| |
| |||||||
Log-Analyse und Auswertung: Win64/Sirefef.M eingefangen vermutlich System bereits befallenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.08.2012, 10:25
| #1 |
 |  Win64/Sirefef.M eingefangen vermutlich System bereits befallen Hallo, ich habe mir den Trojaner Win64/Sirefef.M eingefangen. Leider habe ich diesen schon gelöscht. Nun vermute ich, dass er das System bereits infiziert hat. Ich habe folgende Feststellung gemacht: Ein gekauftes und registriertes Programm von Magix lies sich nicht öffnen. Daraufhin habe ich nach langer Korrespontenz mit dem Support folgende Information erhalten: _______________________________________________________ Mail vom Support Magix vom 21.08.12 Folgende Einträge in den Windows Fehlerprotokollen sollten beachtet werden: [2012-08-08 15:17:14 WARNING] Source = Microsoft Antimalware EventCode = 0x045C [1116] Message: > Von Microsoft-Antischadsoftware wurde Schadsoftware oder andere potenziell > unerwünschte Software entdeckt. Weitere Informationen finden Sie > hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.M&threatid=2147653230 > Name: Trojan:Win64/Sirefef.M ID: 2147653230 Schweregrad: Schwerwiegend > Kategorie: Trojaner Pfad: file:_C:\Users\xxxx\AppData\Local\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\n > Ursprung der Erkennung: Lokaler Computer Typ der Erkennung: Konkret > Quelle der Erkennung: Echtzeitschutz Benutzer: xxxx-PC\xxxx > Prozessname: C:\Users\xxxx\AppData\Local\Temp\5977849.exe Signaturversion: > AV: 1.131.1547.0, AS: 1.131.1547.0, NIS: 11.159.0.0 Modulversion: > AM: 1.1.8601.0, NIS: 2.0.8001.0 [2012-07-26 07:16:53 ERROR] Source = Microsoft Antimalware EventCode = 0x03ED [1005] Message: > Der Scan vom Typ "Microsoft-Antischadsoftware"wurde nach einem Fehler > abgebrochen. Scan-ID: {A9203740-982B-4C62-9188-CFF82359A0B6} > Scantyp: Antimalware Scanparameter: Benutzerdefinierter Scan > Benutzer: xxxx-PC\xxxx Fehlercode: 0x80508023 Fehlerbeschreibung: > Auf dem Computer wurde keine Schadsoftware oder andere potenziell > unerwünschte Software gefunden. [2012-07-21 16:01:07 WARNING] Source = Microsoft-Windows-DNS-Client EventCode = 0x03F6 [1014] Message: > Zeitüberschreitung bei der Namensauflösung für den Namen www.mogware.com, > nachdem keiner der konfigurierten DNS-Server geantwortet hat. [2012-07-21 12:12:53 ERROR] Source = Microsoft Antimalware EventCode = 0x07D1 [2001] Message: > Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware > ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: > 1.131.307.0 Aktualisierungsquelle: Microsoft Update Server > Aktualisierungsphase: Suchen Quellpfad: hxxp://www.microsoft.com > Signaturtyp: AntiVirus Aktualisierungstyp: Vollständig Benutzer: > NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: > 1.1.8601.0 Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes > Problem bei der Überprüfung auf Updates. Informationen zum Installieren > von Updates oder zur Problembehandlung finden Sie unter "Hilfe und > Support". [2012-07-20 07:54:23 ERROR] Source = Ntfs EventCode = 0x0037 [55] Facility = Source is COM/OLE Interface management (System) Message: > Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. > Führen Sie auf dem Volume "F:" den Befehl "chkdsk" aus. Fall Sie noch wissen, welches Laufwerk am 20.07.2012 als laufwerk F an das System angeschlossen war, so sollten die Daten von diesem Laufwerk und danach dieses Laufwerk neu Formatiert werden. Es kann sein, dass dieses Defekt ist. -- Mit freundlichen Grüßen xxxxxxxxxxx ______________________________________________________________ Inzwischen hatte ich auch andere Testprogramme von Magix ausprobiert. Bei allen tritt der gleiche Fehler auf. Ich vermute, dass weitere Schäden am System nicht ausgeschlossen sind. Ich wäre Ihnen sehr dankbar, wenn Sie mir bei diesem problem helfen könnten. Mit freundlichen Grüßen Klaus Gerstner -------------------------------------------------------------------------- Anlage1: OTL logfile created on: 23.08.2012 09:58:22 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\xxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,07% Memory free 15,82 Gb Paging File | 13,95 Gb Available in Paging File | 88,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 647,54 Gb Total Space | 481,36 Gb Free Space | 74,34% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 27,77 Gb Free Space | 55,54% Space Free | Partition Type: NTFS Computer Name: xxxx-PC | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.23 09:56:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Klaus\Downloads\OTL.exe PRC - [2012.07.31 21:52:12 | 008,094,712 | ---- | M] (Astonsoft Ltd) -- C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe PRC - [2012.07.14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe PRC - [2012.02.18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee\SITEAD~1\saui.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.08.13 03:30:28 | 000,818,176 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2011.07.13 23:56:16 | 003,426,312 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.02.11 22:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.02.11 22:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010.11.06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.13 03:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009.12.19 01:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.07.14 02:14:07 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.25 15:07:34 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV:64bit: - [2011.12.08 20:28:04 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011.05.03 00:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.05.03 00:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.05.03 00:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.02.17 06:08:56 | 001,133,568 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.02.09 14:49:18 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.08.17 07:23:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.21 09:49:38 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.06.18 13:15:32 | 000,008,704 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012.01.13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.12.08 20:33:34 | 002,028,864 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.08 20:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.02.11 22:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.02.11 22:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.02.11 22:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.11.06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.07 03:46:42 | 000,159,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.19 01:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.05.26 09:24:16 | 001,590,912 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.05.02 00:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.03.25 18:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.17 00:45:48 | 000,261,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.02.17 00:45:48 | 000,261,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.24 12:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64) DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64) DRV:64bit: - [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010.05.22 13:24:00 | 000,027,168 | ---- | M] (MAGIX) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disksec.sys -- (DiskSec) DRV:64bit: - [2010.04.22 10:06:00 | 000,069,152 | ---- | M] (MAGIX) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\virtualdisk_u.sys -- (VirtualDisk_U) DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2010.10.07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.12 00:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb50?u=1036328882245533695 IE - HKLM\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKLM\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&u=1036328882245533695 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06540915-6D3C-439B-9EB8-783ACF715083}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=934 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111789&tt=010812_nich_3112_3&babsrc=SP_ss&mntrId=204c3cc0000000000000b803051e7ee1 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box&u=1036328882245533695 IE - HKCU\..\SearchScopes\{DFB573C5-DFBC-4A1A-B150-65CA51336917}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bing.com/?cc=de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.04 07:01:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.08.07 15:42:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.09 12:57:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.03 08:16:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.03 08:16:05 | 000,000,000 | ---D | M] [2012.07.18 12:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klaus\AppData\Roaming\mozilla\Extensions [2012.08.05 16:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\1c32bbm5.default\extensions [2012.07.19 15:22:15 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Klaus\AppData\Roaming\mozilla\Firefox\Profiles\1c32bbm5.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012.08.10 10:08:07 | 000,001,849 | ---- | M] () -- C:\Users\Klaus\AppData\Roaming\Mozilla\Firefox\Profiles\1c32bbm5.default\searchplugins\idealode.xml [2012.07.18 12:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.09 12:57:57 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.08.07 15:42:27 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX [2012.08.04 07:01:33 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.05 16:19:33 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.06 09:35:08 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O4 - HKCU..\Run: [EssentialPIM] C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe (Astonsoft Ltd) O4 - Startup: C:\Users\Klaus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (Reg Error: Key error.) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (Reg Error: Key error.) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EDAB288-B902-4BB2-A8AB-C79C5A154837}: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3CA05E5-FE31-49F1-992E-81A6580C20A7}: DhcpNameServer = 217.68.161.141 217.68.161.171 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\isoviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerrecover.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tvdtray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\isoviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdvdlaunchpolicy.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerrecover.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tvdtray.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{44409c75-dd51-11e1-b3e9-b803051e7ee4}\Shell - "" = AutoRun O33 - MountPoints2\{44409c75-dd51-11e1-b3e9-b803051e7ee4}\Shell\AutoRun\command - "" = F:\ting.exe O33 - MountPoints2\{91749f0d-dd54-11e1-b34a-b803051e7ee4}\Shell - "" = AutoRun O33 - MountPoints2\{91749f0d-dd54-11e1-b34a-b803051e7ee4}\Shell\AutoRun\command - "" = F:\ting.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.22 18:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle [2012.08.22 12:15:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.21 21:55:26 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Malwarebytes [2012.08.21 21:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.21 21:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.21 21:53:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.21 21:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.14 12:40:27 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Dropbox [2012.08.14 12:37:25 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.08.14 12:37:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Dropbox [2012.08.13 08:40:51 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.13 08:25:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\NewBlueFX [2012.08.13 08:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartSound [2012.08.13 08:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software [2012.08.13 08:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc [2012.08.13 08:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.08.13 08:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.08.13 07:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012.08.11 17:25:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\PACE Anti-Piracy [2012.08.11 17:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy [2012.08.11 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Adobe [2012.08.11 17:25:19 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\PDAppFlex [2012.08.11 17:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.08.11 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2012.08.11 17:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.08.11 17:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2012.08.11 16:37:48 