| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win.32/Sirefef.0 - Starker VirenbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.11.2011, 22:41
| #16 |
 |  Win.32/Sirefef.0 - Starker Virenbefall Hier ist der Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.11.2011 21:29:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Heimanwender\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,29% Memory free
4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 67,47 Gb Free Space | 22,24% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 71,67 Gb Free Space | 47,56% Space Free | Partition Type: NTFS
Drive E: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PAUL-PC | User Name: Heimanwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Heimanwender\Desktop\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
PRC - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Program Files\Trust\Trust R-Series Mouse\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe (UASSOFT.COM)
PRC - C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe (UASSOFT.COM)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Trust\Trust R-Series Mouse\keydll.dll ()
MOD - C:\Program Files\Trust\Trust R-Series Mouse\MouseHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (BRS_WebWeaver) -- File not found
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (Bandoo Coordinator) -- C:\Program Files\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SearchAnonymizer) -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (KMWDSERVICE) -- C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe (UASSOFT.COM)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (FirebirdServerMAGIXInstance) -- D:\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (XDva385) -- C:\Windows\System32\XDva385.sys (www.wiselogic.co.kr)
DRV - (XDva359) -- C:\Windows\System32\XDva359.sys (www.wiselogic.co.kr)
DRV - (XDva349) -- C:\Windows\System32\XDva349.sys (www.wiselogic.co.kr)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (KMWDFilter) -- C:\Windows\System32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (AVG Anti-Rootkit) -- C:\Windows\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (AvgArCln) -- C:\Windows\System32\drivers\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://kinder.computerbild.de/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.gidf.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {516611E5-D9A6-49c6-8065-82FB5EDAA56D}:1.0.15
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11089.229
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: ffox@bandoo.com:5.1
FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11222.991
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Heimanwender\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.19 17:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.28 14:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{516611E5-D9A6-49c6-8065-82FB5EDAA56D}: C:\Program Files\J3S\COMPUTERBILD-Suchmaschine\\Firefox [2009.04.17 10:21:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Heimanwender\Program Files\DNA [2011.02.05 10:47:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles/do5h50q1.default\extensions\ffox@bandoo.com [2011.07.30 10:22:29 | 000,000,000 | ---D | M]
[2011.07.30 10:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Extensions
[2011.10.31 09:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions
[2011.03.08 12:38:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 10:21:27 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.09.25 17:12:20 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.09.25 17:12:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\engine@conduit.com
[2011.07.30 10:22:29 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\ffox@bandoo.com
[2010.12.15 15:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\conduit.xml
[2011.07.30 10:20:49 | 000,002,501 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\SearchResults.xml
[2011.09.25 11:47:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.10.18 14:04:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.03.05 18:55:41 | 000,000,000 | ---D | M] (Eazel-DE Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}
[2009.04.18 17:28:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.25 11:47:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.07.24 10:54:19 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011.05.13 06:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.07.29 11:15:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008.10.18 14:04:21 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009.04.17 10:21:36 | 000,000,000 | ---D | M] (COMPUTERBILD-Suchmaschine) -- C:\PROGRAM FILES\J3S\COMPUTERBILD-SUCHMASCHINE\\FIREFOX
[2011.07.30 10:21:38 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.04.19 17:07:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.02.05 10:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\HEIMANWENDER\PROGRAM FILES\DNA
[2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.07.29 11:14:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.03 15:31:51 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.30 10:20:49 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Video Viewer = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejgnnjohnpljeijfendiiafgpaenbip\0.0.11_0\
CHR - Extension: AdBlock = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Digital Clock (IIsi's low-memory version) = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgkhmaaifnednibcengdengamkllpppb\0.99.6.10_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Yulia Brodskaya = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0\
CHR - Extension: Smooth Gestures = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.5_0\
O1 HOSTS File: ([2011.11.02 16:50:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyPlayCity Toolbar) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPlayCity Toolbar) - {4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - C:\Program Files\MyPlayCity\tbMyPl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Schnellstartdatei.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECF74737-19F9-41E3-BF34-F480C2D15905}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) -c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - No CLSID value found.
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.09 03:17:43 | 000,419,088 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:11:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:17:41 | 009,912,320 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2009.09.09 02:54:34 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{6F624D8E-63C8-41EB-BD6F-1AD0A6C36756} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.11.02 21:26:39 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Heimanwender\Desktop\OTL (4).exe
[2011.11.02 17:37:11 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (8).exe
[2011.11.02 17:11:28 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\Desktop\osma
[2011.11.02 16:50:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.02 16:47:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.11.02 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Local\temp
[2011.11.02 15:46:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.02 07:10:21 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (7).exe
[2011.11.01 19:02:46 | 000,100,864 | ---- | C] (GMER) -- C:\kwtdapod.sys
[2011.11.01 19:00:59 | 002,437,632 | ---- | C] (Codejock Software) -- C:\Users\Heimanwender\Desktop\ToolkitPro1211vc80U.dll
[2011.11.01 19:00:59 | 001,392,640 | ---- | C] (Online Solutions) -- C:\Users\Heimanwender\Desktop\osam_gui.dll
[2011.11.01 19:00:59 | 001,093,632 | ---- | C] (Online Solutions) -- C:\Users\Heimanwender\Desktop\osam_srv.dll
[2011.10.31 19:59:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.10.31 17:04:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.31 17:04:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.31 17:04:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.31 17:03:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.10.31 17:03:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.10.31 16:56:24 | 004,280,506 | R--- | C] (Swearware) -- C:\Users\Heimanwender\Desktop\ComboFix.exe
[2011.10.31 14:21:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.10.31 10:28:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.31 10:27:57 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Roaming\Malwarebytes
[2011.10.31 10:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.31 10:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.31 10:27:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.31 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.31 09:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.30 19:55:34 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.10.30 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.30 16:36:28 | 000,000,000 | -HSD | C] -- C:\Users\Heimanwender\AppData\Local\aa319330
[2011.10.30 12:47:21 | 002,556,672 | ---- | C] (Piriform Ltd) -- C:\Users\Heimanwender\Desktop\rcsetup141.exe
[2011.10.28 19:24:14 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.10.28 19:24:14 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.10.28 10:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011.10.25 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\Desktop\Kollegag - Bossaura
[2011.10.22 11:24:06 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empires Die Neuzeit
[2011.10.22 11:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011.10.21 08:05:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.10.15 23:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.15 23:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.15 23:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009.04.09 11:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Heimanwender\AppData\Local\*.tmp files -> C:\Users\Heimanwender\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.02 21:55:49 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEFB8120-03F7-4A62-97E0-02B526E3D8C1}.job
[2011.11.02 21:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.02 21:26:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Heimanwender\Desktop\OTL (4).exe
[2011.11.02 21:02:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 21:02:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 17:37:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (8).exe
[2011.11.02 17:30:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.02 17:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.02 17:02:29 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.02 16:50:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.11.02 15:43:14 | 004,280,506 | R--- | M] (Swearware) -- C:\Users\Heimanwender\Desktop\ComboFix.exe
[2011.11.02 07:17:41 | 000,000,512 | ---- | M] () -- C:\Users\Heimanwender\Desktop\MBR.dat
[2011.11.02 07:10:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (7).exe
[2011.11.01 23:13:03 | 000,069,632 | ---- | M] () -- C:\Windows\System32\FreezeScreenSaver.exe
[2011.11.01 22:36:21 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Local\{2255C80B-E32B-4B44-8AB3-711604149D3A}
[2011.11.01 22:35:34 | 000,039,800 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.11.01 21:03:31 | 001,916,416 | ---- | M] () -- C:\Users\Heimanwender\Desktop\aswMBR (6).exe
