassen - infizierte Objekte wurden gefunden & entfernt, leider ohne das Problem zu beheben. Windows Firewall funktioniert auch weiterhin ohne Probleme.
Load.exe wurde wie beschrieben durchgeführt. Logs werden aufgelistet.
Ich wäre sehr sehr dankbar für Hilfe!! OTL-Log: Code:
OTL logfile created on: 06.04.2011 15:51:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\kandeseb\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 145,47 Gb Free Space | 66,67% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,85 Gb Free Space | 98,23% Space Free | Partition Type: FAT
Drive X: | 1397,26 Gb Total Space | 992,86 Gb Free Space | 71,06% Space Free | Partition Type: NTFS
Drive Z: | 148,08 Gb Total Space | 82,91 Gb Free Space | 55,99% Space Free | Partition Type: NTFS
Computer Name: ORGA-D-9 | User Name: kandeseb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.04.06 15:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\OTL.exe
PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.02.08 23:19:28 | 000,386,928 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009.12.22 18:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009.12.14 09:50:00 | 002,189,272 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Netop Remote Control\Host\NHSTW32.EXE
PRC - [2009.12.14 09:50:00 | 001,734,632 | ---- | M] (Netop Business Solutions A/S) -- C:\Program Files\Netop\Netop Remote Control\Host\NHOSTSVC.EXE
PRC - [2009.11.24 22:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009.11.21 00:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009.09.21 21:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.09.21 21:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009.08.07 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.08.01 02:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
========== Modules (SafeList) ==========
MOD - [2011.04.06 15:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\OTL.exe
MOD - [2010.11.20 14:21:36 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2010.11.20 14:21:36 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2010.11.20 14:18:26 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.11.05 03:58:01 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
MOD - [2010.11.05 03:58:00 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll
MOD - [2010.05.09 12:10:03 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009.11.24 22:48:20 | 000,062,832 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.03.31 14:59:39 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.06.23 13:51:31 | 001,539,656 | ---- | M] (G Data Software AG) [Disabled | Stopped] -- C:\Program Files\G DATA\AVKClient\AVKCl.exe -- (AntiVirusKit Client)
SRV - [2010.05.31 21:17:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.25 17:35:43 | 001,073,224 | ---- | M] (G Data Software AG) [Disabled | Stopped] -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010.04.22 13:59:34 | 000,339,016 | ---- | M] (G Data Software AG) [Disabled | Stopped] -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.15 11:23:59 | 001,279,816 | ---- | M] (G Data Software AG) [Disabled | Stopped] -- C:\Program Files\G DATA\AVKClient\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.08 23:19:28 | 000,386,928 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009.12.22 18:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009.12.14 09:50:00 | 001,734,632 | ---- | M] (Netop Business Solutions A/S) [Auto | Running] -- C:\Program Files\Netop\Netop Remote Control\Host\NHOSTSVC.EXE -- (NetOp Host for NT Service) NetOp Helper ver. 9.50 (2009348)
SRV - [2009.11.24 22:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009.11.21 00:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009.11.18 23:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009.09.21 21:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 21:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.08.07 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.08.01 02:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.16 00:33:40 | 001,803,512 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008.11.12 20:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.20 08:17:03 | 000,061,512 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2010.07.20 08:17:03 | 000,040,904 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2010.07.20 08:17:02 | 000,029,992 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2010.01.05 21:03:58 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009.12.14 09:50:00 | 000,103,120 | ---- | M] (Netop Business Solutions A/S) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NHOSTNT1.SYS -- (NHostNT1) NetOp Driver 1 ver. 9.50 (2009348)
DRV - [2009.12.14 09:50:00 | 000,016,760 | ---- | M] (Danware Data A/S) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dwvscd.sys -- (dwVSCD)