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.08.11 16:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.08.11 16:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012.08.11 16:19:04 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\MAGIX [2012.08.11 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\MAGIX [2012.08.11 16:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared [2012.08.11 16:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.08.11 16:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2012.08.11 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.08.11 16:14:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2012.08.11 15:55:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\MAGIX Downloads [2012.08.11 15:55:03 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\MAGIX [2012.08.11 09:00:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.08.11 09:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012.08.09 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\AVS4YOU [2012.08.09 15:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.08.09 15:06:01 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\AVS4YOU [2012.08.09 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.08.09 15:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.08.09 15:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.08.09 15:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2012.08.09 14:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.08.09 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.08.09 13:12:31 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\AVG [2012.08.09 12:59:43 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\AVG2012 [2012.08.09 12:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.08.09 12:58:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012.08.09 12:57:51 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.08.09 12:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.08.09 12:57:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012.08.09 12:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.08.09 12:55:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.09 12:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.08.09 10:13:05 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\{62CB3CD7-FC1C-4499-A453-1A5CCC2F3F51} [2012.08.07 17:30:55 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Priotecs [2012.08.07 17:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TBBackup [2012.08.07 15:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012.08.07 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\Freemake [2012.08.07 15:42:28 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012.08.07 15:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012.08.07 15:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.08.07 15:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2012.08.07 14:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopTray [2012.08.07 14:53:31 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Nvu [2012.08.07 12:57:58 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\AquaSoft [2012.08.07 12:57:36 | 000,530,488 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.08.07 12:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AquaSoft [2012.08.07 12:54:47 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Local\PackageAware [2012.08.06 14:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.06 14:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.06 14:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB [2012.08.06 14:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB [2012.08.06 11:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic [2012.08.06 11:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Biet-O-Matic [2012.08.06 08:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks [2012.08.06 08:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks [2012.08.05 16:34:52 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Local\{4D52C004-0FD4-4016-A229-004E44F48A2E} [2012.08.05 16:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.08.05 16:19:27 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\Babylon [2012.08.05 11:35:40 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Roaming\MOVAVI [2012.08.05 11:18:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.05 11:15:56 | 000,000,000 | ---D | C] -- C:\Users\Klaus\Documents\Eigene Fotoalben [2012.08.05 10:54:40 | 000,000,000 | ---D | C] -- C:\Users\Klaus\Documents\Wondershare DVD Slideshow Builder Deluxe [2012.08.05 10:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2012.08.04 12:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mresreg [2012.08.02 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\Klaus\Documents\InstantCDDVD [2012.08.02 11:19:40 | 000,000,000 | ---D | C] -- C:\Users\Klaus\Documents\Pinnacle Studio [2012.08.02 11:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle [2012.08.02 11:07:14 | 000,000,000 | ---D | C] -- C:\Users\Klaus\AppData\Local\Pinnacle [2012.08.02 11:06:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects [2012.08.02 10:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio14Trial [2012.08.02 09:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012.08.02 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InterVideo [2012.08.02 09:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.02 09:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems [2012.08.01 11:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012.08.01 11:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012.08.01 10:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\pc-bib [2012.08.01 08:38:54 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Pictures [2012.07.31 11:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.07.31 08:01:07 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\dvdcss [2012.07.30 15:07:17 | 000,000,000 | R--D | C] -- C:\Users\xxxx\Eigene Bilder-Videos [2012.07.30 10:50:05 | 000,069,152 | ---- | C] (MAGIX) -- C:\Windows\SysNative\drivers\virtualdisk_u.sys [2012.07.30 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\OpenCandy [2012.07.29 09:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.07.29 09:43:28 | 000,663,552 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll [2012.07.28 14:41:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxxAppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia Mouse Driver [2012.07.28 14:32:38 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Apps [2012.07.27 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Nitro PDF [2012.07.27 17:06:00 | 000,029,712 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll [2012.07.27 17:06:00 | 000,017,936 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll [2012.07.27 17:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF [2012.07.27 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF [2012.07.27 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF [2012.07.27 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro PDF [2012.07.27 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Downloaded Installations [2012.07.27 16:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail [2012.07.27 16:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail [2012.07.27 16:29:10 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\IM [2012.07.27 15:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.07.27 15:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail [2012.07.27 10:24:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\MediaServer [2012.07.27 09:41:28 | 000,027,168 | ---- | C] (MAGIX) -- C:\Windows\SysNative\drivers\disksec.sys [2012.07.27 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\xxxx\Documents\OnDemandDump [2012.07.26 16:27:30 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\mresreg [2012.07.26 11:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Mouse Driver [2012.07.26 07:46:45 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\MozBackup [2012.07.26 07:23:17 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.07.26 07:23:16 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2012.07.26 07:23:16 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2012.07.26 07:23:16 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.07.26 07:23:16 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.07.26 07:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2012.07.26 07:23:13 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software [2012.07.26 07:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011 [2012.07.26 07:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.07.24 14:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant [2012.07.24 14:17:40 | 000,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Conexant [2012.07.24 14:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\IM [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\xxxx\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\xxxx\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\xxxx\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\xxxx\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2012.08.23 09:58:35 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 09:58:35 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.23 09:51:54 | 005,116,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.23 09:49:04 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2012.08.23 09:48:53 | 2077,589,503 | -HS- | M] () -- C:\hiberfil.sys [2012.08.23 09:46:21 | 000,000,020 | ---- | M] () -- C:\Users\xxxx\defogger_reenable [2012.08.23 09:14:56 | 104,692,562 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.08.23 06:42:11 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.23 06:42:11 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.23 06:42:11 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.23 06:42:11 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.23 06:42:11 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.22 07:26:47 | 000,007,942 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20120822_072643.reg [2012.08.21 21:53:29 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.21 08:20:22 | 000,126,647 | ---- | M] () -- C:\Users\xxxx\Documents\Groupon 2.pdf [2012.08.21 08:18:58 | 000,126,799 | ---- | M] () -- C:\Users\xxxx\Documents\Groupon 1.pdf [2012.08.20 18:28:39 | 000,057,615 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.08.20 14:28:42 | 000,001,469 | ---- | M] () -- C:\Users\xxxx\AppData\Local\RecConfig.xml [2012.08.19 14:13:52 | 000,084,315 | ---- | M] () -- C:\Users\xxxx\Documents\AG10597.pdf [2012.08.18 07:06:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.14 15:47:12 | 000,000,000 | ---- | M] () -- C:\Windows\homeDVD-Fotos5_5_dlx.INI [2012.08.14 14:00:24 | 086,387,382 | ---- | M] () -- C:\Users\xxxx\Documents\Unbenannt.f4v [2012.08.14 12:40:27 | 000,001,051 | ---- | M] () -- C:\Users\xxxx\Desktop\Dropbox.lnk [2012.08.14 09:49:30 | 116,758,673 | ---- | M] () -- C:\Users\xxxx\Documents\Galapagos ztest.f4v [2012.08.13 09:48:04 | 025,921,549 | ---- | M] () -- C:\Users\xxxx\Documents\test.f4v [2012.08.13 08:05:09 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 10.lnk [2012.08.13 06:56:23 | 000,000,956 | ---- | M] () -- C:\Users\xxxx\Desktop\Termine.lnk [2012.08.12 18:47:46 | 000,537,120 | ---- | M] () -- C:\Users\xxxx\Documents\test.vep [2012.08.11 16:18:11 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Fotos auf DVD MX Deluxe Sonderedition.lnk [2012.08.11 08:35:46 | 000,008,218 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20120811_083542.reg [2012.08.10 17:28:13 | 000,000,002 | ---- | M] () -- C:\Users\xxxx\Desktop\installation ProgramDataMAGIXMAGIX Fotos auf CD & DVD Deluxe 10_05.ini [2012.08.10 17:28:05 | 000,000,002 | ---- | M] () -- C:\Users\xxxx\Desktop\installation ProgramDataMAGIXMAGIX Fotos auf DVD MX Deluxe 11_00.ini [2012.08.10 16:49:06 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SyncBack Starmoney.job [2012.08.10 08:34:39 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.08.09 15:05:26 | 000,001,210 | ---- | M] () -- C:\Users\xxxx\Desktop\AVS Video Editor.lnk [2012.08.09 14:50:12 | 000,000,000 | ---- | M] () -- C:\Users\xxxx\Documents\AVSVideoEditor.exe [2012.08.09 14:46:01 | 000,001,288 | ---- | M] () -- C:\Users\xxxx\Desktop\Extrahieren.lnk [2012.08.09 12:58:28 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.08.09 12:58:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.08.09 12:58:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.08.09 09:48:26 | 000,007,563 | ---- | M] () -- C:\Users\xxxx\Documents\test.csv [2012.08.09 09:21:25 | 000,000,228 | ---- | M] () -- C:\Users\xxxx\Desktop\installation Fotos auf DVD MX Deluxe SE.ini [2012.08.08 10:23:10 | 007,241,906 | ---- | M] () -- C:\Users\xxxx\Documents\Galapagos aqua soft.ads [2012.08.07 16:34:06 