[2011.11.01 19:33:41 | 000,074,840 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.01 19:33:41 | 000,024,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.01 19:33:41 | 000,020,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.01 19:33:41 | 000,011,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.01 19:32:46 | 001,916,416 | ---- | M] () -- C:\Users\Heimanwender\Desktop\aswMBR.exe
[2011.11.01 19:02:46 | 000,100,864 | ---- | M] (GMER) -- C:\kwtdapod.sys
[2011.11.01 07:15:16 | 000,013,844 | ---- | M] () -- C:\Users\Heimanwender\Desktop\geo.odt
[2011.10.31 17:57:34 | 000,315,588 | ---- | M] () -- C:\log.html
[2011.10.31 17:00:54 | 000,436,264 | ---- | M] () -- C:\Users\Heimanwender\Desktop\Unbenannt.jpg
[2011.10.31 16:22:55 | 000,014,314 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\wklnhst.dat
[2011.10.31 13:20:08 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.10.31 11:54:44 | 000,443,457 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.10.31 11:54:44 | 000,033,782 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.10.31 10:35:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.31 10:34:19 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 10:26:16 | 000,020,782 | ---- | M] () -- C:\Users\Heimanwender\Desktop\cc_20111031_102546.reg
[2011.10.30 17:34:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.10.30 16:29:12 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.30 16:29:02 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.10.30 16:08:07 | 000,006,539 | ---- | M] () -- C:\Users\Heimanwender\.recently-used.xbel
[2011.10.30 15:59:02 | 000,001,356 | ---- | M] () -- C:\Users\Heimanwender\AppData\Local\d3d9caps.dat
[2011.10.30 12:47:33 | 002,556,672 | ---- | M] (Piriform Ltd) -- C:\Users\Heimanwender\Desktop\rcsetup141.exe
[2011.10.28 10:19:40 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\AVSDVDPlayer.m3u
[2011.10.24 18:54:48 | 000,000,769 | ---- | M] () -- C:\Windows\Edofma.INI
[2011.10.22 11:00:14 | 000,022,828 | ---- | M] () -- C:\Users\Heimanwender\Documents\cc_20111022_120009.reg
[2011.10.17 21:18:04 | 000,002,384 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.10.06 19:16:53 | 000,000,973 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Heimanwender\AppData\Local\*.tmp files -> C:\Users\Heimanwender\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.02 07:17:41 | 000,000,512 | ---- | C] () -- C:\Users\Heimanwender\Desktop\MBR.dat
[2011.11.01 23:11:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.01 22:36:21 | 000,000,000 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\{2255C80B-E32B-4B44-8AB3-711604149D3A}
[2011.11.01 21:03:45 | 001,916,416 | ---- | C] () -- C:\Users\Heimanwender\Desktop\aswMBR (6).exe
[2011.11.01 19:32:33 | 001,916,416 | ---- | C] () -- C:\Users\Heimanwender\Desktop\aswMBR.exe
[2011.11.01 19:00:59 | 000,372,736 | ---- | C] () -- C:\Users\Heimanwender\Desktop\osam.exe
[2011.11.01 07:15:15 | 000,013,844 | ---- | C] () -- C:\Users\Heimanwender\Desktop\geo.odt
[2011.10.31 19:18:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FreezeScreenSaver.exe
[2011.10.31 17:04:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.10.31 17:04:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.10.31 17:04:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.10.31 17:04:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.10.31 17:04:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.10.31 17:00:54 | 000,436,264 | ---- | C] () -- C:\Users\Heimanwender\Desktop\Unbenannt.jpg
[2011.10.31 10:27:49 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 10:26:12 | 000,020,782 | ---- | C] () -- C:\Users\Heimanwender\Desktop\cc_20111031_102546.reg
[2011.10.30 21:26:39 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.30 17:34:00 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.10.30 16:08:07 | 000,006,539 | ---- | C] () -- C:\Users\Heimanwender\.recently-used.xbel
[2011.10.22 11:00:12 | 000,022,828 | ---- | C] () -- C:\Users\Heimanwender\Documents\cc_20111022_120009.reg
[2011.10.06 19:16:53 | 000,000,973 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.09.28 17:22:07 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.09.28 17:22:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.09.25 09:59:37 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2011.07.30 10:22:25 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011.07.25 09:21:10 | 000,443,457 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.07.03 11:58:20 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.03.21 22:58:44 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.21 22:58:44 | 000,138,056 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\PnkBstrK.sys
[2011.03.21 22:58:27 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.21 22:58:23 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.02.20 12:11:29 | 000,029,184 | ---- | C] () -- C:\Windows\System32\Suorprop.dll
[2010.09.17 17:16:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.09.17 17:14:16 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.05.03 21:48:49 | 000,002,384 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.27 22:17:56 | 019,304,448 | ---- | C] () -- C:\Program Files\IBM Lotus Symphony.msi
[2009.10.27 22:17:56 | 000,133,120 | ---- | C] () -- C:\Program Files\1031.MST
[2009.06.12 19:34:39 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.06.12 19:34:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.06.12 19:30:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.06.12 19:25:22 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.06.06 17:30:48 | 000,000,100 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\fusioncache.dat
[2009.05.24 18:09:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.19 12:59:24 | 000,001,356 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\d3d9caps.dat
[2009.04.09 11:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.04.09 11:27:10 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2009.03.08 10:00:47 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2009.02.27 14:35:22 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2009.01.18 17:45:41 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.10.18 14:04:18 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat
[2008.10.08 05:43:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.08 05:43:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.05 14:10:21 | 000,000,124 | ---- | C] () -- C:\Windows\System32\ctlsw.ini
[2008.10.05 14:10:21 | 000,000,023 | ---- | C] () -- C:\Windows\System32\swctl.dll
[2008.09.21 12:39:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.09.20 16:50:23 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.09.20 16:50:23 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.09.20 16:50:23 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.09.20 16:50:23 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.09.20 16:50:23 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.09.06 08:43:27 | 000,102,912 | ---- | C] () -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2008.09.02 16:53:52 | 000,024,064 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\UserTile.png
[2008.08.19 23:05:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.08 09:30:06 | 000,000,086 | -H-- | C] () -- C:\Users\Heimanwender\AppData\Roaming\vispa.ini
[2008.08.06 15:29:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.08.05 15:38:44 | 000,153,397 | ---- | C] () -- C:\Windows\Elbenstern Mod V.5.0 German Uninstaller.exe
[2008.08.04 15:00:43 | 000,000,552 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\d3d8caps.dat
[2008.08.04 11:19:51 | 000,000,769 | ---- | C] () -- C:\Windows\Edofma.INI
[2008.07.29 11:04:29 | 000,000,000 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\AVSDVDPlayer.m3u
[2008.07.29 11:03:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.07.29 11:03:44 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.07.29 10:58:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.06.24 14:15:26 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008.05.31 20:38:43 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.29 18:58:56 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008.05.27 16:46:05 | 000,014,314 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\wklnhst.dat
[2008.05.23 12:35:41 | 000,036,864 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.20 12:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.20 12:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,074,840 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 16:33:31 | 000,020,752 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,856,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:33:01 | 000,024,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,011,996 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.02.07 03:07:17 | 000,208,896 | ---- | C] () -- C:\Windows\drempels.exe
[2001.04.21 01:01:00 | 000,421,888 | ---- | C] () -- C:\Windows\System32\imgdecoder.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2011.09.28 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\.minecraft
[2009.04.17 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AntiBrowserSpy 2009
[2011.02.25 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AnvSoft
[2011.02.09 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Any Video Converter
[2011.09.25 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ashampoo
[2011.09.08 06:19:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\avidemux
[2011.07.31 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bandoo
[2011.09.25 13:51:15 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\BitTorrent
[2009.06.23 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\biu software
[2009.07.12 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bump Technologies, Inc
[2010.02.05 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bytemobile
[2009.10.26 22:44:06 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Copernic
[2011.02.04 23:07:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DNA
[2011.11.02 17:04:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Dropbox
[2010.01.05 06:47:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\FOG Downloader
[2011.11.02 17:33:16 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\foobar2000
[2008.11.12 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\GrabPro
[2011.10.24 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\gtk-2.0
[2011.01.14 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ
[2009.09.14 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de
[2008.08.06 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\k23 productions
[2010.07.03 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Leadertech
[2009.10.16 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\LG Electronics
[2010.09.17 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\MAGIX
[2011.04.06 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Maxthon3
[2011.09.25 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\McLoad
[2009.02.06 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.10.11 08:21:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerdeâ„¢ II-Dateien
[2010.10.11 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2008.05.29 13:23:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\NCH Swift Sound