DRV - [2009.11.25 01:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.09.15 21:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.01 02:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.05 04:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 18:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009.07.01 05:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009.06.26 02:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.26 02:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.26 02:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.26 21:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.05.11 18:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008.06.04 20:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007.05.09 02:00:00 | 000,146,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0470Vid.sys -- (VF0470Vid) Live! Cam Notebook (VF0470)
DRV - [2006.07.11 23:19:52 | 000,016,896 | ---- | M] (Medical International Research.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mirusb.sys -- (MIRUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.orgamed-system.com/german/indexgerman.php
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "gmx.net"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.04 10:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.04 10:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010.12.20 16:51:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
[2010.06.02 11:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kandeseb\AppData\Roaming\mozilla\Extensions
[2011.03.30 07:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kandeseb\AppData\Roaming\mozilla\Firefox\Profiles\v3fnpp7p.default\extensions
[2011.03.17 12:04:44 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\kandeseb\AppData\Roaming\mozilla\Firefox\Profiles\v3fnpp7p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.04.04 16:53:36 | 000,001,056 | ---- | M] () -- C:\Users\kandeseb\AppData\Roaming\Mozilla\Firefox\Profiles\v3fnpp7p.default\searchplugins\icqplugin.xml
[2011.04.04 10:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.04.04 09:44:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.30 192.168.50.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = orgamed.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AVK Client - hkey= - key= - C:\Program Files\G DATA\AVKClient\AVKCl.exe (G Data Software AG)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WavXMgr - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
========== Files/Folders - Created Within 30 Days ==========
[2011.04.06 15:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.06 15:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.04.06 15:47:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\kandeseb\Desktop\Erunt-setup.exe
[2011.04.06 15:47:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\OTL.exe
[2011.04.06 15:47:17 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\TFC.exe
[2011.04.06 10:36:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.06 10:36:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.06 10:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.04 09:49:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.04 09:47:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.04 09:38:39 | 000,000,000 | ---D | C] -- C:\Users\kandeseb\AppData\Local\temp
[2011.04.04 09:28:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.04 09:28:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.04 09:28:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.04 09:28:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.04 09:19:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.01 17:12:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.04.01 17:12:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.01 17:12:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.04.01 17:09:32 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.04.01 15:33:36 | 000,000,000 | ---D | C] -- C:\SICHERUNG KANDESEB
[2011.04.01 14:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2011.04.01 14:36:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.04.01 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2011.03.31 13:50:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.03.31 13:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.03.31 13:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.03.31 13:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.03.31 13:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\ClearProg
[2011.03.31 12:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.03.30 12:08:21 | 000,000,000 | ---D | C] -- C:\Users\kandeseb\AppData\Roaming\Malwarebytes
[2011.03.30 12:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.30 11:57:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.03.30 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\kandeseb\AppData\Roaming\Spyware Terminator
[2011.03.30 10:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2011.03.30 10:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.03.17 12:04:56 | 000,000,000 | ---D | C] -- C:\Users\kandeseb\AppData\Roaming\GARMIN
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.01.29 17:18:00 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2010.01.29 17:18:00 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[3 C:\Users\kandeseb\Desktop\*.tmp files -> C:\Users\kandeseb\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.06 15:53:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.06 15:49:24 | 000,000,856 | ---- | M] () -- C:\Users\kandeseb\Desktop\NTREGOPT.lnk
[2011.04.06 15:49:24 | 000,000,837 | ---- | M] () -- C:\Users\kandeseb\Desktop\ERUNT.lnk
