Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?

rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


Plagegeister aller Art und deren Bekämpfung: rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.04.2010, 19:22   #1
marvin241
 
rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? - Ausrufezeichen

rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


Hallo liebes Forum!

Nachdem ich gestern mithilfe des Tools Zbot-Killer einen Trojan-Spy.Win32.Zbit von meinem System gelöscht habe, war ich mir ziemlich sicher das mein System nun ''clean'' ist, da ich es noch einmal mit sämtlichen Antivirentools durchgescannt habe, sprich: Kaspersky online scanner, malwarebytes, SuperAntiSpyware, Avira, Norton (mein Antivirenprogramm) ,Spybot, diese aber alle nichts fanden.
Nach dem säubern des PCs durch den CCleaner, das Ändern aller Passwörter sämtlicher Programme auf dem PC und im Internet habe ich einen Neustart gemacht. Norton öffnete sofort ein Fenster mit Aufschrift: Eine Datei möchte Ausgeführt werden: Rundll32.exe. Ich weiß das es Systemprozess ist, dieser hier aber liegt im Verzeichnis (AppData/Local/Temp/59181BMP). Ich dachte mir das da was dran Faul ist, oder liege ich da jetzt etwas falsch??? Ich habe die Datei aus dem System enfernen lassen. Vorher habe ich die Datei mit Virustotal gecheckt, keine Funde(0%), aber trotzdem...kommt mir komisch vor. Schlummert vielleicht irgendwo in meinem System noch ein Virus. ??

Hier noch der HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:57, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\mozilla-runtime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.gigux.com/?LinkID=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,booyaka.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote Inhaltsverzeichnis.onetoc2
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: G Data Tuner Service - Unknown owner - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe (file missing)
O23 - Service: Google Update Service (gupdate1caa0fc67197ca) (gupdate1caa0fc67197ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Unknown owner - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 6725 bytes




Danke schon einmal im Vorraus!

Alt 09.04.2010, 20:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? - Standard

rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


Hallo und

Poste mal OTL Logs

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 10.04.2010, 09:49   #3
marvin241
 
rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? - Standard

rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


Hey, erstmal danke für die schnelle Antwort, bevor ich dir die Logfiles gebe ist mir heute morgen noch etwas aufgefallen; Norton hat wieder diese rundll32.exe gefunden, wieder im selben Verzeichnis, allerdings in einem neuen Ordner. Das schlimme daran ist, dass das ganze Verzeichnis (AppData/Local/Temp) nun voll mit dubiosen Ordnern und Programmen ist! Das war gestern noch nicht so!

Hier also die Logfiles:

Nummer 1:
Zitat:
OTL logfile created on: 10.04.2010 10:43:05 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Marvin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 518,46 Gb Free Space | 89,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,85% Space Free | Partition Type: FAT32
Drive E: | 1,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARVIN-PC
Current User Name: Marvin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Marvin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Modules (SafeList) ==========

MOD - C:\Users\Marvin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\asoehook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (NeroMediaHomeService.4) -- File not found
SRV - (G Data Tuner Service) -- File not found
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.039\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100408.039\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVR0Dev) -- C:\Windows\nvoclock.sys (NVidia Corp.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (sonypvs1) -- C:\Windows\System32\drivers\sonypvs1.sys (Sony Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.gigux.com/?LinkID=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.04.09 10:39:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.04.09 11:19:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3plugin1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.09 14:38:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3plugin1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.09 14:38:07 | 000,000,000 | ---D | M]