[2009.09.14 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OCS
[2008.09.07 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Opera
[2008.12.19 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Orbit
[2008.09.02 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\PeerNetworking
[2008.08.15 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\qliner
[2009.06.05 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Soldat
[2011.07.03 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Sony
[2009.09.14 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\soul.im
[2009.05.10 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Stardock
[2011.01.29 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\SYDATEC
[2008.05.27 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Template
[2009.01.25 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TERMINAL Studio
[2008.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Thunderbird
[2011.09.25 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TS3Client
[2008.07.02 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TuneUp Software
[2011.04.20 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Twaintree
[2010.02.03 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Vodafone
[2008.07.29 11:00:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Windows-Optimierer
[2011.11.02 17:01:08 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.02 21:55:49 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEFB8120-03F7-4A62-97E0-02B526E3D8C1}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.28 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\.minecraft
[2010.09.05 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Adobe
[2008.06.16 17:40:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ahead
[2009.04.17 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AntiBrowserSpy 2009
[2011.02.25 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AnvSoft
[2011.02.09 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Any Video Converter
[2009.04.19 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Apple Computer
[2011.09.25 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ashampoo
[2011.09.08 06:19:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\avidemux
[2009.04.23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AVS4YOU
[2011.07.31 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bandoo
[2011.09.25 13:51:15 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\BitTorrent
[2009.06.23 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\biu software
[2009.06.12 20:55:30 | 000,000,000 | R--D | M] -- C:\Users\Heimanwender\AppData\Roaming\Brother
[2009.07.12 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bump Technologies, Inc
[2010.02.05 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bytemobile
[2009.10.26 22:44:06 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Copernic
[2009.04.24 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DivX
[2011.02.04 23:07:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DNA
[2011.11.02 17:04:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Dropbox
[2011.02.26 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\dvdcss
[2010.01.05 06:47:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\FOG Downloader
[2011.11.02 17:33:16 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\foobar2000
[2008.06.13 17:43:47 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Google
[2008.11.12 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\GrabPro
[2011.10.24 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\gtk-2.0
[2011.01.14 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ
[2009.09.14 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de
[2008.05.22 11:35:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Identities
[2009.05.11 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\InstallShield
[2008.08.06 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\k23 productions
[2010.07.03 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Leadertech
[2009.10.16 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\LG Electronics
[2008.06.06 20:41:18 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Macromedia
[2010.09.17 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\MAGIX
[2011.10.31 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Malwarebytes
[2011.04.06 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Maxthon3
[2011.09.25 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\McLoad
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Media Center Programs
[2009.02.06 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.10.11 08:21:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerdeâ„¢ II-Dateien
[2010.10.11 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.03.31 19:39:08 | 000,000,000 | --SD | M] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft
[2008.05.31 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft Web Folders
[2009.04.07 12:21:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Move Networks
[2011.03.08 10:59:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Mozilla
[2008.05.29 13:23:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\NCH Swift Sound
[2009.09.14 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OCS
[2011.11.02 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OpenOffice.org2
[2008.09.07 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Opera
[2008.12.19 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Orbit
[2008.09.02 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\PeerNetworking
[2008.08.15 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\qliner
[2011.04.19 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Real
[2009.09.29 14:33:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Real Desktop
[2011.05.15 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Skype
[2011.03.30 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\skypePM
[2009.06.05 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Soldat
[2011.07.03 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Sony
[2009.09.14 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\soul.im
[2009.05.10 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Stardock
[2011.01.29 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\SYDATEC
[2008.10.18 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Talkback
[2010.05.03 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\teamspeak2
[2008.05.27 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Template
[2009.01.25 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TERMINAL Studio
[2008.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Thunderbird
[2011.09.25 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TS3Client
[2008.07.02 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TuneUp Software
[2011.04.20 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Twaintree
[2011.10.31 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\vlc
[2010.02.03 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Vodafone
[2008.07.29 11:00:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Windows-Optimierer
[2009.06.06 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\WinRAR
[2011.03.05 11:32:04 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Xfire
[2010.08.11 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Yahoo!
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.04.19 21:19:40 | 000,577,536 | ---- | M] (ICQ-Tools.de) -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de\soul.im\soul.im.exe
[2008.06.23 17:52:25 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{09883A2B-9EAD-4D5C-883E-1547B5684917}\_FB3565632F2DCA02005764.exe
[2009.06.12 19:26:32 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
[2009.06.23 16:10:23 | 000,003,638 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}\_04AE388B2FA7C658E82E73.exe
[2009.06.23 16:10:23 | 000,003,638 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}\_6FEFF9B68218417F98F549.exe
[2008.07.29 10:53:19 | 002,363,392 | R--- | M] (OpenOffice.org) -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{46008F4B-A8C3-4282-ACE3-73821F860911}\soffice.exe
[2009.09.14 19:34:15 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_303D932F2F972F174D4C6F.exe
[2009.09.14 19:34:15 | 000,016,958 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_3CFE6638DB12047D0458FB.exe
[2009.09.14 19:34:15 | 000,016,958 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_574DBDB84D6A662B3B934C.exe
[2009.09.14 19:34:15 | 000,001,150 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_5F449BBB7B2E0D75770F96.exe
[2008.05.22 11:37:41 | 000,008,704 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe
[2009.04.07 12:21:49 | 000,034,062 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2009.09.14 19:34:31 | 000,102,400 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2009.09.14 19:34:31 | 000,040,960 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2009.12.10 19:25:36 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.12.11 10:10:02 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2010.05.30 20:14:25 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2011.01.21 18:22:58 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2010.03.25 11:08:26 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\chr\ChromeInstaller.exe
[2010.10.22 18:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\chr_helper\LaunchHelper.exe
[2010.05.13 12:09:52 | 000,220,272 | ---- | M] (Google Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010.10.22 18:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\gtb_helper\LaunchHelper.exe
[2010.12.11 19:10:35 | 026,454,672 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\rp\RealPlayer_de.exe
[2011.10.25 08:31:29 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.10.25 11:32:12 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.10.25 11:31:47 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2011.04.20 18:56:44 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Twaintree\torcat.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2007.11.03 00:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007.11.03 00:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.11.03 00:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2007.11.03 00:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 00:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.04.25 00:52:33 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.04.25 00:52:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.04.25 00:52:34 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.04.25 00:52:42 | 016,478,208 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.04.25 00:52:44 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV608.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV596.AVI:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >
|
|
02.11.2011, 22:57
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win.32/Sirefef.0 - Starker VirenbefallZitat:
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung. mach danach bitte ein neues OTL-Log wie eben.
__________________ |
|
02.11.2011, 23:17
| #18 |
| | Win.32/Sirefef.0 - Starker Virenbefall Keiner dieser Toolbars habe ich einzeln und manuell installiert. Ich nehme an, dass sie mehr oder weniger so untergejubelt wurden, wie du es bereits gesagt hast.
