Goingonearth Befall & Windows Sicherheitscenter deaktiviert

JoachimH · 20.04.2011, 11:42

Hallo und erst einmal guten Tag an Alle.
Ich habe mir den bekannten Redirecter goingoearth eingefangen und bitte Euch nun mir zu helfen ihn wieder loszuwerden.
Nach einem Download wurde zuerst das Windows Sicherheitscenter deaktiviert und danach konnte in Firefox keine vernünftige suche mit Google durchgeführt werden. Das Ganze eskaliert nun, auch im IE 9 werde ich plötzlich bei Suchanfragen über Google auf irgenwelche Websites umgeleitet.

Ich habe hier das Ergebniss des Scans mit OTL eingefügt.

Im Voraus schon mal besten Dank für Eure Hilfe.

JoachimOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.04.2011 12:30:26 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\j2h.J2H\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 44,00% Memory free
24,00 Gb Paging File | 17,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 68,27 Gb Free Space | 57,30% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 917,45 Gb Free Space | 98,49% Space Free | Partition Type: NTFS
Drive E: | 120,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 367,83 Gb Free Space | 78,98% Space Free | Partition Type: NTFS
Drive M: | 931,51 Gb Total Space | 485,58 Gb Free Space | 52,13% Space Free | Partition Type: NTFS
Drive R: | 4,69 Gb Total Space | 4,69 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: NTZ-B1 | User Name: j2h | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe
PRC - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.17 13:11:38 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.03.07 15:48:19 | 004,886,136 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011.02.21 02:00:00 | 001,770,424 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Programme\ArchiCrypt\ArchiCrypt Ultimate RAM-Disk 3\ACUltimateRamDisk.exe
PRC - [2011.01.26 12:26:48 | 000,573,224 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.01.07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.12.20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010.12.06 17:26:24 | 002,072,576 | ---- | M] (USB Server) -- C:\Program Files (x86)\USB Server 2\USB Server.exe
PRC - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010.10.22 05:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007.01.11 13:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe
MOD - [2010.11.20 04:21:38 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2010.11.20 04:21:38 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2010.11.20 04:20:48 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2010.11.20 04:18:28 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2010.11.20 03:55:10 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010.02.04 20:17:27 | 000,129,984 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp.dll
MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009.07.14 03:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.21 12:21:14 | 000,437,208 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe -- (ArchiCrypt Ultimate RAM-Disk 3)
SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.17 17:00:50 | 000,164,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service)
SRV:64bit: - [2010.08.09 04:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009.12.09 13:48:26 | 000,844,616 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\CleverCache\ooccag.exe -- (O&O CleverCache)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2006.12.05 09:36:32 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcqcoms.exe -- (lxcq_device)
SRV - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 15:41:12 | 002,111,368 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.17 13:11:38 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.02.01 22:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.01.28 21:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2011.01.26 12:26:48 | 000,573,224 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.12.20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.11.11 17:07:30 | 000,784,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\USB Server 2\NPW\NPWService.exe -- (NPWService)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.21 11:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.05 09:36:10 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcqcoms.exe -- (lxcq_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.03.17 13:11:38 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.03.17 13:11:37 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011.03.17 13:11:37 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.03.17 13:11:36 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.02.21 12:21:12 | 000,024,536 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys -- (ACMoFlex64RD3)
DRV:64bit: - [2011.02.16 22:36:37 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.18 12:37:48 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.08 05:12:36 | 000,308,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.23 19:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.06 09:45:46 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.17 12:09:14 | 000,240,128 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUServer64.sys -- (NUServer64)
DRV:64bit: - [2010.09.13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010.09.07 04:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010.09.07 04:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.05.20 16:26:32 | 002,143,600 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.04.07 10:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2010.03.17 10:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.01.28 14:51:28 | 000,030,208 | ---- | M] (Elite Silicon Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NUS_Bus.sys -- (NUS_Bus)
DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.06 11:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenBus.sys -- (EST_BusEnum)
DRV:64bit: - [2009.09.24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009.09.14 15:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.08.05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.07.28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009.07.24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.06.19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009.06.19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009.06.17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009.03.02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2007.11.08 11:29:22 | 000,527,872 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2005.04.13 23:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 3A EB CD C3 D1 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Firefox4.0\components [2011.04.14 16:17:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2011.04.14 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\j2h.J2H\AppData\Roaming\mozilla\Extensions