[2011.04.06 15:49:12 | 000,000,041 | ---- | M] () -- C:\Windows\Filzip.ini
[2011.04.06 15:47:24 | 000,301,568 | ---- | M] () -- C:\Users\kandeseb\Desktop\g2m3e4r.exe
[2011.04.06 15:47:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\kandeseb\Desktop\Erunt-setup.exe
[2011.04.06 15:47:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\OTL.exe
[2011.04.06 15:47:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\kandeseb\Desktop\TFC.exe
[2011.04.06 13:28:47 | 000,002,000 | -H-- | M] () -- C:\Users\kandeseb\Dateien_SKandert\Documents\Default.rdp
[2011.04.06 13:27:47 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 13:27:47 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.06 13:27:18 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.06 13:24:38 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.06 13:24:38 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.06 13:24:38 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.06 13:24:38 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.06 13:20:48 | 000,000,267 | ---- | M] () -- C:\Windows\Netop.INI
[2011.04.06 13:20:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.04.06 13:20:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.06 13:19:55 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.06 10:36:36 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 07:45:41 | 000,563,748 | ---- | M] () -- C:\Users\kandeseb\Desktop\CLR0000505 Rev E Part 2 of 2 - Monitoring Report April 2011.pdf
[2011.04.06 07:45:11 | 000,364,916 | ---- | M] () -- C:\Users\kandeseb\Desktop\CLR0000505 Rev E- PART 1 OF 2 MONITORING SOP April 2011.pdf
[2011.04.05 09:45:05 | 000,177,416 | ---- | M] () -- C:\Users\kandeseb\Dateien_SKandert\Documents\cc_20110405_094453.reg
[2011.04.05 09:26:40 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 09:44:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.04 08:35:07 | 000,000,051 | ---- | M] () -- C:\Windows\DATA.INI
[2011.04.01 19:18:56 | 000,003,926 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.04.01 17:42:47 | 003,772,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.30 11:58:35 | 000,000,120 | ---- | M] () -- C:\Users\kandeseb\AppData\Local\Tfeyuqotol.dat
[2011.03.30 11:10:23 | 000,745,873 | ---- | M] () -- C:\Users\kandeseb\Desktop\Bewerbungsunterlagen_EW_anonymisiert.pdf
[2011.03.23 12:32:26 | 000,000,001 | R--- | M] () -- C:\Users\kandeseb\serverport
[2011.03.20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Users\kandeseb\Desktop\gmer.exe
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\kandeseb\Desktop\Anleitung.html
[3 C:\Users\kandeseb\Desktop\*.tmp files -> C:\Users\kandeseb\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.06 15:49:24 | 000,000,856 | ---- | C] () -- C:\Users\kandeseb\Desktop\NTREGOPT.lnk
[2011.04.06 15:49:24 | 000,000,837 | ---- | C] () -- C:\Users\kandeseb\Desktop\ERUNT.lnk
[2011.04.06 15:47:17 | 000,301,568 | ---- | C] () -- C:\Users\kandeseb\Desktop\g2m3e4r.exe
[2011.04.06 13:27:55 | 000,002,000 | -H-- | C] () -- C:\Users\kandeseb\Dateien_SKandert\Documents\Default.rdp
[2011.04.06 13:20:14 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.04.06 10:36:36 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.06 07:45:40 | 000,563,748 | ---- | C] () -- C:\Users\kandeseb\Desktop\CLR0000505 Rev E Part 2 of 2 - Monitoring Report April 2011.pdf
[2011.04.06 07:45:09 | 000,364,916 | ---- | C] () -- C:\Users\kandeseb\Desktop\CLR0000505 Rev E- PART 1 OF 2 MONITORING SOP April 2011.pdf
[2011.04.05 09:54:36 | 000,301,568 | ---- | C] () -- C:\Users\kandeseb\Desktop\gmer.exe
[2011.04.05 09:44:56 | 000,177,416 | ---- | C] () -- C:\Users\kandeseb\Dateien_SKandert\Documents\cc_20110405_094453.reg
[2011.04.05 09:26:40 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 09:28:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.04 09:28:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.04 09:28:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.04 09:28:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.04 09:28:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.01 17:10:18 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.04.01 17:09:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.01 17:09:16 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.04.01 17:09:08 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011.03.30 11:10:22 | 000,745,873 | ---- | C] () -- C:\Users\kandeseb\Desktop\Bewerbungsunterlagen_EW_anonymisiert.pdf
[2011.03.29 12:39:41 | 000,000,120 | ---- | C] () -- C:\Users\kandeseb\AppData\Local\Tfeyuqotol.dat
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\kandeseb\Desktop\Anleitung.html
[2011.03.07 15:47:06 | 000,004,096 | -H-- | C] () -- C:\Users\kandeseb\AppData\Local\keyfile3.drm
[2011.02.21 12:37:15 | 000,000,062 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2010.11.19 11:06:58 | 000,003,184 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2010.11.18 11:05:38 | 000,012,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010.11.18 11:05:26 | 000,415,408 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.11.18 11:05:26 | 000,018,032 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.11.05 15:50:03 | 000,000,600 | ---- | C] () -- C:\Users\kandeseb\AppData\Roaming\winscp.rnd