__________________Die Toolbars verbrauchen keine Rechenleistung, nahezu keinen Speicherplatz und sind nicht auf Google Chrome installiert, mit dem ich primär unterwegs bin, sodass sie eigentlich nicht stören. Wenn du es wünschst, deinstalliere ich die Toolbars gerne, gebrauchen kann ich sie genauso wenig. Neuer Log kommt morgen. Ist es eigentlich ratsam beim Quickscan LOP-Prüfung und Purity-Prüfung aktiviert und die Extra-Registrierung deaktiviert zu haben? |
|
03.11.2011, 10:32
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Mach bitte einfach den OTL CustomScan wie in der Anleitung wenn die Toolbars deinstalliert wurden.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.11.2011, 21:46
| #20 |
| | Win.32/Sirefef.0 - Starker Virenbefall Alle unnötigen Programme wurden nun deinstalliert. Bei GData scheint Compofix Teile der Installationsdateien gelöscht zu haben, darum werde ich das ganze morgen neu installieren. Heute habe ich zwischenzeitlich einen Versuch mit Avira gewagt und konnte feststellen, dass sich das Programm nun wieder im vollen Umfang bedienen lässt (Virenscanner etc.). Diese Gelegenheit nutze ich auch gleich um eine Systemüberprüfung vorzunehmen, deren Ergebnis ich morgen, zusammen mit der Log-Datei von OTL veröffentliche. |
|
03.11.2011, 21:56
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Nein lass GDATA weg, nicht neu installieren! Du hast jetzt AntiVir! Außerdem find ich das nicht gerade clever Programme rauf und runter zu installieren, wenn wir hier beim Analysieren und bereinigen sind! Du solltest einfach nur die Toolbars deinstallieren und ein neues OTL-Log machen
__________________ --> Win.32/Sirefef.0 - Starker Virenbefall |
|
05.11.2011, 12:30
| #22 |
| | Win.32/Sirefef.0 - Starker Virenbefall OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.11.2011 11:30:42 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Heimanwender\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,16% Memory free
4,24 Gb Paging File | 3,12 Gb Available in Paging File | 73,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 68,66 Gb Free Space | 22,63% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 71,67 Gb Free Space | 47,56% Space Free | Partition Type: NTFS
Drive E: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PAUL-PC | User Name: Heimanwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.11.05 11:26:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Heimanwender\Desktop\OTL (5).exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,359,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.07.15 10:40:22 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.07.15 10:38:38 | 001,047,040 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2011.05.28 05:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011.05.25 15:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2011.04.19 17:00:49 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010.10.22 01:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe
PRC - [2010.02.03 11:40:16 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009.09.14 19:34:31 | 000,040,960 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.26 16:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007.06.08 23:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
PRC - [2007.06.08 10:19:22 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMCONFIG.exe
PRC - [2007.06.04 14:20:38 | 000,065,536 | ---- | M] () -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2007.04.04 10:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
PRC - [2007.03.06 13:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
========== Modules (No Company Name) ==========
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007.03.29 11:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Trust\Trust R-Series Mouse\keydll.dll
MOD - [2005.05.04 18:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files\Trust\Trust R-Series Mouse\MouseHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (BRS_WebWeaver)
SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl)
SRV - [2011.10.28 19:24:11 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,359,424 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.15 10:38:38 | 001,047,040 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.07.15 10:35:34 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.07.08 07:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.05.25 15:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.02.03 11:40:16 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009.11.12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.09.14 19:34:31 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.08 23:23:50 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007.06.04 14:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- D:\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - [2011.11.01 22:35:34 | 000,039,800 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.22 09:02:38 | 000,076,488 | ---- | M] (()) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva385.sys -- (XDva385)
DRV - [2010.08.31 16:37:21 | 000,073,416 | ---- | M] (()) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva359.sys -- (XDva359)
DRV - [2010.06.30 09:25:03 | 000,071,368 | ---- | M] (()) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva349.sys -- (XDva349)
DRV - [2010.06.23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.25 15:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.02.03 11:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.27 19:39:08 | 000,087,696 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009.04.27 19:39:08 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009.04.27 19:39:08 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009.04.27 19:39:06 | 000,100,944 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.12.05 01:41:00 | 008,238,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.03.29 14:00:16 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007.01.31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2005.06.24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kinder im Internet – aber sicher! - COMPUTER BILD
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google ist dein Freund [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Die Stämme - Das Browsergame im Mittelalter
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {516611E5-D9A6-49c6-8065-82FB5EDAA56D}:1.0.15
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:22.1.11089.229
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: ffox@bandoo.com:5.1
FF - prefs.js..extensions.enabledItems: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11222.991
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Heimanwender\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.19 17:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.28 14:46:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{516611E5-D9A6-49c6-8065-82FB5EDAA56D}: C:\Program Files\J3S\COMPUTERBILD-Suchmaschine\\Firefox [2009.04.17 10:21:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Heimanwender\Program Files\DNA [2011.02.05 10:47:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles/do5h50q1.default\extensions\ffox@bandoo.com [2011.07.30 10:22:29 | 000,000,000 | ---D | M]
[2011.07.30 10:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Extensions
[2011.10.31 09:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions
[2011.03.08 12:38:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.30 10:21:27 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.09.25 17:12:20 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.09.25 17:12:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\engine@conduit.com
[2011.07.30 10:22:29 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\ffox@bandoo.com
[2010.12.15 15:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\conduit.xml
[2011.07.30 10:20:49 | 000,002,501 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\SearchResults.xml
[2011.11.03 16:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.03.05 18:55:41 | 000,000,000 | ---D | M] (Eazel-DE Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}
[2009.04.18 17:28:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.25 11:47:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.05.13 06:21:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.07.29 11:15:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2008.10.18 14:04:21 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com
[2009.04.17 10:21:36 | 000,000,000 | ---D | M] (COMPUTERBILD-Suchmaschine) -- C:\PROGRAM FILES\J3S\COMPUTERBILD-SUCHMASCHINE\\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
[2011.07.30 10:21:38 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.04.19 17:07:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.02.05 10:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\HEIMANWENDER\PROGRAM FILES\DNA
[2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011.07.29 11:14:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.03 15:31:51 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.30 10:20:49 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Video Viewer = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\dejgnnjohnpljeijfendiiafgpaenbip\0.0.11_0\
CHR - Extension: AdBlock = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Digital Clock (IIsi's low-memory version) = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgkhmaaifnednibcengdengamkllpppb\0.99.6.10_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Yulia Brodskaya = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko\2_0\
CHR - Extension: Smooth Gestures = C:\Users\Heimanwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.5_0\
O1 HOSTS File: ([2011.11.02 16:50:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Schnellstartdatei.vbs ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECF74737-19F9-41E3-BF34-F480C2D15905}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) -c:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) -c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - No CLSID value found.