[2011.04.14 15:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.22 14:53:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.02.22 14:53:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.16 13:18:48 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2011.04.19 11:38:59 | 000,000,100 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t 
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LXCQCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCQtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcqmon.exe] C:\Program Files (x86)\Lexmark 9300 Series\lxcqmon.exe ()
O4:64bit: - HKLM..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI-Grafik\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ACRAMDisk] C:\Program Files\ArchiCrypt\ArchiCrypt Ultimate RAM-Disk 3\ACUltimateRamDisk.exe (Softwareentwicklung Remus - ArchiCrypt)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [USB Server] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.4.22.0.cab (SysInfo Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = j2h.de
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8ea65a46-3dd2-11e0-80f2-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{8ea65a46-3dd2-11e0-80f2-005056c00008}\Shell\AutoRun\command - "" = G:\StartCD.exe
O33 - MountPoints2\{c0b00e94-40b0-11e0-841f-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c0b00e94-40b0-11e0-841f-005056c00008}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.20 12:26:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.20 12:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.20 12:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.04.20 12:21:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\j2h.J2H\Desktop\Erunt-setup.exe
[2011.04.20 12:21:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe
[2011.04.20 12:21:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\TFC.exe
[2011.04.20 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\Application Data
[2011.04.20 08:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
[2011.04.20 08:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON
[2011.04.19 12:36:09 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2011.04.19 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011.04.19 12:08:05 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.04.19 12:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011.04.19 11:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore
[2011.04.19 11:31:24 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\GetRightToGo
[2011.04.16 12:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word
[2011.04.16 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter
[2011.04.16 09:59:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.04.16 09:50:49 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.04.16 09:50:34 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.04.14 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.04.14 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Mozilla
[2011.04.14 16:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefox4.0
[2011.04.14 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011.04.14 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon Translator Removal Tool
[2011.04.14 09:37:32 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\TuneUp Software
[2011.04.14 09:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.04.14 09:37:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.04.13 18:35:51 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Malwarebytes
[2011.04.13 18:35:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.13 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.13 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.13 18:35:44 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.13 18:35:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.13 18:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.13 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.04.13 16:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.04.13 16:06:53 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.04.10 19:04:34 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\assembly
[2011.04.10 18:19:34 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Sanford,_L.P
[2011.04.10 18:19:01 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\DYMO Label
[2011.04.10 18:19:01 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\DYMO
[2011.04.10 18:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO
[2011.04.10 18:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DYMO
[2011.04.10 18:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DYMO
[2011.04.10 18:10:17 | 000,000,000 | R--D | C] -- D:\E_Daten\E_Dokumente\Scanned Documents
[2011.04.10 18:10:16 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Fax
[2011.04.10 18:07:51 | 000,000,000 | ---D | C] -- C:\Programme\Lx_cats
[2011.04.10 18:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Lexmark 9300 Series
[2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Toolbar
[2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 9300 Series
[2011.04.10 18:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 9300 Series
[2011.04.10 18:07:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqserv.dll
[2011.04.10 18:07:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqusb1.dll
[2011.04.10 18:07:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqhbn3.dll
[2011.04.10 18:07:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcomc.dll
[2011.04.10 18:07:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqpmui.dll
[2011.04.10 18:07:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqlmpm.dll
[2011.04.10 18:07:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcoms.exe
[2011.04.10 18:07:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcomm.dll
[2011.04.10 18:07:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqinpa.dll
[2011.04.10 18:07:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqiesc.dll
[2011.04.10 18:07:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqih.exe
[2011.04.10 18:07:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqcfg.exe
[2011.04.10 18:07:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqppls.exe
[2011.04.10 18:07:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqprox.dll
[2011.04.10 18:07:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcqpplc.dll
[2011.04.10 18:07:13 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqserv.dll
[2011.04.10 18:07:13 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqusb1.dll
[2011.04.10 18:07:13 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcomc.dll
[2011.04.10 18:07:13 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqhbn3.dll
[2011.04.10 18:07:13 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcoms.exe
[2011.04.10 18:07:13 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqlmpm.dll
[2011.04.10 18:07:13 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqpmui.dll
[2011.04.10 18:07:13 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\LXCQhcp.dll
[2011.04.10 18:07:13 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcomm.dll
[2011.04.10 18:07:13 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqinpa.dll