[2010.10.05 13:05:28 | 000,003,584 | ---- | C] () -- C:\Users\kandeseb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 16:01:34 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.07.08 15:04:48 | 000,000,741 | ---- | C] () -- C:\Windows\dcdruck.dat
[2010.07.08 14:59:00 | 000,162,304 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010.07.08 14:59:00 | 000,006,855 | ---- | C] () -- C:\Windows\UNWISE.INI
[2010.07.08 14:59:00 | 000,000,254 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.08 14:58:47 | 000,000,051 | ---- | C] () -- C:\Windows\DATA.INI
[2010.06.28 11:48:57 | 000,144,040 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.06.02 11:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.02 10:55:34 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.01 19:38:57 | 000,000,000 | ---- | C] () -- C:\Users\kandeseb\AppData\Local\WavXMapDrive.bat
[2010.06.01 19:37:35 | 000,003,926 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.31 21:27:05 | 000,000,267 | ---- | C] () -- C:\Windows\Netop.INI
[2010.05.31 21:15:45 | 000,000,041 | ---- | C] () -- C:\Windows\Filzip.ini
[2010.05.31 20:43:35 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.05.09 14:57:21 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.05.09 12:10:23 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010.05.09 12:08:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.12.22 18:03:22 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll
[2009.11.19 22:47:10 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009.11.18 22:21:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2009.11.18 22:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2009.11.18 22:21:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2009.11.18 22:21:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2009.11.18 22:21:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2009.11.18 22:20:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2009.11.18 22:20:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2009.11.18 22:20:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2009.11.18 22:20:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2009.11.18 22:20:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2009.11.18 22:20:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2009.11.18 22:20:48 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2009.11.18 22:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2009.11.18 22:20:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2009.11.18 22:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2009.11.18 22:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2009.11.18 22:20:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2009.11.18 22:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2009.11.18 22:20:40 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2009.11.18 22:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2009.11.18 22:20:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2009.11.18 22:20:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2009.11.18 22:20:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2009.11.18 22:20:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2009.11.18 22:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2009.11.18 22:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2009.11.18 22:20:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2009.11.18 22:20:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2009.11.18 22:20:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009.11.13 15:17:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2009.11.06 22:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009.08.26 23:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009.07.14 10:47:43 | 000,647,376 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,127,404 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,772,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,610,094 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,104,412 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.03.25 16:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006.06.30 19:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006.06.30 19:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
========== LOP Check ==========
[2010.08.30 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Blackberry Desktop
[2010.06.01 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Broadcom
[2010.11.19 11:17:20 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\dBpoweramp
[2011.03.17 12:04:58 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\GARMIN
[2010.06.21 12:43:45 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Gelbe Liste Pharmindex
[2011.01.24 13:10:46 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\gtk-2.0
[2010.06.08 14:51:14 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\ICQ
[2010.08.30 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Research In Motion
[2010.10.05 12:22:50 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Software4u
[2011.03.31 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Spyware Terminator
[2010.08.23 12:42:13 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.06.22 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\TeamViewer