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.09 03:17:43 | 000,419,088 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:11:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:17:41 | 009,912,320 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2009.09.09 02:54:34 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{6F624D8E-63C8-41EB-BD6F-1AD0A6C36756} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.11.05 11:26:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Heimanwender\Desktop\OTL (5).exe
[2011.11.03 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Roaming\Avira
[2011.11.03 20:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.03 19:59:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.11.03 19:59:04 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.11.03 19:59:04 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.11.03 19:59:04 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.11.03 19:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.02 17:37:11 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (8).exe
[2011.11.02 17:11:28 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\Desktop\osma
[2011.11.02 16:50:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.02 16:47:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.11.02 16:47:05 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Local\temp
[2011.11.02 07:10:21 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (7).exe
[2011.11.01 19:02:46 | 000,100,864 | ---- | C] (GMER) -- C:\kwtdapod.sys
[2011.11.01 19:00:59 | 002,437,632 | ---- | C] (Codejock Software) -- C:\Users\Heimanwender\Desktop\ToolkitPro1211vc80U.dll
[2011.11.01 19:00:59 | 001,392,640 | ---- | C] (Online Solutions) -- C:\Users\Heimanwender\Desktop\osam_gui.dll
[2011.11.01 19:00:59 | 001,093,632 | ---- | C] (Online Solutions) -- C:\Users\Heimanwender\Desktop\osam_srv.dll
[2011.10.31 19:59:37 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.10.31 17:03:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.10.31 10:28:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.31 10:27:57 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Roaming\Malwarebytes
[2011.10.31 10:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.31 10:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.31 10:27:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.31 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.31 09:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.30 19:55:34 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.10.30 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.30 16:36:28 | 000,000,000 | -HSD | C] -- C:\Users\Heimanwender\AppData\Local\aa319330
[2011.10.30 12:47:21 | 002,556,672 | ---- | C] (Piriform Ltd) -- C:\Users\Heimanwender\Desktop\rcsetup141.exe
[2011.10.28 19:24:14 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.10.28 19:24:14 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.10.28 10:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011.10.25 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\Desktop\Kollegag - Bossaura
[2011.10.22 11:24:06 | 000,000,000 | ---D | C] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empires Die Neuzeit
[2011.10.22 11:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011.10.21 08:05:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.10.15 23:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.15 23:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.15 23:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009.04.09 11:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Heimanwender\AppData\Local\*.tmp files -> C:\Users\Heimanwender\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.05 11:35:47 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CEFB8120-03F7-4A62-97E0-02B526E3D8C1}.job
[2011.11.05 11:30:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.05 11:26:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Heimanwender\Desktop\OTL (5).exe
[2011.11.05 10:37:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.05 10:37:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 10:37:37 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.05 10:37:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.05 10:37:27 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.03 20:17:12 | 003,856,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.03 20:00:20 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.02 17:37:12 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (8).exe
[2011.11.02 16:50:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.11.02 07:17:41 | 000,000,512 | ---- | M] () -- C:\Users\Heimanwender\Desktop\MBR.dat
[2011.11.02 07:10:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Heimanwender\Desktop\aswMBR (7).exe
[2011.11.01 23:13:03 | 000,069,632 | ---- | M] () -- C:\Windows\System32\FreezeScreenSaver.exe
[2011.11.01 22:36:21 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Local\{2255C80B-E32B-4B44-8AB3-711604149D3A}
[2011.11.01 22:35:34 | 000,039,800 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2011.11.01 21:03:31 | 001,916,416 | ---- | M] () -- C:\Users\Heimanwender\Desktop\aswMBR (6).exe
[2011.11.01 19:33:41 | 000,074,840 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.01 19:33:41 | 000,024,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.01 19:33:41 | 000,020,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.01 19:33:41 | 000,011,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.01 19:32:46 | 001,916,416 | ---- | M] () -- C:\Users\Heimanwender\Desktop\aswMBR.exe
[2011.11.01 19:02:46 | 000,100,864 | ---- | M] (GMER) -- C:\kwtdapod.sys
[2011.11.01 07:15:16 | 000,013,844 | ---- | M] () -- C:\Users\Heimanwender\Desktop\geo.odt
[2011.10.31 17:57:34 | 000,315,588 | ---- | M] () -- C:\log.html
[2011.10.31 17:00:54 | 000,436,264 | ---- | M] () -- C:\Users\Heimanwender\Desktop\Unbenannt.jpg
[2011.10.31 16:22:55 | 000,014,314 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\wklnhst.dat
[2011.10.31 13:20:08 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.10.31 11:54:44 | 000,443,457 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.10.31 11:54:44 | 000,033,782 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.10.31 10:35:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.31 10:34:19 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 10:26:16 | 000,020,782 | ---- | M] () -- C:\Users\Heimanwender\Desktop\cc_20111031_102546.reg
[2011.10.30 17:34:00 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.10.30 16:29:12 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.30 16:29:02 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.10.30 16:08:07 | 000,006,539 | ---- | M] () -- C:\Users\Heimanwender\.recently-used.xbel
[2011.10.30 15:59:02 | 000,001,356 | ---- | M] () -- C:\Users\Heimanwender\AppData\Local\d3d9caps.dat
[2011.10.30 12:47:33 | 002,556,672 | ---- | M] (Piriform Ltd) -- C:\Users\Heimanwender\Desktop\rcsetup141.exe
[2011.10.28 10:19:40 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\AVSDVDPlayer.m3u
[2011.10.24 18:54:48 | 000,000,769 | ---- | M] () -- C:\Windows\Edofma.INI
[2011.10.22 11:00:14 | 000,022,828 | ---- | M] () -- C:\Users\Heimanwender\Documents\cc_20111022_120009.reg
[2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.17 21:18:04 | 000,002,384 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.10.06 19:16:53 | 000,000,973 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Heimanwender\AppData\Local\*.tmp files -> C:\Users\Heimanwender\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.03 20:00:20 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.11.02 07:17:41 | 000,000,512 | ---- | C] () -- C:\Users\Heimanwender\Desktop\MBR.dat
[2011.11.01 23:11:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.11.01 22:36:21 | 000,000,000 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\{2255C80B-E32B-4B44-8AB3-711604149D3A}
[2011.11.01 21:03:45 | 001,916,416 | ---- | C] () -- C:\Users\Heimanwender\Desktop\aswMBR (6).exe
[2011.11.01 19:32:33 | 001,916,416 | ---- | C] () -- C:\Users\Heimanwender\Desktop\aswMBR.exe
[2011.11.01 19:00:59 | 000,372,736 | ---- | C] () -- C:\Users\Heimanwender\Desktop\osam.exe
[2011.11.01 07:15:15 | 000,013,844 | ---- | C] () -- C:\Users\Heimanwender\Desktop\geo.odt
[2011.10.31 19:18:57 | 000,069,632 | ---- | C] () -- C:\Windows\System32\FreezeScreenSaver.exe
[2011.10.31 17:00:54 | 000,436,264 | ---- | C] () -- C:\Users\Heimanwender\Desktop\Unbenannt.jpg
[2011.10.31 10:27:49 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 10:26:12 | 000,020,782 | ---- | C] () -- C:\Users\Heimanwender\Desktop\cc_20111031_102546.reg
[2011.10.30 21:26:39 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.30 17:34:00 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
[2011.10.30 16:08:07 | 000,006,539 | ---- | C] () -- C:\Users\Heimanwender\.recently-used.xbel
[2011.10.22 11:00:12 | 000,022,828 | ---- | C] () -- C:\Users\Heimanwender\Documents\cc_20111022_120009.reg
[2011.10.06 19:16:53 | 000,000,973 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.09.28 17:22:07 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.09.28 17:22:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.09.25 09:59:37 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2011.07.30 10:22:25 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011.07.25 09:21:10 | 000,443,457 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.07.03 11:58:20 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.03.21 22:58:44 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.21 22:58:44 | 000,138,056 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\PnkBstrK.sys
[2011.03.21 22:58:27 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.03.21 22:58:23 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.02.26 02:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.02.20 12:11:29 | 000,029,184 | ---- | C] () -- C:\Windows\System32\Suorprop.dll
[2010.09.17 17:16:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.09.17 17:14:16 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.05.03 21:48:49 | 000,002,384 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009.12.03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.27 22:17:56 | 019,304,448 | ---- | C] () -- C:\Program Files\IBM Lotus Symphony.msi
[2009.10.27 22:17:56 | 000,133,120 | ---- | C] () -- C:\Program Files\1031.MST
[2009.06.12 19:34:39 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.06.12 19:34:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.06.12 19:30:47 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009.06.12 19:25:22 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.06.06 17:30:48 | 000,000,100 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\fusioncache.dat
[2009.05.24 18:09:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.04.19 12:59:24 | 000,001,356 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\d3d9caps.dat
[2009.04.09 11:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2009.04.09 11:27:10 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2009.03.08 10:00:47 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2009.02.27 14:35:22 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2009.01.18 17:45:41 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008.10.18 14:04:18 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat
[2008.10.08 05:43:47 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.08 05:43:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.05 14:10:21 | 000,000,124 | ---- | C] () -- C:\Windows\System32\ctlsw.ini
[2008.10.05 14:10:21 | 000,000,023 | ---- | C] () -- C:\Windows\System32\swctl.dll
[2008.09.21 12:39:53 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.09.20 16:50:23 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.09.20 16:50:23 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.09.20 16:50:23 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.09.20 16:50:23 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.09.20 16:50:23 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.09.06 08:43:27 | 000,102,912 | ---- | C] () -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2008.09.02 16:53:52 | 000,024,064 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\UserTile.png