[2010.04.09 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions
[2010.04.09 11:50:11 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\1qd62uoj.default\extensions
[2010.04.09 11:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.05 22:38:59 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.05 22:38:59 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.05 22:38:59 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.05 22:38:59 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.05 22:38:59 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (booyaka.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.14 11:19:50 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{b86638d3-8e1f-11dd-a375-002185692b35}\Shell - "" = AutoRun
O33 - MountPoints2\{b86638d3-8e1f-11dd-a375-002185692b35}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.08 19:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Reallusion
[2010.11.08 19:30:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2010.04.09 20:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.04.09 11:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.09 11:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.04.09 11:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.04.09 11:46:17 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\Adobe
[2010.04.09 11:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.04.09 11:44:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.04.09 11:36:52 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Mozilla
[2010.04.09 11:36:52 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\Mozilla
[2010.04.09 11:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.09 11:26:17 | 000,044,080 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010.04.09 10:46:20 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symtdiv.sys
[2010.04.09 10:46:20 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symds.sys
[2010.04.09 10:46:20 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.sys
[2010.04.09 10:46:20 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.sys
[2010.04.09 10:46:20 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.sys
[2010.04.09 10:46:19 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.sys
[2010.04.09 10:46:19 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\ironx86.sys
[2010.04.09 10:45:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1106000.020
[2010.04.09 10:38:49 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.04.09 10:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010.04.09 10:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010.04.09 10:37:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010.04.09 10:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010.04.09 10:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010.04.08 20:19:56 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\SUPERAntiSpyware.com
[2010.04.08 16:58:22 | 000,000,000 | -HSD | C] -- C:\Users\Marvin\AppData\Roaming\lowsec
[2010.04.06 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2010.04.06 17:16:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.06 17:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.06 17:16:40 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.06 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.06 15:30:32 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.04.06 15:30:32 | 011,573,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.04.06 15:30:32 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.04.06 15:30:32 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.04.06 15:30:32 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.04.06 15:30:29 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.04.06 15:30:29 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.04.06 15:30:29 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.04.06 15:30:29 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.04.06 15:30:29 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll
[2010.04.06 15:30:29 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.04.06 12:13:32 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\WinRAR
[2010.04.06 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.04.06 11:53:44 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Update
[2010.04.01 13:21:17 | 000,123,856 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010.04.01 13:21:12 | 000,041,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010.03.31 19:03:07 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Sony Corporation
[2010.03.31 18:53:20 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\sonyhcs.sys
[2010.03.31 18:53:20 | 000,102,220 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\sonypvs1.sys
[2010.03.31 18:53:20 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\Windows\System32\SONYHCY.DLL
[2010.03.31 18:53:20 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\sonyhcc.sys
[2010.03.31 18:53:20 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\Windows\System32\drivers\sonyhcb.sys
[2010.03.31 18:53:20 | 000,000,000 | ---D | C] -- C:\Drivers
[2010.03.31 18:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010.03.31 18:10:42 | 000,000,000 | ---D | C] -- C:\USB_DRV
[2010.03.31 10:44:55 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 10:44:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.31 10:44:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.03.31 10:44:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 10:44:54 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 10:44:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 10:44:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.03.31 10:44:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.03.31 10:44:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 10:44:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.03.31 10:44:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.03.31 10:44:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.03.31 10:44:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 10:44:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 10:44:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.03.28 18:44:12 | 000,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe
[2010.03.28 15:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Technisat
[2010.03.27 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\vlc