[2011.04.10 18:07:13 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqcfg.exe
[2011.04.10 18:07:13 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqih.exe
[2011.04.10 18:07:13 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqiesc.dll
[2011.04.10 18:07:13 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqprox.dll
[2011.04.10 18:07:13 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxcqpplc.dll
[2011.04.10 17:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung CLP-300 Series
[2011.04.10 17:55:14 | 000,151,552 | ---- | C] (SS) -- C:\Windows\SysNative\SUGG1ci.exe
[2011.04.10 17:55:14 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\SUGG1ci.dll
[2011.04.10 17:54:50 | 000,053,816 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SysNative\drivers\DGIVECP.SYS
[2011.04.10 17:54:50 | 000,011,576 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\drivers\SSPORT.SYS
[2011.04.10 17:39:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.04.10 17:39:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011.04.10 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series
[2011.04.10 17:39:31 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ
[2011.04.10 17:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Server 2
[2011.04.10 17:08:16 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\USB Server
[2011.04.10 17:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Server 2
[2011.04.08 19:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011.04.05 16:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
[2011.04.05 16:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealVNC
[2011.04.05 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\UltraVNC
[2011.04.05 11:30:22 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Xen
[2011.04.05 00:02:43 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Citrix
[2011.04.05 00:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2011.03.31 12:36:08 | 000,000,000 | ---D | C] -- D:\E_Daten\E_Dokumente\Xilisoft Corporation
[2011.03.30 17:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011.03.30 17:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011.03.30 17:22:13 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Download Manager
[2011.03.30 16:44:21 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.03.30 08:57:21 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2011.03.30 08:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.03.30 08:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.03.29 12:56:10 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Stardock
[2011.03.29 12:56:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011.03.29 12:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CursorFX
[2011.03.29 12:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2011.03.29 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.03.29 12:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.03.29 12:26:06 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Local\Google
[2011.03.29 12:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.03.24 15:51:21 | 000,000,000 | ---D | C] -- C:\Users\j2h.J2H\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2011.03.24 15:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ArchiCrypt Ultimate RAM-Disk
[2011.03.24 15:51:13 | 000,437,208 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe
[2011.03.24 15:51:13 | 000,170,968 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt.com) -- C:\Windows\SysNative\ACMFEngine64RD3.dll
[2011.03.24 15:51:13 | 000,024,536 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt.com) -- C:\Windows\SysNative\drivers\ACMoFlex64RD3.sys
[2011.03.24 15:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAM-Disk 3
[2011.03.24 15:51:05 | 000,000,000 | ---D | C] -- C:\Programme\ArchiCrypt
[2011.03.24 15:24:56 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2011.03.24 15:21:50 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2011.03.24 15:11:07 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2011.03.24 15:11:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2011.03.24 15:11:07 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2011.03.24 15:11:07 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2011.03.24 15:11:07 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2011.03.24 15:11:07 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2011.03.24 10:34:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.20 12:31:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 12:31:13 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 12:28:13 | 001,621,772 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.20 12:28:13 | 000,700,288 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.20 12:28:13 | 000,655,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.20 12:28:13 | 000,149,084 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.20 12:28:13 | 000,121,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.20 12:25:06 | 000,000,924 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\NTREGOPT.lnk
[2011.04.20 12:25:06 | 000,000,905 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\ERUNT.lnk
[2011.04.20 12:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.20 12:23:54 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 12:21:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\j2h.J2H\Desktop\Erunt-setup.exe
[2011.04.20 12:21:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\OTL.exe
[2011.04.20 12:21:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\j2h.J2H\Desktop\TFC.exe
[2011.04.20 12:19:05 | 000,377,260 | ---- | M] () -- C:\Users\j2h.J2H\Desktop\Load.exe
[2011.04.20 12:06:34 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.04.20 11:05:54 | 000,020,675 | ---- | M] () -- C:\Users\j2h.J2H\.recently-used.xbel
[2011.04.20 08:07:10 | 112,847,303 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011.04.19 12:08:05 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.04.19 11:38:59 | 000,000,100 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.04.19 11:32:13 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys
[2011.04.16 10:01:26 | 000,456,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.15 18:44:41 | 000,002,058 | -H-- | M] () -- D:\E_Daten\E_Dokumente\Default.rdp
[2011.04.14 09:51:31 | 000,000,000 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.04.14 09:01:59 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.04.14 09:01:59 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.04.13 19:05:02 | 000,000,000 | RHS- | M] () -- C:\Windows\wininit.ini
[2011.04.13 15:23:02 | 000,123,392 | RHS- | M] () -- C:\Windows\SysWow64\MSAC3ENCX.dll
[2011.04.10 18:07:45 | 000,019,148 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011.03.29 09:59:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.03.26 16:36:48 | 001,872,355 | ---- | M] () -- D:\E_Daten\E_Dokumente\wa24neu.pdf
[2011.03.26 15:56:48 | 000,002,012 | ---- | M] () -- D:\E_Daten\E_Dokumente\ntzsrv(Intern).RDP
[2011.03.24 17:45:43 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.ini
 