[2008.08.19 23:05:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.08 09:30:06 | 000,000,086 | -H-- | C] () -- C:\Users\Heimanwender\AppData\Roaming\vispa.ini
[2008.08.06 15:29:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.08.05 15:38:44 | 000,153,397 | ---- | C] () -- C:\Windows\Elbenstern Mod V.5.0 German Uninstaller.exe
[2008.08.04 15:00:43 | 000,000,552 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\d3d8caps.dat
[2008.08.04 11:19:51 | 000,000,769 | ---- | C] () -- C:\Windows\Edofma.INI
[2008.07.29 11:04:29 | 000,000,000 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\AVSDVDPlayer.m3u
[2008.07.29 11:03:44 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.07.29 11:03:44 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.07.29 10:58:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.06.24 14:15:26 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2008.05.31 20:38:43 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.29 18:58:56 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008.05.27 16:46:05 | 000,014,314 | ---- | C] () -- C:\Users\Heimanwender\AppData\Roaming\wklnhst.dat
[2008.05.23 12:35:41 | 000,036,864 | ---- | C] () -- C:\Users\Heimanwender\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.20 12:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.02.20 12:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.20 12:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,074,840 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 16:33:31 | 000,020,752 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,856,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:33:01 | 000,024,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,011,996 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.02.07 03:07:17 | 000,208,896 | ---- | C] () -- C:\Windows\drempels.exe
[2001.04.21 01:01:00 | 000,421,888 | ---- | C] () -- C:\Windows\System32\imgdecoder.dll
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== LOP Check ==========
[2011.09.28 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\.minecraft
[2009.04.17 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AntiBrowserSpy 2009
[2011.02.25 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AnvSoft
[2011.02.09 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Any Video Converter
[2011.09.25 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ashampoo
[2011.09.08 06:19:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\avidemux
[2011.07.31 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bandoo
[2011.09.25 13:51:15 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\BitTorrent
[2009.06.23 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\biu software
[2009.07.12 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bump Technologies, Inc
[2010.02.05 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bytemobile
[2009.10.26 22:44:06 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Copernic
[2011.02.04 23:07:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DNA
[2011.11.05 10:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Dropbox
[2010.01.05 06:47:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\FOG Downloader
[2011.11.04 20:03:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\foobar2000
[2008.11.12 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\GrabPro
[2011.10.24 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\gtk-2.0
[2011.01.14 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ
[2009.09.14 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de
[2008.08.06 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\k23 productions
[2010.07.03 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Leadertech
[2009.10.16 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\LG Electronics
[2010.09.17 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\MAGIX
[2011.04.06 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Maxthon3
[2011.09.25 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\McLoad
[2009.02.06 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.10.11 08:21:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerdeâ„¢ II-Dateien
[2010.10.11 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2008.05.29 13:23:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\NCH Swift Sound
[2009.09.14 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OCS
[2008.09.07 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Opera
[2008.12.19 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Orbit
[2008.09.02 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\PeerNetworking
[2008.08.15 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\qliner
[2009.06.05 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Soldat
[2011.07.03 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Sony
[2009.09.14 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\soul.im
[2009.05.10 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Stardock
[2011.01.29 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\SYDATEC
[2008.05.27 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Template
[2009.01.25 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TERMINAL Studio
[2008.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Thunderbird
[2011.09.25 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TS3Client
[2008.07.02 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TuneUp Software
[2011.04.20 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Twaintree
[2010.02.03 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Vodafone
[2008.07.29 11:00:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Windows-Optimierer
[2011.11.05 03:12:17 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.05 11:35:47 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CEFB8120-03F7-4A62-97E0-02B526E3D8C1}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.09.28 16:20:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\.minecraft
[2010.09.05 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Adobe
[2008.06.16 17:40:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ahead
[2009.04.17 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AntiBrowserSpy 2009
[2011.02.25 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AnvSoft
[2011.02.09 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Any Video Converter
[2009.04.19 13:00:04 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Apple Computer
[2011.09.25 17:13:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Ashampoo
[2011.09.08 06:19:08 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\avidemux
[2011.11.03 20:17:56 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Avira
[2009.04.23 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\AVS4YOU
[2011.07.31 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bandoo
[2011.09.25 13:51:15 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\BitTorrent
[2009.06.23 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\biu software
[2009.06.12 20:55:30 | 000,000,000 | R--D | M] -- C:\Users\Heimanwender\AppData\Roaming\Brother
[2009.07.12 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bump Technologies, Inc
[2010.02.05 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Bytemobile
[2009.10.26 22:44:06 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Copernic
[2009.04.24 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DivX
[2011.02.04 23:07:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\DNA
[2011.11.05 10:38:49 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Dropbox
[2011.02.26 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\dvdcss
[2010.01.05 06:47:37 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\FOG Downloader
[2011.11.04 20:03:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\foobar2000
[2008.06.13 17:43:47 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Google
[2008.11.12 18:50:23 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\GrabPro
[2011.10.24 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\gtk-2.0
[2011.01.14 20:38:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ
[2009.09.14 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de
[2008.05.22 11:35:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Identities
[2009.05.11 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\InstallShield
[2008.08.06 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\k23 productions
[2010.07.03 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Leadertech
[2009.10.16 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\LG Electronics
[2008.06.06 20:41:18 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Macromedia
[2010.09.17 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\MAGIX
[2011.10.31 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Malwarebytes
[2011.04.06 17:22:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Maxthon3
[2011.09.25 20:56:27 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\McLoad
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Media Center Programs
[2009.02.06 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2010.10.11 08:21:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerdeâ„¢ II-Dateien
[2010.10.11 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2011.03.31 19:39:08 | 000,000,000 | --SD | M] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft
[2008.05.31 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Microsoft Web Folders
[2009.04.07 12:21:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Move Networks
[2011.03.08 10:59:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Mozilla
[2008.05.29 13:23:53 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\NCH Swift Sound
[2009.09.14 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OCS
[2011.11.02 15:33:19 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\OpenOffice.org2
[2008.09.07 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Opera
[2008.12.19 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Orbit
[2008.09.02 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\PeerNetworking
[2008.08.15 10:55:51 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\qliner
[2011.04.19 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Real
[2009.09.29 14:33:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Real Desktop
[2011.05.15 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Skype
[2011.03.30 15:09:12 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\skypePM
[2009.06.05 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Soldat
[2011.07.03 11:54:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Sony
[2009.09.14 19:34:30 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\soul.im
[2009.05.10 13:23:25 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Stardock
[2011.01.29 18:37:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\SYDATEC
[2008.10.18 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Talkback
[2010.05.03 20:56:01 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\teamspeak2
[2008.05.27 16:46:21 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Template
[2009.01.25 11:49:55 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TERMINAL Studio
[2008.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Thunderbird
[2011.09.25 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TS3Client
[2008.07.02 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\TuneUp Software
[2011.04.20 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Twaintree
[2011.10.31 16:37:54 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\vlc
[2010.02.03 21:03:03 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Vodafone
[2008.07.29 11:00:58 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Windows-Optimierer
[2009.06.06 09:51:50 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\WinRAR
[2011.03.05 11:32:04 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Xfire
[2010.08.11 17:35:52 | 000,000,000 | ---D | M] -- C:\Users\Heimanwender\AppData\Roaming\Yahoo!