[2010.03.27 13:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.03.26 16:04:07 | 015,821,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010.03.26 14:42:29 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Tracing
[2010.03.25 20:06:30 | 000,099,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010.03.22 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\Meine empfangenen Dateien
[2010.03.16 02:15:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.03.16 02:15:00 | 000,985,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.03.16 02:14:00 | 013,683,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.03.16 02:14:00 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.08 17:37:14 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000559.LCS
[2010.04.10 10:42:45 | 004,194,304 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT
[2010.04.10 10:40:13 | 001,696,772 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.10 10:40:13 | 000,754,980 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.10 10:40:13 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.10 10:40:13 | 000,194,424 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.10 10:40:13 | 000,125,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.10 10:33:59 | 000,052,981 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.04.10 10:33:58 | 000,052,981 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.10 10:33:48 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.04.10 10:33:46 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.10 10:33:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 10:33:42 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 10:33:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 10:33:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.09 20:24:55 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.04.09 20:24:55 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.09 20:24:51 | 002,356,606 | -H-- | M] () -- C:\Users\Marvin\AppData\Local\IconCache.db
[2010.04.09 14:38:10 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.09 14:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.09 13:36:52 | 001,952,374 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010.04.09 12:49:49 | 000,001,356 | ---- | M] () -- C:\Users\Marvin\AppData\Local\d3d9caps.dat
[2010.04.09 11:49:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.09 11:19:30 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.04.09 10:38:03 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.04.09 10:38:03 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.04.09 10:38:03 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.04.06 19:08:36 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.04.06 19:03:56 | 000,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.04.06 19:03:47 | 000,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.04.06 19:02:28 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.04.06 19:02:21 | 000,028,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.04.06 11:51:59 | 000,000,129 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\default.pls
[2010.04.05 21:52:50 | 000,000,345 | ---- | M] () -- C:\Users\Marvin\Documents\_8760.htm
[2010.04.04 19:17:16 | 000,025,584 | -H-- | M] () -- C:\Users\Marvin\Desktop\mxfilerelatedcache.mxc2
[2010.03.30 16:48:20 | 000,101,888 | ---- | M] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 18:44:32 | 000,000,194 | ---- | M] () -- C:\Windows\win.ini
[2010.03.28 18:44:32 | 000,000,138 | ---- | M] () -- C:\Windows\System32\winrun.sys
[2010.03.27 14:57:47 | 000,001,492 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.03.27 02:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010.03.25 20:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxNetAdp.sys
[2010.03.25 20:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010.03.25 20:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010.03.25 14:58:28 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2010.03.16 08:51:59 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.03.16 08:51:59 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.03.16 08:51:59 | 011,573,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.03.16 08:51:59 | 009,386,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.03.16 08:51:59 | 004,503,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.03.16 08:51:59 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.03.16 08:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.03.16 08:51:59 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.03.16 08:51:59 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.03.16 08:51:59 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.03.16 08:51:59 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll
[2010.03.16 08:51:59 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.03.16 08:51:59 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.03.16 08:51:59 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.03.16 08:51:59 | 000,007,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010.03.16 02:15:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.03.16 02:15:00 | 000,985,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.03.16 02:14:00 | 013,683,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.03.16 02:14:00 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.03.16 02:13:50 | 000,276,196 | ---- | M] () -- C:\Windows\System32\NvApps.xml
[2010.03.16 02:13:50 | 000,066,714 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml
[2010.03.12 11:26:36 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[28 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.09 11:47:36 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.09 11:32:26 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.09 11:17:52 | 001,952,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010.04.09 10:46:20 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.cat
[2010.04.09 10:46:20 | 000,007,444 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.cat
[2010.04.09 10:46:20 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.cat
[2010.04.09 10:46:20 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.cat
[2010.04.09 10:46:20 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.cat
[2010.04.09 10:46:20 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.inf