[2010.06.01 19:39:17 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\Wave Systems Corp
[2010.11.09 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\kandeseb\AppData\Roaming\WindSolutions
[2010.11.24 10:31:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.04.04 09:47:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.08.09 08:21:37 | 000,000,000 | ---D | M] -- C:\Binaries
[2011.04.01 17:42:08 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.05.31 20:24:51 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.31 20:01:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.09 14:57:20 | 000,000,000 | ---D | M] -- C:\Drivers
[2010.07.08 15:04:27 | 000,000,000 | ---D | M] -- C:\gdt
[2010.05.09 12:11:44 | 000,000,000 | ---D | M] -- C:\Intel
[2010.11.08 11:38:52 | 000,000,000 | ---D | M] -- C:\Live! Cam
[2010.08.09 08:21:29 | 000,000,000 | ---D | M] -- C:\MIR
[2010.05.31 22:02:45 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.06 15:49:23 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.04.01 19:18:56 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.31 20:01:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.04 09:49:08 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.04.01 15:33:50 | 000,000,000 | ---D | M] -- C:\SICHERUNG KANDESEB
[2011.04.05 08:39:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.01 14:17:08 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.06 10:35:18 | 000,000,000 | ---D | M] -- C:\Windows
[2010.07.08 15:00:28 | 000,000,000 | ---D | M] -- C:\zimmer
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2010.05.09 14:59:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2010.05.09 14:59:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2010.05.09 14:59:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010.05.09 14:59:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010.05.09 14:59:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010.05.09 14:59:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.05.09 14:59:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.05.09 14:59:40 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-01 15:24:14
< End of report >
Extras-Log: Code:
OTL Extras logfile created on: 06.04.2011 15:51:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\kandeseb\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 145,47 Gb Free Space | 66,67% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,85 Gb Free Space | 98,23% Space Free | Partition Type: FAT
Drive X: | 1397,26 Gb Total Space | 992,86 Gb Free Space | 71,06% Space Free | Partition Type: NTFS
Drive Z: | 148,08 Gb Total Space | 82,91 Gb Free Space | 55,99% Space Free | Partition Type: NTFS
Computer Name: ORGA-D-9 | User Name: kandeseb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000044-E86C-11DE-9950-0417A1A01290}" = Netop Remote Control Host
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{083CE5FA-E750-4594-B8D1-13994B297A02}" = Wave Infrastructure Installer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}" = Dell ControlPoint Connection Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39A6407B-DD99-410D-8EA2-280788F8423B}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4207E8FD-D844-47A3-A1AA-54DAD50A429A}" = TEC-IT TBarCode 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DEF2722-7EB8-4C5F-8F0A-0295A310002A}" = Dell ControlPoint System Manager
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7F07767B-0141-49E4-A850-5EAB7D08C2FA}" = G Data AntiVirus Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B45608A-DC45-4F3B-921F-61CDA22C9A83}" = Intel(R) PROSet/Wireless WiFi-Software
"{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}" = DCP32MMWrapper
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98AAE759-09CD-4428-BE93-1AFA79D9F7CA}" = Intel(R) PROSet/Wireless WiFi-Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}" = SO32MMWrapper
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFA31119-A4D8-47D7-ACDA-4CA0673F3EAC}" = winspiroPRO
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EA50F6E4-8542-4B2B-B344-D080D5DA0EB1}" = BlackBerry Device Software Updater
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_{5630F663-28CC-4D4E-8541-BD9B0C0D36E7}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative VF0470" = Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00)
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"Databuch" = Databuch
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Gelbe Liste Pharmindex" = MMI PHARMINDEX
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
"PraxisOrganizer" = PraxisOrganizer
"ProInst" = Intel PROSet Wireless
"TVWiz" = Intel(R) TV Wizard
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"GoToMeeting" = GoToMeeting 4.5.0.457
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2011 06:08:03 | Computer Name = orga-d-9.orgamed.com | Source = AVKWCtl | ID = 0
Description = AVKScanP loaded but not used because no virus database is installed
(IsEngineInstalled: no, IsVirusDatabaseInstalled: no, selected Engines: 0)
Error - 04.04.2011 06:08:03 | Computer Name = orga-d-9.orgamed.com | Source = AVKWCtl | ID = 0
Description = No AV Engine installed
Error - 04.04.2011 06:08:03 | Computer Name = orga-d-9.orgamed.com | Source = AVKWCtl | ID = 0