========== Files Created - No Company Name ==========
 
[2011.04.20 12:25:06 | 000,000,924 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\NTREGOPT.lnk
[2011.04.20 12:25:06 | 000,000,905 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\ERUNT.lnk
[2011.04.20 12:19:25 | 000,377,260 | ---- | C] () -- C:\Users\j2h.J2H\Desktop\Load.exe
[2011.04.20 11:05:54 | 000,020,675 | ---- | C] () -- C:\Users\j2h.J2H\.recently-used.xbel
[2011.04.19 12:01:03 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.04.19 11:32:13 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys
[2011.04.16 09:51:03 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.04.16 09:50:48 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.04.16 09:50:40 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011.04.16 09:50:35 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.04.16 09:50:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.04.16 09:50:35 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.04.16 09:50:35 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.04.14 16:17:19 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.14 08:59:34 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.04.14 08:59:34 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.04.13 19:05:02 | 000,000,000 | RHS- | C] () -- C:\Windows\wininit.ini
[2011.04.13 15:23:02 | 000,123,392 | RHS- | C] () -- C:\Windows\SysWow64\MSAC3ENCX.dll
[2011.04.10 18:07:29 | 000,000,031 | ---- | C] () -- C:\Windows\SysNative\lxcqrwrd.ini
[2011.04.10 18:07:27 | 002,468,096 | ---- | C] () -- C:\Windows\SysWow64\lxcqhelp.chm
[2011.04.10 18:07:27 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\lxcqcomx.dll
[2011.04.10 18:07:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCQinst.dll
[2011.04.10 18:07:27 | 000,001,922 | ---- | C] () -- C:\Windows\SysWow64\lxcq.loc
[2011.04.10 18:07:13 | 002,468,096 | ---- | C] () -- C:\Windows\SysNative\lxcqhelp.chm
[2011.04.10 18:07:13 | 000,294,400 | ---- | C] () -- C:\Windows\SysNative\lxcqgrd.dll
[2011.04.10 18:07:13 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXCQinst.dll
[2011.04.10 18:07:13 | 000,019,148 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2011.04.10 18:07:13 | 000,001,922 | ---- | C] () -- C:\Windows\SysNative\lxcq.loc
[2011.04.10 17:55:14 | 000,022,016 | ---- | C] () -- C:\Windows\SysNative\SUGG1l6.DLL
[2011.04.10 17:55:14 | 000,000,411 | ---- | C] () -- C:\Windows\SysNative\SUGG1l6.SMT
[2011.04.05 00:02:33 | 000,002,164 | ---- | C] () -- C:\Users\j2h.J2H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix XenCenter.lnk
[2011.03.30 17:26:38 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.30 17:26:37 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.30 17:26:37 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.29 09:59:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011.03.26 16:36:47 | 001,872,355 | ---- | C] () -- D:\E_Daten\E_Dokumente\wa24neu.pdf
[2011.03.26 15:56:48 | 000,002,012 | ---- | C] () -- D:\E_Daten\E_Dokumente\ntzsrv(Intern).RDP
[2011.03.24 17:39:21 | 000,010,240 | ---- | C] () -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.ini
[2011.03.17 14:02:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.15 15:56:39 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.03.01 19:54:03 | 000,008,192 | ---- | C] () -- C:\Users\j2h.J2H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.21 16:50:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.02.21 15:28:21 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.02.21 15:26:07 | 001,650,006 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.21 14:38:36 | 000,003,078 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.21 12:58:25 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.02.21 12:58:20 | 000,036,283 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.26 18:24:18 | 000,015,497 | ---- | C] () -- C:\Windows\VX6KStd.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.08.26 16:26:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pt243F.DLL
 