[2010.04.09 10:46:20 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.inf
[2010.04.09 10:46:20 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.inf
[2010.04.09 10:46:20 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.inf
[2010.04.09 10:46:20 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.inf
[2010.04.09 10:46:19 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.cat
[2010.04.09 10:46:19 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.cat
[2010.04.09 10:46:19 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.cat
[2010.04.09 10:46:19 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.inf
[2010.04.09 10:46:19 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.inf
[2010.04.09 10:46:19 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.inf
[2010.04.09 10:45:56 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010.04.09 10:38:49 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010.04.09 10:38:49 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010.04.09 10:37:58 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.04.06 15:30:32 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.04.05 21:52:50 | 000,000,345 | ---- | C] () -- C:\Users\Marvin\Documents\_8760.htm
[2010.03.31 18:53:20 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010.03.28 18:44:32 | 000,000,138 | ---- | C] () -- C:\Windows\System32\winrun.sys
[2010.03.27 14:56:22 | 000,001,492 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.03.16 02:13:50 | 000,276,196 | ---- | C] () -- C:\Windows\System32\NvApps.xml
[2010.03.16 02:13:50 | 000,066,714 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml
[2009.09.12 10:01:55 | 000,076,964 | -H-- | C] () -- C:\Users\Marvin\AppData\Roaming\Cache.mxc3
[2009.09.03 18:03:16 | 000,350,208 | ---- | C] () -- C:\Windows\System32\Rivet200.dll
[2009.08.13 20:31:05 | 000,000,038 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2009.07.14 13:49:23 | 000,002,248 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.05.26 15:07:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.08 19:11:37 | 000,052,981 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.08 19:10:58 | 000,052,981 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.29 17:23:16 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009.03.29 17:20:16 | 000,000,089 | ---- | C] () -- C:\Windows\magix.ini
[2009.03.11 17:42:04 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2009.02.21 10:49:55 | 000,000,046 | ---- | C] () -- C:\Windows\Goya.INI
[2009.02.16 16:44:26 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2009.02.13 17:43:15 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.02.03 15:37:58 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll
[2009.02.03 15:37:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll
[2009.01.28 14:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\MusicEditor.INI
[2009.01.27 20:32:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.01.24 16:37:21 | 000,000,483 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.01.09 12:38:19 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009.01.09 12:38:17 | 000,819,200 | ---- | C] () -- C:\Windows\gmer.dll
[2009.01.03 16:07:20 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.12.02 15:02:13 | 000,000,094 | ---- | C] () -- C:\Users\Marvin\AppData\Local\fusioncache.dat
[2008.12.01 16:50:00 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.10.12 13:14:32 | 000,000,680 | RHS- | C] () -- C:\Users\Marvin\ntuser.pol
[2008.10.05 12:54:24 | 000,030,920 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\UserTile.png
[2008.10.02 21:38:35 | 000,000,129 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\default.pls
[2008.10.02 18:17:55 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.01 17:25:16 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.10.01 13:46:06 | 000,000,016 | -H-- | C] () -- C:\Users\Marvin\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.01 13:46:06 | 000,000,016 | -H-- | C] () -- C:\Users\Marvin\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.01 13:46:05 | 000,000,016 | -H-- | C] () -- C:\Users\Marvin\mxfilerelatedcache.mxc2
[2008.09.30 14:37:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.09.29 16:08:04 | 000,101,888 | ---- | C] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.29 16:00:49 | 000,001,356 | ---- | C] () -- C:\Users\Marvin\AppData\Local\d3d9caps.dat
[2008.09.29 14:38:12 | 000,000,712 | ---- | C] () -- C:\Users\Marvin\AppData\Roaming\wklnhst.dat
[2008.09.29 14:18:56 | 000,524,288 | -HS- | C] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.09.29 14:18:56 | 000,524,288 | -HS- | C] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.09.29 14:18:56 | 000,262,144 | -H-- | C] () -- C:\Users\Marvin\ntuser.dat.LOG1
[2008.09.29 14:18:56 | 000,065,536 | -HS- | C] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.09.29 14:18:56 | 000,000,020 | -HS- | C] () -- C:\Users\Marvin\ntuser.ini
[2008.09.29 14:18:56 | 000,000,000 | -H-- | C] () -- C:\Users\Marvin\ntuser.dat.LOG2
[2008.09.29 14:18:55 | 004,194,304 | -HS- | C] () -- C:\Users\Marvin\NTUSER.DAT
[2008.09.29 14:18:55 | 003,407,872 | -HS- | C] () -- C:\Users\Marvin\ntuser.dat_previous
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.08 15:18:39 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007.03.12 13:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\System32:Yþvzpctlsp.log
@Alternate Data Stream - 24 bytes -> C:\Windows:70EECF74D560B183
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\z:wY8w@ëòt<î²pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Pñ:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\øó:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ôï:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\èò:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YSwzUwYSw™÷Ùtœõ‚pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YßvzávYßv•Ouð¨pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YòvzôvYòv,ï¬uTîVpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YcwzewYcwzˆTvÐô?pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y«wz*wY«w¦ŠÉvpõzpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y«wz*wY«w&‘kuðîØpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y$wz&wY$w âuèñ)pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y
wzwY
wæuhõpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y wz"wY w(îÎuîæpctlsp.log
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Und Nummer 2:
Zitat:
OTL Extras logfile created on: 10.04.2010 10:43:05 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Marvin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 518,46 Gb Free Space | 89,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,85% Space Free | Partition Type: FAT32
Drive E: | 1,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARVIN-PC
Current User Name: Marvin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- Reg Error: Key error. File not found
.js [@ = UltraEdit.js] -- Reg Error: Key error. File not found
.txt [@ = UltraEdit.txt] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UACDisableNotify" = 0
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3363188893-1086369507-2872848387-1001]
"EnableNotificationsRef" = 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E0652D-2BCC-4E07-ACD5-B2C60239F889}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{03E89599-FA7D-4508-AEF1-47B80C3E0800}" = protocol=6 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{0DAB37CD-0F57-43EA-8B56-D3BF263CB187}" = protocol=17 | dir=in | app=c:\users\marvin\appdata\local\tversity\media server\mediaserver.exe |
"{11F7B3DE-666F-4177-9DCE-50AEFB2DA882}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1379389A-F84B-478F-A8BF-E135798EB0E2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3D783810-222B-40F9-9FBC-B519A68F5608}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3E789509-3A9E-426F-B90E-AF0896AFB1BE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{442021DE-86C4-474C-8B10-D9FFEDC7DC5C}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe |
"{4A3F4FA8-2FD7-4AF2-BE48-E2C53EB45200}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{505D01C7-5FC0-40D7-9C62-78E2F780C1F9}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{525598AD-DB9D-471C-A64C-36847661DA8C}" = protocol=6 | dir=in | app=c:\users\marvin\appdata\local\tversity\media server\mediaserver.exe |
"{5548BBD5-4323-4CD5-B8DE-70CA7079C8BB}" = protocol=17 | dir=in | app=c:\program files\winish\updater.exe |
"{584AD010-7F01-4596-BFE2-6036439C8996}" = protocol=6 | dir=in | app=c:\program files\winish\winish.exe |
"{7C9D1B10-4C36-4E39-B5E0-EFE04AEA3796}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{7E8185D8-EE9A-43CF-B632-3B42B031A5CF}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7E831459-2AD6-405C-BD77-C39BA3025FC3}" = protocol=17 | dir=in | app=c:\program files\winish\winish.exe |
"{8A6AB630-C8F2-4260-A22A-3EC935C1D204}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{988F78B7-C6E1-4F6A-A579-967CB6514C50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0DB5AA1-E0BE-4DAF-8028-8FB664078285}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8155102-E7B6-48BD-B1A0-35C0EA8B10E3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BF5548FA-5845-42A2-8BAF-164EAC1623F9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{CCE14DA4-7382-4FBE-83A0-48D8C0FC8C8F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D1ADCE55-7446-4955-A471-C740BD01A8A2}" = protocol=6 | dir=in | app=c:\program files\winish\updater.exe |
"{EF03345C-EA76-4A50-8909-EF4C7F46FBCC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F68B7273-D598-45B4-A244-4A012AC631B7}" = protocol=17 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"{F85D692A-4F93-4D5B-9E45-B1DE8B46A9D9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{FAAA7A72-EF7B-49A9-BBED-7FCAA8047788}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{09F5EF8E-FB05-40C3-A15C-EEEFAE48E133}C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe" = protocol=6 | dir=in | app=c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe |
"TCP Query User{7C2621D1-B582-4C52-A921-723810E0CD6B}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"TCP Query User{B0075465-59F9-4CF8-A5D4-0AE2A2256C90}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E7C3AA65-5426-418B-B592-D44D91AC63DD}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{ED461F60-1185-450D-BA72-7C0D22D33EE6}C:\program files\opera 10.50 beta\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"UDP Query User{260E7803-8164-47B5-93D7-D399EF5CAB94}C:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe" = protocol=17 | dir=in | app=c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe |
"UDP Query User{426C976F-9262-4A3B-96AC-488EC063CEF8}C:\program files\opera 10.50 beta\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera 10.50 beta\opera.exe |
"UDP Query User{8B7D208C-FF5B-40F0-8EC7-9364A304EB54}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{CE48083F-026D-43E2-812A-69FF931D709B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DEA0E012-EB81-4F24-A152-F25232D0B1D0}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{629840d3-d87c-4730-9d9e-efe096d028c7}" = Nero MediaHome 4 Trial
"{69FC3B9A-4149-43DB-A557-6ED0C8D8BA44}" = Nero MediaHome 4 Help
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99EF387E-633E-4CFB-BFA3-AB961B685DDF}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AoE3 Editor Mod" = AoE3 Editor Mod
"CCleaner" = CCleaner
"EPSON Stylus SX200 Series" = Druckerdeinstallation für EPSON Stylus SX200 Series
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"LetsTrade" = LetsTrade Komponenten
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Video deluxe 2007 2008 PLUS D" = MAGIX Video deluxe 2007 2008 PLUS 7.0.0.25 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mediaport" = Mediaport
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3plugin1)" = Mozilla Firefox (3.6.3plugin1)
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"VLC media player" = VLC media player 1.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.07.2009 03:26:36 | Computer Name = Marvin-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11.07.2009 11:41:37 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2009 03:03:16 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2009 03:07:14 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2009 08:43:55 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.07.2009 13:51:07 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.07.2009 03:42:52 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 13.07.2009 08:45:56 | Computer Name = Marvin-PC | Source = Application Hang | ID = 1002
Description = Programm gta-vc.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 14c8 Anfangszeit: 01ca03b622fdf7d5 Zeitpunkt der Beendigung:
27