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.07 16:28:02 | 000,011,042 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20120807_162757.reg [2012.08.07 15:57:49 | 000,003,584 | ---- | M] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.07 15:42:28 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2012.08.07 12:57:37 | 000,530,488 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2012.08.07 07:58:12 | 000,001,078 | ---- | M] () -- C:\Users\xxxx\Desktop\Programme.lnk [2012.08.06 19:22:08 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\SyncBack Kontakte.job [2012.08.06 19:22:08 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\SyncBack Termine.job [2012.08.06 15:10:10 | 033,471,466 | ---- | M] () -- C:\Users\xxxx\Documents\Thunderbird 14.0 (de) - 2012-08-06.pcv [2012.08.06 15:09:40 | 004,687,681 | ---- | M] () -- C:\Users\xxxx\Documents\Firefox 14.0.1 (de) - 2012-08-06.pcv [2012.08.06 14:49:04 | 000,089,286 | ---- | M] () -- C:\Users\xxxx\Documents\cc_20120806_144858.reg [2012.08.06 14:28:09 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2012.08.06 11:39:22 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk [2012.08.06 09:04:07 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\SyncBack Keepass.job [2012.08.06 08:24:12 | 000,001,182 | ---- | M] () -- C:\Users\Kxxxx\Desktop\SyncBack.lnk [2012.08.05 11:35:36 | 000,005,003 | ---- | M] () -- C:\ProgramData\cgatmfqq.mbd [2012.08.04 08:32:41 | 000,661,927 | ---- | M] () -- C:\Users\xxxx\Documents\Syscheck Klaus Gerstner 2012-08-04 08-32.syc [2012.08.03 08:16:09 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2012.08.03 08:16:09 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for [2012.08.02 18:35:31 | 000,000,228 | ---- | M] () -- C:\Users\xxxx\Desktop\installation Fotos auf CD DVD 10 Deluxe SE DLV.ini [2012.08.02 10:06:47 | 000,000,196 | ---- | M] () -- C:\Windows\ulead32.ini [2012.08.02 09:33:43 | 002,284,116 | ---- | M] () -- C:\Users\xxxx\Documents\Tierfotografie.pdf [2012.08.01 16:43:40 | 000,098,816 | ---- | M] () -- C:\Users\xxxx\Documents\Logfile.odt [2012.08.01 10:49:30 | 000,001,341 | ---- | M] () -- C:\Users\xxxx\Desktop\Fremdwörter.lnk [2012.08.01 08:03:29 | 000,000,894 | ---- | M] () -- C:\Users\xxxx\Desktop\KeePass.lnk [2012.07.31 15:29:39 | 000,000,124 | ---- | M] () -- C:\Users\xxxx\Documents\Database.kdb [2012.07.31 07:10:50 | 000,001,550 | ---- | M] () -- C:\Users\xxxx\Desktop\Gas.lnk [2012.07.31 07:10:12 | 000,001,524 | ---- | M] () -- C:\Users\xxxx\Desktop\Wasser.lnk [2012.07.31 07:06:12 | 000,001,570 | ---- | M] () -- C:\Users\xxxx\Desktop\Strom.lnk [2012.07.30 16:26:16 | 005,773,970 | ---- | M] () -- C:\Users\xxxx\Documents\Firefox 14.0.1 (de) - 2012-07-30.pcv [2012.07.30 16:25:21 | 012,776,120 | ---- | M] () -- C:\Users\xxxx\Documents\Thunderbird 14.0 (de) - 2012-07-30.pcv [2012.07.30 15:11:55 | 000,001,097 | ---- | M] () -- C:\Users\xxxx\Desktop\Eigene Bilder-Videos.lnk [2012.07.30 10:30:29 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.07.28 06:52:07 | 000,015,131 | ---- | M] () -- C:\Users\xxxx\Documents\Re [Ticket# 2012072710001734] MAGIX Support - 198843,reg,sales,de.eml [2012.07.27 17:05:58 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk [2012.07.27 16:22:48 | 000,025,414 | ---- | M] () -- C:\Users\xxxx\Documents\Unbenannt 1.odt [2012.07.26 07:23:16 | 000,002,198 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk ========== Files Created - No Company Name ========== [2012.08.23 09:48:56 | 005,116,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.23 09:46:21 | 000,000,020 | ---- | C] () -- C:\Users\xxxx\defogger_reenable [2012.08.23 09:14:56 | 104,692,562 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.08.22 07:26:46 | 000,007,942 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20120822_072643.reg [2012.08.21 21:53:29 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.21 08:20:22 | 000,126,647 | ---- | C] () -- C:\Users\xxxx\Documents\Groupon 2.pdf [2012.08.21 08:18:58 | 000,126,799 | ---- | C] () -- C:\Users\xxxx\Documents\Groupon 1.pdf [2012.08.20 18:28:39 | 000,057,615 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.08.19 14:13:51 | 000,084,315 | ---- | C] () -- C:\Users\xxxx\Documents\AG10597.pdf [2012.08.14 15:47:12 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos5_5_dlx.INI [2012.08.14 13:57:14 | 086,387,382 | ---- | C] () -- C:\Users\xxxx\Documents\Unbenannt.f4v [2012.08.14 12:40:27 | 000,001,051 | ---- | C] () -- C:\Users\xxxx\Desktop\Dropbox.lnk [2012.08.14 09:46:37 | 116,758,673 | ---- | C] () -- C:\Users\xxxx\Documents\Galapagos ztest.f4v [2012.08.13 09:47:28 | 025,921,549 | ---- | C] () -- C:\Users\xxxx\Documents\test.f4v [2012.08.13 08:09:57 | 000,001,010 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.08.13 08:05:09 | 000,002,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 10.lnk [2012.08.13 08:05:09 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 10.lnk [2012.08.13 07:50:53 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.08.13 06:56:23 | 000,000,956 | ---- | C] () -- C:\Users\xxxx\Desktop\Termine.lnk [2012.08.11 16:18:11 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Fotos auf DVD MX Deluxe Sonderedition.lnk [2012.08.11 08:35:45 | 000,008,218 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20120811_083542.reg [2012.08.10 18:04:44 | 000,000,002 | ---- | C] () -- C:\Users\xxxx\Desktop\installation ProgramDataMAGIXMAGIX Fotos auf DVD MX Deluxe 11_00.ini [2012.08.10 18:02:42 | 000,000,002 | ---- | C] () -- C:\Users\xxxx\Desktop\installation ProgramDataMAGIXMAGIX Fotos auf CD & DVD Deluxe 10_05.ini [2012.08.10 17:23:46 | 000,000,228 | ---- | C] () -- C:\Users\xxxx\Desktop\installation Fotos auf DVD MX Deluxe SE.ini [2012.08.10 17:20:00 | 000,000,228 | ---- | C] () -- C:\Users\xxxx\Desktop\installation Fotos auf CD DVD 10 Deluxe SE DLV.ini [2012.08.09 15:22:14 | 000,537,120 | ---- | C] () -- C:\Users\xxxx\Documents\test.vep [2012.08.09 15:05:26 | 000,001,210 | ---- | C] () -- C:\Users\xxxx\Desktop\AVS Video Editor.lnk [2012.08.09 14:50:12 | 000,000,000 | ---- | C] () -- C:\Users\xxxx\Documents\AVSVideoEditor.exe [2012.08.09 14:46:01 | 000,001,288 | ---- | C] () -- C:\Users\xxxx\Desktop\Extrahieren.lnk [2012.08.09 12:58:28 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012.08.09 12:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012.08.09 12:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012.08.09 10:57:18 | 000,000,494 | ---- | C] () -- C:\Windows\tasks\SyncBack