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.04.19 21:19:40 | 000,577,536 | ---- | M] (ICQ-Tools.de) -- C:\Users\Heimanwender\AppData\Roaming\ICQ-Tools.de\soul.im\soul.im.exe
[2008.06.23 17:52:25 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{09883A2B-9EAD-4D5C-883E-1547B5684917}\_FB3565632F2DCA02005764.exe
[2009.06.12 19:26:32 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
[2009.06.23 16:10:23 | 000,003,638 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}\_04AE388B2FA7C658E82E73.exe
[2009.06.23 16:10:23 | 000,003,638 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}\_6FEFF9B68218417F98F549.exe
[2008.07.29 10:53:19 | 002,363,392 | R--- | M] (OpenOffice.org) -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{46008F4B-A8C3-4282-ACE3-73821F860911}\soffice.exe
[2009.09.14 19:34:15 | 000,010,134 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_303D932F2F972F174D4C6F.exe
[2009.09.14 19:34:15 | 000,016,958 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_3CFE6638DB12047D0458FB.exe
[2009.09.14 19:34:15 | 000,016,958 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_574DBDB84D6A662B3B934C.exe
[2009.09.14 19:34:15 | 000,001,150 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_5F449BBB7B2E0D75770F96.exe
[2008.05.22 11:37:41 | 000,008,704 | R--- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Microsoft\Installer\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}\Icon9A3BC1573.exe
[2009.04.07 12:21:49 | 000,034,062 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2009.09.14 19:34:31 | 000,102,400 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2009.09.14 19:34:31 | 000,040,960 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2009.12.10 19:25:36 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.12.11 10:10:02 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
[2010.05.30 20:14:25 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2011.01.21 18:22:58 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2010.03.25 11:08:26 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\chr\ChromeInstaller.exe
[2010.10.22 18:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\chr_helper\LaunchHelper.exe
[2010.05.13 12:09:52 | 000,220,272 | ---- | M] (Google Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
[2010.10.22 18:10:16 | 000,190,632 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\gtb_helper\LaunchHelper.exe
[2010.12.11 19:10:35 | 026,454,672 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\setup3.13\rp\RealPlayer_de.exe
[2011.11.04 19:12:47 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.10.25 11:32:12 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.10.25 11:31:47 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Heimanwender\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2011.04.20 18:56:44 | 000,000,000 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Twaintree\torcat.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\ERDNT\cache\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\drivers\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2007.11.03 00:26:51 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2007.11.03 00:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_44b6b0d0\atapi.sys
[2007.11.03 00:53:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=0B77F93AB73798F97E8E0A0AA4CCBEEF -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20694_none_db7e36353dc64123\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.04.24 15:10:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: NVSTOR32.SYS >
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.11.03 00:17:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\ERDNT\cache\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2007.11.03 00:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2007.11.03 00:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.04.25 00:52:33 | 008,011,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.04.25 00:52:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.04.25 00:52:34 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008.04.25 00:52:42 | 016,478,208 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008.04.25 00:52:44 | 006,029,312 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV608.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV596.AVI:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >
|
|
07.11.2011, 08:25
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - File not found [Auto | Stopped] -- -- (BRS_WebWeaver)
SRV - File not found [Disabled | Stopped] -- -- (AVKWCtl)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Kinder im Internet – aber sicher! - COMPUTER BILD
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google ist dein Freund [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Die Stämme - Das Browsergame im Mittelalter
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..extensions.enabledItems: ffox@bandoo.com:5.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
[2011.07.30 10:21:27 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.09.25 17:12:20 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.09.25 17:12:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\engine@conduit.com
[2011.07.30 10:22:29 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\ffox@bandoo.com
[2010.12.15 15:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\conduit.xml
[2011.07.30 10:20:49 | 000,002,501 | ---- | M] () -- C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\SearchResults.xml
[2009.03.05 18:55:41 | 000,000,000 | ---D | M] (Eazel-DE Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}
[2009.04.18 17:28:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.25 11:47:08 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.09.09 03:17:43 | 000,419,088 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:11:07 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2009.09.09 03:17:41 | 009,912,320 | R--- | M] () - E:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2009.09.09 02:54:34 | 000,000,136 | R--- | M] () - E:\autorun.inf -- [ UDF ]
[2011.11.01 19:02:46 | 000,100,864 | ---- | M] (GMER) -- C:\kwtdapod.sys
[2011.10.31 11:54:44 | 000,443,457 | ---- | M] () -- C:\Windows\System32\sig.bin
[2011.10.31 11:54:44 | 000,033,782 | ---- | M] () -- C:\Windows\System32\nmp.map
[2011.10.24 18:54:48 | 000,000,769 | ---- | M] () -- C:\Windows\Edofma.INI
[2011.07.30 10:22:25 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV608.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Heimanwender\MOV596.AVI:TOC.WMV
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB1B13D8
:Files
C:\Users\Heimanwender\AppData\Local\aa319330
c:\windows\814952874
c:\windows\system32\c_09991.nl_
c:\windows\system32\FreezeScreenSaver.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2011, 14:21
| #24 |
| | Win.32/Sirefef.0 - Starker Virenbefall Nach der Durchführung hat sich das Programm beim Punkt des Neustarts ohne Rückmeldung verabschiedet. Dementsprechend habe ich kein Logfile erhalten. Alles was sich nach dem Start öffnete war folgende Meldung: Files\Folders moved on Reboot... File move failed. E:\AutoRun.exe scheduled to be moved on reboot. File move failed. E:\autorun.dat scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... Vielleicht gibt es ja noch eine zugehörige Datei, die unter einem anderen Pfad abgelegt ist. Nach der Ausführung des Programms, kam es bisher zu keinerlei Beeinträchtigungen meines Rechners (fehlende Dateien etc.) |
|
07.11.2011, 14:38
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Wiederhol das bitte. OTL musst du vorher per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2011, 19:38
| #26 |
| | Win.32/Sirefef.0 - Starker Virenbefall Alles wie gewünscht ausgeführt, aber ohne Erfolg. Zwischenzeitlich ist die Fehlermeldung aufgetreten, dass die Datei/Ordner in c:/Windows/system32/drivers/et/host nicht erstellt werden konnte. Daraufhin wurde ein reset der Hostdatei versucht, der schlichtweg nicht enden wollte -> Abbruch. Zu allen guten Dingen gehören ja bekanntlich drei, soll ich es nochmal versuchen? Edit: Avira blockiert die Erstellung der Datei, auch wenn der Guard ausgeschaltet ist. der Prozess "Avira System Try Tool" lässt sich leider nicht beenden. Geändert von Eiswehr (07.11.2011 um 19:48 Uhr) |
|
07.11.2011, 20:14
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Dann deinstallier erstmal Avira und mach den Fix nochmal. Wenn wir hier durch sind kann wieder ein Virenscanner rauf und ja bevor du fragst, ja ohne Virenscanner im Hintergrund geht es auch.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2011, 20:43
| #28 |
| | Win.32/Sirefef.0 - Starker Virenbefall Verlauf ohne Komplikationen: All processes killed ========== OTL ========== Error: No service named BRS_WebWeaver was found to stop! Service\Driver key BRS_WebWeaver not found. Error: No service named AVKWCtl was found to stop! Service\Driver key AVKWCtl not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: "Search Results" removed from browser.search.defaultenginename Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13" removed from browser.startup.homepage Prefs.js: ffox@bandoo.com:5.1 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" removed from keyword.URL Folder C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Folder C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found. Folder C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\engine@conduit.com\ not found. Folder C:\Users\Heimanwender\AppData\Roaming\mozilla\Firefox\Profiles\do5h50q1.default\extensions\ffox@bandoo.com\ not found. File C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\conduit.xml not found. File C:\Users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\searchplugins\SearchResults.xml not found. Folder C:\Program Files\Mozilla Firefox\extensions\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\ not found. Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found. Folder C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found. File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. File move failed. E:\AutoRun.exe scheduled to be moved on reboot. File not found. File move failed. E:\autorun.dat scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File C:\kwtdapod.sys not found. File C:\Windows\System32\sig.bin not found. File C:\Windows\System32\nmp.map not found. File C:\Windows\Edofma.INI not found. File C:\Windows\System32\bandoolmx.dll not found. Unable to delete ADS C:\Users\Heimanwender\MOV608.AVI:TOC.WMV . Unable to delete ADS C:\Users\Heimanwender\MOV596.AVI:TOC.WMV . Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF . Unable to delete ADS C:\ProgramData\TEMP:FB1B13D8 . ========== FILES ========== File\Folder C:\Users\Heimanwender\AppData\Local\aa319330 not found. File\Folder c:\windows\814952874 not found. File\Folder c:\windows\system32\c_09991.nl_ not found. File\Folder c:\windows\system32\FreezeScreenSaver.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Heimanwender ->Temp folder emptied: 254926 bytes ->Temporary Internet Files folder emptied: 33300 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 49128476 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 701 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 47,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11072011_203721 Files\Folders moved on Reboot... File move failed. E:\AutoRun.exe scheduled to be moved on reboot. File move failed. E:\autorun.dat scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
07.11.2011, 20:46
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Dann mach nochmal jetzt einen "sauberen" lauf mit CF. lad die combofix.exe bitte neu herunter, die alte VORHER löschen. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.11.2011, 21:42
| #30 |
| | Win.32/Sirefef.0 - Starker Virenbefall Überprüfungszeit: ca 35min. Combofix Logfile: Code:
ATTFilter ComboFix 11-11-07.03 - Heimanwender 07.11.2011 21:02:10.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.2047.1247 [GMT 1:00]
ausgeführt von:: c:\users\Heimanwender\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-07 bis 2011-11-07 ))))))))))))))))))))))))))))))
.