Description = Thread konnte nicht gestartet werden
Error - 04.04.2011 07:17:34 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 04.04.2011 07:20:04 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 05.04.2011 03:21:34 | Computer Name = orga-d-9.orgamed.com | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Filzip.exe, Version: 3.0.6.93, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: Filzip.exe, Version: 3.0.6.93, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00130565 ID des fehlerhaften Prozesses:
0x2b0 Startzeit der fehlerhaften Anwendung: 0x01cbf36215454e7c Pfad der fehlerhaften
Anwendung: C:\PROGRA~1\Filzip\Filzip.exe Pfad des fehlerhaften Moduls: C:\PROGRA~1\Filzip\Filzip.exe
Berichtskennung:
55810310-5f55-11e0-9fab-a4badbc11621
Error - 05.04.2011 04:30:33 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 05.04.2011 04:31:56 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 06.04.2011 08:01:53 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 06.04.2011 08:05:05 | Computer Name = orga-d-9.orgamed.com | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
in Zeile 2. Ungültige XML-Syntax.
[ OSession Events ]
Error - 06.12.2010 11:27:35 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29781
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.01.2011 06:36:59 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14695
seconds with 180 seconds of active time. This session ended with a crash.
Error - 14.01.2011 10:15:15 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27106
seconds with 600 seconds of active time. This session ended with a crash.
Error - 20.01.2011 11:50:03 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25854
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 31.01.2011 12:18:45 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35171
seconds with 360 seconds of active time. This session ended with a crash.
Error - 01.02.2011 11:51:42 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31792
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.02.2011 10:46:09 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23617
seconds with 120 seconds of active time. This session ended with a crash.
Error - 16.02.2011 10:50:41 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28441
seconds with 60 seconds of active time. This session ended with a crash.
Error - 11.03.2011 05:35:41 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1283
seconds with 0 seconds of active time. This session ended with a crash.
Error - 28.03.2011 10:33:32 | Computer Name = orga-d-9.orgamed.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25442
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 06.04.2011 09:52:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:53:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:53:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:53:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:54:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:54:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:54:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:55:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:55:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
Error - 06.04.2011 09:55:58 | Computer Name = orga-d-9.orgamed.com | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1297
< End of report >
Gmer-Log: Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-06 16:13:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD25 rev.11.0
Running: g2m3e4r.exe; Driver: C:\Users\kandeseb\AppData\Local\Temp\pwddapow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E8D339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\yupcrkd.sys Das System kann den angegebenen Pfad nicht finden. !
.rsrc C:\Windows\system32\DRIVERS\vdrvroot.sys entry point in ".rsrc" section [0x8CF1C014]
---- User code sections - GMER 1.0.15 ----
.text C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE[5212] kernel32.dll!SetUnhandledExceptionFilter 75993D01 5 Bytes JMP 5C2854C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE[5212] ole32.dll!OleLoadFromStream 75206143 5 Bytes JMP 5CD3D62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 87008AF1
Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 87008AF1
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000007d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD2500BJKT-75F4T0___________________11.01A11#4&1749a998&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Files - GMER 1.0.15 ----
File C:\Windows\system32\DRIVERS\vdrvroot.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Malwarebytes-Log: Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6283
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
06.04.2011 13:19:24
mbam-log-2011-04-06 (13-19-24).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 355863
Laufzeit: 24 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\$RECYCLE.BIN\s-1-5-21-3703587747-3903820382-440551155-1184\$RST9A7Q\malwarebytes.anti.malware.v1.50.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-3703587747-3903820382-440551155-1184\$RST9A7Q\malwarebytes.anti.malware.v1.50.multilingual.incl.keymaker-core\keygen.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
Vielen Dank vorab & Gruß!
Sibbi |