Starmoney.job [2012.08.09 09:48:26 | 000,007,563 | ---- | C] () -- C:\Users\xxxx\Documents\test.csv [2012.08.08 10:23:10 | 007,241,906 | ---- | C] () -- C:\Users\xxxx\Documents\Galapagos aqua soft.ads [2012.08.07 16:28:00 | 000,011,042 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20120807_162757.reg [2012.08.07 15:42:28 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2012.08.07 07:56:30 | 000,001,078 | ---- | C] () -- C:\Users\xxxx\Desktop\Programme.lnk [2012.08.06 15:10:05 | 033,471,466 | ---- | C] () -- C:\Users\xxxx\Documents\Thunderbird 14.0 (de) - 2012-08-06.pcv [2012.08.06 15:09:36 | 004,687,681 | ---- | C] () -- C:\Users\xxxx\Documents\Firefox 14.0.1 (de) - 2012-08-06.pcv [2012.08.06 14:49:01 | 000,089,286 | ---- | C] () -- C:\Users\xxxx\Documents\cc_20120806_144858.reg [2012.08.06 14:43:58 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.06 14:28:09 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk [2012.08.06 11:39:22 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk [2012.08.06 11:38:55 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2012.08.06 08:59:28 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\SyncBack Keepass.job [2012.08.06 08:57:54 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\SyncBack Termine.job [2012.08.06 08:41:02 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\SyncBack Kontakte.job [2012.08.06 08:24:12 | 000,001,182 | ---- | C] () -- C:\Users\xxxx\Desktop\SyncBack.lnk [2012.08.05 11:35:36 | 000,005,003 | ---- | C] () -- C:\ProgramData\cgatmfqq.mbd [2012.08.04 08:32:48 | 000,661,927 | ---- | C] () -- C:\Users\xxxx\Documents\Syscheck Klaus Gerstner 2012-08-04 08-32.syc [2012.08.02 15:47:06 | 000,003,584 | ---- | C] () -- C:\Users\xxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.02 09:55:47 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll [2012.08.02 09:55:47 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll [2012.08.02 09:55:47 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll [2012.08.02 09:55:47 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll [2012.08.02 09:55:47 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll [2012.08.02 09:55:47 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll [2012.08.02 09:55:01 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn [2012.08.02 09:55:01 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for [2012.08.02 09:53:20 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2012.08.02 09:33:41 | 002,284,116 | ---- | C] () -- C:\Users\xxxx\Documents\Tierfotografie.pdf [2012.08.01 16:42:10 | 000,098,816 | ---- | C] () -- C:\Users\xxxx\Documents\Logfile.odt [2012.08.01 10:49:30 | 000,001,341 | ---- | C] () -- C:\Users\xxxx\Desktop\Fremdwörter.lnk [2012.08.01 08:03:29 | 000,000,894 | ---- | C] () -- C:\Users\xxxx\Desktop\KeePass.lnk [2012.07.31 15:34:34 | 000,000,124 | ---- | C] () -- C:\Users\xxxx\Documents\Database.kdb [2012.07.31 07:02:06 | 000,001,524 | ---- | C] () -- C:\Users\xxxx\Desktop\Wasser.lnk [2012.07.31 07:02:01 | 000,001,570 | ---- | C] () -- C:\Users\xxxx\Desktop\Strom.lnk [2012.07.31 07:01:51 | 000,001,550 | ---- | C] () -- C:\Users\xxxx\Desktop\Gas.lnk [2012.07.30 16:26:12 | 005,773,970 | ---- | C] () -- C:\Users\xxxx\Documents\Firefox 14.0.1 (de) - 2012-07-30.pcv [2012.07.30 16:25:16 | 012,776,120 | ---- | C] () -- C:\Users\xxxx\Documents\Thunderbird 14.0 (de) - 2012-07-30.pcv [2012.07.30 15:11:55 | 000,001,097 | ---- | C] () -- C:\Users\xxxx\Desktop\Eigene Bilder-Videos.lnk [2012.07.28 06:52:05 | 000,015,131 | ---- | C] () -- C:\Users\xxxx\Documents\Re [Ticket# 2012072710001734] MAGIX Support - 198843,reg,sales,de.eml [2012.07.27 17:05:58 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk [2012.07.27 17:05:57 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk [2012.07.27 16:33:29 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk [2012.07.27 15:35:06 | 000,025,414 | ---- | C] () -- C:\Users\xxxx\Documents\Unbenannt 1.odt [2012.07.27 15:03:12 | 000,001,058 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk [2012.07.26 07:23:16 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2012.07.26 07:23:16 | 000,002,198 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk [2012.07.20 11:34:54 | 000,000,407 | ---- | C] () -- C:\Users\xxxx\AppData\Roaming\dpdhl.versandhelfer.medionlap_state.xml [2012.07.19 15:35:52 | 000,001,469 | ---- | C] () -- C:\Users\xxxx\AppData\Local\RecConfig.xml [2012.07.19 14:43:49 | 000,000,000 | ---- | C] () -- C:\Windows\um.INI [2012.07.19 07:50:38 | 000,002,048 | -HS- | C] () -- C:\Users\xxxx\AppData\Local\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\@ [2012.07.18 19:40:44 | 009,226,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.18 12:45:51 | 000,017,408 | ---- | C] () -- C:\Users\xxxx\AppData\Local\WebpageIcons.db [2011.12.20 00:17:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.12.19 22:09:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.19 22:09:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.19 22:09:51 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\xxxx\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\xxxx\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\xxxx\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\xxxx\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\xxxx\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\xxxx\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2012.08.07 12:58:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AquaSoft [2012.08.09 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AVG [2012.08.09 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\AVG2012 [2012.08.05 16:19:27 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Babylon [2012.07.24 07:35:08 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canneverbe Limited [2012.07.23 11:46:38 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon [2012.08.13 08:40:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.11 16:37:48 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.21 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Digital Dynamic [2012.07.27 17:04:40 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Downloaded Installations [2012.07.19 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012.08.23 06:38:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Dropbox [2012.08.22 17:00:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\EssentialPIM [2012.08.23 