Error - 13.07.2009 14:16:46 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

Error - 14.07.2009 04:09:43 | Computer Name = Marvin-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 16.02.2009 12:33:44 | Computer Name = Marvin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 901 seconds with 600 seconds of active time. This session ended with a crash.

Error - 21.02.2009 07:36:51 | Computer Name = Marvin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 33 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 09.04.2010 13:45:29 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 09.04.2010 13:45:29 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 13:45:29 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 13:45:29 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 13:45:29 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.04.2010 04:34:09 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 10.04.2010 04:34:09 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.04.2010 04:34:09 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.04.2010 04:34:09 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10.04.2010 04:34:09 | Computer Name = Marvin-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Danke schon mal im Vorraus!
__________________
Alt 10.04.2010, 11:53   #4
marvin241
 
rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? - Standard

rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


Schon OK! Ich habe mich dazu entschieden das System neu aufzusetzen, nachdem ich dich kontrolle des PCs fast schon verloren habe. Trotzdem danke für Hilfe !

Antwort

Themen zu rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?
avira, bho, firefox, g data, google, gupdate, hijack, hijackthis, hijackthis logfile, internet, internet explorer, intrusion prevention, kaspersky, keine funde, logfile, magix, mozilla, object, plug-in, programm, rundll, rundll32.exe, security, senden, software, symantec, system, systemprozess, virenverdacht, virus, virus ?, vista, windows


« MSN Virus geht nicht weg | Viren ? BitDefender tut nichts »


Ähnliche Themen: rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (11)
  4. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  5. Virus: Win32.Trojan.Agent.KV5KTJ gefunden in Datei: C:\User\xx\AppData\Local\Temp\is1070216317\798896_Setup.EXE
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (11)
  6. DVU Virus entfernt? AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden
    Log-Analyse und Auswertung - 19.12.2012 (20)
  7. AppData/Local/Temp/wgsdgsdgdsgsd.exe nicht gefunden > DVU Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (21)
  8. deo0_sar.exe in der Appdata\local\Temp
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (6)
  9. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 20.04.2012 (10)
  10. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 11.04.2012 (22)
  11. Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Log-Analyse und Auswertung - 06.04.2012 (34)
  12. (2x) Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
    Mülltonne - 06.04.2012 (0)
  13. Virus in C:\Users\Testuser\AppData\Local\Temp\0.46968614682289145.exe
    Plagegeister aller Art und deren Bekämpfung - 06.12.2011 (1)
  14. Avira findet TR/EyeStye.N.1213 unter C:\User\***\AppData\Local\Temp\203.temp
    Log-Analyse und Auswertung - 31.10.2011 (5)
  15. Virus Gen:Variant.Renos.61 unter C:Users\XX\AppData\Local\Temp\
    Log-Analyse und Auswertung - 23.02.2011 (5)
  16. Virus Die Datei 'C:\Users\Florian\AppData\Local\Temp\gjyE7E8.tmp'
    Log-Analyse und Auswertung - 23.11.2010 (8)
  17. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? - Hallo liebes Forum! Nachdem ich gestern mithilfe des Tools Zbot-Killer einen Trojan-Spy.Win32.Zbit von meinem System gelöscht habe, war ich mir ziemlich sicher das mein System nun ''clean'' ist, da ich - rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ?...
Archiv
Du betrachtest: rundll32.exe in AppData/Local/Temp/59181BMP -> VIRUS ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54