.
2011-11-07 20:30 . 2011-11-07 20:30 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-11-07 20:30 . 2011-11-07 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-07 19:39 . 2011-11-07 19:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C15E294-6177-427F-8CA8-C711A04219CA}\offreg.dll
2011-11-07 12:58 . 2011-11-07 12:58 -------- d-----w- C:\_OTL
2011-11-04 14:53 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C15E294-6177-427F-8CA8-C711A04219CA}\mpengine.dll
2011-11-02 15:47 . 2011-11-07 20:30 -------- d-----w- c:\users\Heimanwender\AppData\Local\temp
2011-11-01 22:11 . 2011-10-30 15:29 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-01 22:10 . 2003-03-19 08:55 335872 ----a-w- c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
2011-11-01 21:36 . 2011-11-01 21:36 0 ---ha-w- c:\users\Heimanwender\AppData\Local\BITD52A.tmp
2011-10-31 18:59 . 2011-10-31 18:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-31 09:28 . 2011-10-31 09:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-31 09:27 . 2011-10-31 09:27 -------- d-----w- c:\users\Heimanwender\AppData\Roaming\Malwarebytes
2011-10-31 09:27 . 2011-10-31 09:27 -------- d-----w- c:\programdata\Malwarebytes
2011-10-31 09:27 . 2011-10-31 10:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 09:27 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-31 08:49 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-10-31 08:08 . 2011-10-31 08:08 -------- d-----w- c:\program files\ESET
2011-10-30 20:23 . 2008-01-19 05:49 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-30 18:55 . 2011-10-30 18:55 -------- d-----w- c:\windows\CheckSur
2011-10-30 17:20 . 2011-10-30 17:20 -------- d-----w- c:\program files\Avira
2011-10-30 15:08 . 2008-01-19 05:53 34816 ----a-w- c:\windows\system32\drivers\umbus.sys
2011-10-28 18:24 . 2011-07-15 09:35 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-10-28 18:24 . 2011-07-15 09:35 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2011-10-28 09:29 . 2011-10-28 09:29 -------- d-----w- c:\program files\EA Sports
2011-10-22 10:19 . 2011-10-22 10:19 -------- d-----w- c:\program files\Activision
2011-10-21 07:05 . 2011-10-21 07:05 -------- d-----w- c:\windows\system32\EventProviders
2011-10-15 22:25 . 2011-10-31 09:31 -------- d-----w- c:\programdata\SecTaskMan
2011-10-15 22:25 . 2011-10-15 22:25 -------- d-----w- c:\program files\Security Task Manager
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 21:35 . 2011-07-24 09:53 39800 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2011-10-30 15:29 . 2011-03-21 21:58 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-10-30 15:29 . 2011-03-22 15:28 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-30 15:29 . 2011-03-21 21:58 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-10-17 19:50 . 2011-05-22 08:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-25 20:03 . 2011-07-24 09:55 49016 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-09-25 16:23 . 2011-09-25 16:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 21:15 . 2009-10-27 21:17 19304448 ----a-w- c:\program files\IBM Lotus Symphony.msi
2009-08-28 21:42 . 2009-08-28 21:42 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Heimanwender\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Heimanwender\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Heimanwender\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 4939776]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-19 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Schnellstartdatei.vbs [2010-12-16 80]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\SideBar.exe /autoRun
"BitTorrent DNA"="c:\users\Heimanwender\Program Files\DNA\btdna.exe"
"SymphonyPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.0.20101015-2340\IBM Lotus Symphony" -nogui -nosplash
"Gratab"=c:\users\Heimanwender\AppData\Roaming\Twaintree\torcat.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ControlCenter3"=c:\program files\Brother\ControlCenter3\brctrcen.exe /autorun
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"Adobe Reader Speed Launcher"="d:\reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Ocs_SM"=c:\users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"DATAMNGR"=c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9a488eb75573d;Google Update Service (gupdate1c9a488eb75573d);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 127488]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-09-14 40960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-15 1047040]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]
R3 cpuz129;cpuz129;c:\users\HEIMAN~1\AppData\Local\Temp\cpuz_x32.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 127488]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [2010-06-30 71368]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [2010-08-31 73416]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [2011-04-22 76488]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-01 39800]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-04-27 100944]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-04-27 41424]
S2 FSCLBaseUpdaterService;FSCLBaseUpdaterService;c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe [2007-06-04 65536]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-08 208896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 359424]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-27 79888]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-04-27 87696]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 04:29]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:40]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 09:40]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{CEFB8120-03F7-4A62-97E0-02B526E3D8C1}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Heimanwender\AppData\Roaming\Mozilla\Firefox\Profiles\do5h50q1.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: COMPUTERBILD-Suchmaschine: {516611E5-D9A6-49c6-8065-82FB5EDAA56D} - c:\program files\J3S\COMPUTERBILD-Suchmaschine\\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-07 21:30
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.smb]
"ImagePath"="\*"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1372)
c:\users\Heimanwender\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
.
Zeit der Fertigstellung: 2011-11-07 21:35:30
ComboFix-quarantined-files.txt 2011-11-07 20:35
.
Vor Suchlauf: 42 Verzeichnis(se), 76.656.877.568 Bytes frei
Nach Suchlauf: 42 Verzeichnis(se), 76.615.352.320 Bytes frei
.
- - End Of File - - 2A09AFABF42BE457CB08431A8410D870
|
|
| Themen zu Win.32/Sirefef.0 - Starker Virenbefall |
| ad-aware, avg, avira, befall, bereit, betriebssystem, blue, dienst, eset, folge, forum, free, gdata, gelöscht, infizierte, manager, nicht sicher, nicht starten, online, reagiert, scan, scanner, security, sirefef, starker virenbefall, task manager, treiber, trojaner, virenbefal, win.32/sirefef.0, windows |
Linear-Darstellung