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\KeePass [2012.07.19 09:58:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\LibreOffice [2012.08.11 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MAGIX [2012.08.05 11:36:00 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MOVAVI [2012.07.26 07:46:45 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\MozBackup [2012.07.26 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\mresreg [2012.08.10 12:25:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nitro PDF [2012.08.07 14:53:31 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Nvu [2012.07.30 10:30:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenCandy [2012.08.11 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PDAppFlex [2012.08.07 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Priotecs [2012.08.23 09:49:58 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Spamihilator [2012.07.18 19:56:06 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Thunderbird [2012.07.26 07:23:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\TuneUp Software [2012.07.18 11:47:22 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Virtual Desktop Manager [2012.07.19 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\WebApp [2012.07.30 13:59:49 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.08.06 09:04:07 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\SyncBack Keepass.job [2012.08.06 19:22:08 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\SyncBack Kontakte.job [2012.08.10 16:49:06 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\SyncBack Starmoney.job [2012.08.06 19:22:08 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\SyncBack Termine.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 972 bytes -> C:\Users\xxxx\Documents\Re [Ticket# 2012072710001734] MAGIX Support - 198843,reg,sales,de.eml:OECustomProperty @Alternate Data Stream - 749 bytes -> C:\Users\xxxx\Documents\Ratgeber Erbschaft.eml:OECustomProperty @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 1109 bytes -> C:\Users\xxxx\AppData\Local\Temp:yhmWPq93uMAb6UywK1dzA < End of report > ------------------------------------------------------------------ Anlage 2: OTL Extras logfile created on: 23.08.2012 09:58:22 - Run 1 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Klaus\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,07% Memory free 15,82 Gb Paging File | 13,95 Gb Available in Paging File | 88,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 647,54 Gb Total Space | 481,36 Gb Free Space | 74,34% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 27,77 Gb Free Space | 55,54% Space Free | Partition Type: NTFS Computer Name: KLAUS-PC | User Name: Klaus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05524E95-75C4-42EC-A0AF-1E589E46BE56}" = rport=139 | protocol=6 | dir=out | app=system | "{25658910-6CCA-4A72-85FE-E2774E995310}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28F90FBA-F478-4B6E-9BE6-DE69A8921301}" = rport=445 | protocol=6 | dir=out | app=system | "{459687D2-9480-4131-BFA4-A0D2756895A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{479A6FC6-D65D-44F1-94A9-7C911EF53D18}" = lport=139 | protocol=6 | dir=in | app=system | "{6C95ACC8-690A-409E-A420-93DF37ED3D25}" = rport=138 | protocol=17 | dir=out | app=system | "{7423FFB1-968C-46CE-A17E-8A72504974D0}" = lport=137 | protocol=17 | dir=in | app=system | "{A343DBB1-7AF9-4494-A6F2-3017D3382D3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BCA39D7C-DD4C-4A7C-AE28-D38D0A63BF9C}" = lport=138 | protocol=17 | dir=in | app=system | "{BEFB3E9C-A9BC-4C2A-8770-02CD3A92026F}" = rport=137 | protocol=17 | dir=out | app=system | "{D67878E2-A9FD-4C32-842E-D296C27D7109}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ED7D6ACE-E11B-48A8-914A-57B916DCF68E}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14481FC2-AA69-45A9-A46F-C3B0B6C12B1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{16E8E62E-B677-447A-A6CC-E5C33EEC5249}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | "{2D9E517D-62D7-4A5D-A7BE-F48F04A49BBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{39E89C2D-7B4F-41C9-AEF5-6CF7A620996C}" = protocol=6 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | "{5ECAE157-3927-4D15-AF9D-B7B2DD9EF44B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{618C2833-7C9D-4BA7-9BC8-F7F2E89EE6FC}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe | "{7690628D-3FA7-48FF-BD2C-9EE9B4912981}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{87B659ED-BF8C-4EE1-A763-BD70A320B95C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{8826E322-9084-4A45-AA1B-322681969BD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A6959119-A282-4CC4-9D62-EF44E5D4DBE9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{A7E1AFC0-0ACC-48D4-A533-F86DDF7A5256}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{ABB4A6FD-164D-4C50-AD11-41FDFA6D6414}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{ACB2537F-91F7-4476-8650-70676F2C00EA}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\app\starmoney.exe | "{BD95A7CC-2268-4981-AE44-3038DF773ADA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{C16D510D-6BB2-4A4D-9CBB-482DECEFF73F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{C1DAE84B-2C95-482D-86B0-A7A85ADAA015}" = protocol=17 | dir=in | app=c:\users\klaus\appdata\roaming\dropbox\bin\dropbox.exe | "{C4EA81B0-3B4D-4ABC-AEC2-CEF34B0D093D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D386905F-AC95-4903-A423-01B858AB014B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{DFF3DAC2-CFA2-4444-8DE7-CFB8ACB63C1C}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe | "{ECD28B50-E6DE-4CE9-9061-9610995F2FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | "{F1BAE129-82B3-41D5-8D37-CBF2F839E92E}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe | "{F7E922A8-2B11-4D9C-B4A7-86830FBD8E78}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 7.0\ouservice\starmoneyonlineupdate.exe | "TCP Query User{C6157555-687E-4184-A5A5-906DF38210D1}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | "UDP Query User{9DCE6C29-7C0F-42A3-BA8A-3DE313D1AB76}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0723532B-AD75-4D04-B88A-8CCEC6624E6D}" = Nitro Reader 2 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10 "{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit) "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012 "{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{821B4CA1-D404-4CCA-AEA4-C7D3F40841B1}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger Sensing Pad Driver "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "PremElem100" = Adobe Premiere Elements 10 "ProgDVB" = ProgDVB x64 "ProInst" = Intel PROSet Wireless "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03B3751E-762D-4289-8465-9FC04BE07C93}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{1A935920-BCDC-470C-9CE4-6116D2850CFA}" = MAGIX Speed burnR (MSI) "{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{354A26A6-13E4-48AD-8B24-8D60BA6FB08E}" = StarMoney 7.0 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{9EC03323-2CC1-4D00-AE61-CA0D3AA26DBD}" = MAGIX Retten Sie Ihre Notebook-Daten "{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer "{A0AADC1F-542C-97D7-8911-AB9FA1E1692B}" = Versandhelfer "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B1F9C834-0594-4563-B344-4ED9599A5945}" = LibreOffice 3.5 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BF2682CA-BE5C-440B-9A04-DBF5D5842649}" = MAGIX Screenshare "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "AmUStor" = Alcor Micro USB Card Reader "AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS Video Editor_is1" = AVS Video Editor 6 "AVS Video Recorder_is1" = AVS Video Recorder 2.5 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer "EOS Utility" = Canon Utilities EOS Utility "EssentialPIM" = EssentialPIM "FastStone Image Viewer" = FastStone Image Viewer 4.6 "Freemake Video Downloader_is1" = Freemake Video Downloader "IncrediMail" = IncrediMail 2.0 "InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "KeePass Password Safe_is1" = KeePass Password Safe 1.23 "MAGIX_{03B3751E-762D-4289-8465-9FC04BE07C93}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition "MAGIX_{1A935920-BCDC-470C-9CE4-6116D2850CFA}" = MAGIX Speed burnR (MSI) "MAGIX_{BF2682CA-BE5C-440B-9A04-DBF5D5842649}" = MAGIX Screenshare "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ProInst" = Intel PROSet Wireless "SyncBack_is1" = SyncBack "TuneUp Utilities 2011" = TuneUp Utilities 2011 "VLC media player" = VLC media player 2.0.2 "WinPcapInst" = WinPcap 4.1.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.08.2012 06:30:49 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 06:31:04 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 06:31:41 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 06:32:37 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 06:47:42 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 11:57:32 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 11:57:43 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 11:58:13 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 12:00:21 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = Error - 22.08.2012 12:15:25 | Computer Name = Klaus-PC | Source = MsiInstaller | ID = 10005 Description = [ Media Center Events ] Error - 27.07.2012 23:18:05 | Computer Name = Klaus-PC | Source = MCUpdate | ID = 0 Description = 05:17:59 - Fehler beim Herstellen der Internetverbindung. 05:18:00 - Serververbindung konnte nicht hergestellt werden.. Error - 09.08.2012 01:00:36 | Computer Name = Klaus-PC | Source = MCUpdate | ID = 0 Description = 07:00:27 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 09.08.2012 02:01:30 | Computer Name = Klaus-PC | Source = MCUpdate | ID = 0 Description = 08:01:23 - Broadband-2.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) [ System Events ] Error - 23.08.2012 02:30:11 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 23.08.2012 02:49:15 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 23.08.2012 03:39:50 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 23.08.2012 03:46:34 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 23.08.2012 03:49:54 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht. Error - 23.08.2012 03:49:54 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.08.2012 03:50:02 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 23.08.2012 03:50:33 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TuneUp Utilities Service erreicht. Error - 23.08.2012 03:50:33 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 23.08.2012 03:51:47 | Computer Name = Klaus-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > |
|
28.08.2012, 07:28
| #2 | ||
| /// Helfer-Team    | Win64/Sirefef.M eingefangen vermutlich System bereits befallen Hallo und Herzlich Willkommen!
__________________ Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen  :Zitat:
- einen Backdoor mit Rootkitfunktionalität diese Malware verwendet Rootkit-Technologie und Backdoor-Routine *was sind Backdoors und Rootkits* Verhaltensweise: "speicherresident" Tipps & Rat: ➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! ➋ -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 ➌ - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
➍ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira
__________________ |
|
04.09.2012, 06:13
| #3 |
| |  Win64/Sirefef.M eingefangen vermutlich System bereits befallen Hallo Kira,
__________________vielen Dank für Ihre Hilfe. Da bleibt mir nur die gegebene Empfehlung. Gibt es auch ein deutschsprachiges Programm zum Sichern der Daten? Leider bin ich im Englischen nicht so perfekt. In der Anleitung steht, wenn ich das richtig verstanden habe, dass keine ausführbaren Dateien vom infizierten Computer neu aufgespielt werden sollen. Das würde aber doch den wesentlichen Teil der Eigenen Dateien betreffen. Sehe ich das richtig? Jedenfalls möchte ich nochmals meinen herzlichen Dank aussprechen, auch an alle die für diese Seite mitarbeiten. MIt freundlichen Grüßen K. G. |
|
04.09.2012, 07:31
| #4 | |
| /// Helfer-Team | Win64/Sirefef.M eingefangen vermutlich System bereits befallenZitat:
Tipps für die Zukunft Daten zu sichern, Win7 bietet Dir von Haus aus : -> Systemabbild -> Was ist ein Systemabbild? -> Wiederherstellen des Computers von einer Systemabbildsicherung
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Win64/Sirefef.M eingefangen vermutlich System bereits befallen |
| 0x8007042, antivirus, bho, computer, dns-server, error, firefox, flash player, gfnexsrv.exe, groupon, helper, home, install.exe, locker, logfile, mozilla, msiinstaller, plug-in, problem, problembehandlung, programm, prozess, realtek, registry, rundll, scan, search the web, siteadvisor, starmoney, svchost.exe, system, trojaner, udp, usb, usb 3.0, visual studio, win64/sirefef.m, windows |
Linear-Darstellung