========== LOP Check ==========
 
[2011.03.17 13:09:23 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Acronis
[2011.03.24 15:51:21 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\ArchiCrypt Ultimate RAM-Disk3
[2011.02.21 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Artisteer
[2011.02.21 16:59:19 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\AVG10
[2011.04.05 00:02:45 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Citrix
[2011.04.07 10:44:56 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\FileZilla
[2011.04.19 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\GetRightToGo
[2011.04.20 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\gtk-2.0
[2011.02.21 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Leadertech
[2011.03.01 19:53:00 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\Samsung
[2011.02.21 17:14:06 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\SWiSH Max4 DEU
[2011.03.04 13:25:14 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\TeamViewer
[2011.04.14 09:37:32 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\TuneUp Software
[2011.04.10 17:28:17 | 000,000,000 | ---D | M] -- C:\Users\j2h.J2H\AppData\Roaming\USB Server
[2011.04.14 14:08:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.02.21 17:18:14 | 000,000,000 | -H-D | M] -- C:\$AVG
[2011.02.21 14:33:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.21 15:13:31 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.19 12:36:09 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.20 12:25:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.04.19 12:00:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.21 12:49:12 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.13 19:43:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.04.13 16:34:09 | 000,000,000 | ---D | M] -- C:\Temp
[2011.03.24 15:11:02 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.20 12:26:24 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

--- --- ---

Entschuldigung, Dieses postuing kann gelöscht werden. Ich war etwas zu ungeduldig.

Aber mit dem redirecten ...

**Da GuRu** · 20.04.2011, 14:22

hier gehts weiter: http://www.trojaner-board.de/97746-g...aktiviert.html

20.04.2011, 14:22	#2
Da GuRu Administrator /// technical service	Goingonearth Befall & Windows Sicherheitscenter deaktiviert hier gehts weiter: http://www.trojaner-board.de/97746-g...aktiviert.html __________________

Goingonearth Befall & Windows Sicherheitscenter deaktiviert

Mülltonne: Goingonearth Befall & Windows Sicherheitscenter deaktiviert

Goingonearth Befall & Windows Sicherheitscenter deaktiviert

Goingonearth Befall & Windows Sicherheitscenter deaktiviert

Ähnliche Themen: Goingonearth Befall & Windows Sicherheitscenter deaktiviert