| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.03.2012, 15:20
| #1 |
| |  TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar Hallo Forum! Zunächst einmal ein großes Lob - habe hier schon viele gute Informationen und ich hoffe, dass mir jemand weiterhelfen kann ;-) Plötzlich wurden alle Programme runtergefahren, ein Pseudo-System Check öffnete sich, viele Popups, keine Eingabe mehr möglich, aus das Ausführen des Taskmanagers ging nicht mehr. Nach einem Neustart war der komplette Desktop leer, alle Programme (Start-Menü) verschwunden, keine Eingabe mehr möglich. Auch im Dos-Modus über Konsole keine Ordner/Programme mehr. Free AV und Windows eigene Scanner haben folgendes gefunden: - TR/Crypt.PEPM.Gen - EXP/CVE-2010-0840 - Java.Inject.U - TR/Crypt.XPACK.Gen in SoftwareUpdate.exe - TR/Crypt.XPACK.Gen in CE49.tmp Bisher habe ich abgesehendie folgenden Programme laufen lassen: -Defogger -DDS -GMER DDS-Text Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by tim at 1:15:47 on 2012-03-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2985.1002 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\DRIVERS\o2flash.exe
c:\Windows\system32\srvany.exe
c:\Windows\system32\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uStart Page = hxxp://www.google.de/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - c:\program files\internet explorer\iedvtool.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\tim\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IntelPROSet] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [DFEPApplication] c:\program files\dell\feature enhancement pack\DFEPApplication.exe
mRun: [TdmNotify] c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\TdmNotify.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ACPW05EN] "c:\program files\acd systems\acdsee pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: An OneNote s&enden - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 213.191.92.86 62.109.123.7
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3} : DhcpNameServer = 213.191.92.86 62.109.123.7
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\142736F627D2731433631383F554B425 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\3516D636F6E6 : DhcpNameServer = 89.0.0.63
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\3736866FE686F6C6A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}\75F4F4D4542514F5E45445 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB} : NameServer = 193.189.244.225 193.189.244.206
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\windows\system32\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tim\appdata\roaming\mozilla\firefox\profiles\7ninmsum.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=fw
FF - prefs.js: network.proxy.ftp - 108.62.148.233
FF - prefs.js: network.proxy.ftp_port - 19755
FF - prefs.js: network.proxy.http - 108.62.148.233
FF - prefs.js: network.proxy.http_port - 19755
FF - prefs.js: network.proxy.socks - 108.62.148.233
FF - prefs.js: network.proxy.socks_port - 19755
FF - prefs.js: network.proxy.ssl - 108.62.148.233
FF - prefs.js: network.proxy.ssl_port - 19755
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tim\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2012-1-5 20328]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-1-4 17904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-23 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-1-4 81920]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-3-23 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-3-23 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-23 74640]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2011-5-11 826272]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2011-5-11 31648]
R2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\dell\feature enhancement pack\DFEPService.exe [2011-8-24 1568664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-1-10 13336]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-1-5 112800]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-24 212944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2012-1-4 1997416]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2012-1-5 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-1-5 2656536]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\dell\dell data protection\access\advanced\wave\authentication manager\WaveAMService.exe [2011-7-1 1131520]
R2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\intel\wifi\bin\ZCfgSvc7.exe [2010-12-23 577536]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-1-5 44144]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-1-5 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-1-5 33832]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-1-5 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2011-5-10 33896]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2012-1-5 268968]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-1-5 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETwNs32.sys [2012-1-5 7434240]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2012-1-5 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2012-1-5 63976]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2012-1-5 134144]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-31 201168]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-1-31 101120]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-1-5 132480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-1-5 139368]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2012-1-5 60904]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-10 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-23 23:52:15 -------- d-----w- c:\users\tim\appdata\local\{FEFAFC49-B184-41C0-A871-5C71A3F12A93}
2012-03-23 23:51:09 -------- d-----w- c:\users\tim\appdata\local\{08821E59-7892-4EAA-A1F7-5119AC2F7BA8}
2012-03-23 21:20:51 -------- d-----w- c:\users\tim\appdata\roaming\Avira
2012-03-23 21:15:36 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-23 21:15:36 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-23 21:15:36 -------- d-----w- c:\programdata\Avira
2012-03-23 21:15:36 -------- d-----w- c:\program files\Avira
2012-03-23 11:45:35 -------- d--h--w- c:\users\tim\appdata\roaming\MySEOSolution_DB_Dir
2012-03-23 11:45:31 -------- d--h--w- c:\users\tim\appdata\local\MySEOSolution
2012-03-23 11:45:01 -------- d-----w- c:\program files\Article Wizard
2012-03-23 09:42:21 -------- d--h--w- c:\users\tim\appdata\local\{271870CF-448E-45AE-ADAF-24E6C25DD9D3}
2012-03-23 09:41:13 -------- d--h--w- c:\users\tim\appdata\local\{80C75872-6458-4FDD-85F2-872AC216C186}
2012-03-23 08:46:08 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ed53bb12-40c8-43c0-9af5-412feb0ce39d}\mpengine.dll
2012-03-22 21:16:46 -------- d--h--w- c:\users\tim\appdata\local\{0F31B976-6470-4CDA-AB61-6EEAFD8B5DA2}
2012-03-22 21:16:35 -------- d--h--w- c:\users\tim\appdata\local\{AE10FD9E-B7AA-4DD9-9429-F0D8AF7ECF01}
2012-03-22 09:16:12 -------- d--h--w- c:\users\tim\appdata\local\{ACA94B5F-F5EE-4D38-BD0C-23E2B76B00BF}
2012-03-22 09:16:02 -------- d--h--w- c:\users\tim\appdata\local\{0FF106DB-FDCF-4A36-85A5-E143421CA464}
2012-03-21 21:15:38 -------- d--h--w- c:\users\tim\appdata\local\{87BF61A4-1BEF-434D-B77B-1AFDC1423516}
2012-03-21 09:15:17 -------- d--h--w- c:\users\tim\appdata\local\{DB66502F-A12D-471F-89D0-2CDD4B5CDC8F}
2012-03-21 09:14:40 -------- d--h--w- c:\users\tim\appdata\local\{086299ED-B6C4-4D03-8944-3FDAB5EE1CFE}
2012-03-20 20:45:40 -------- d--h--w- c:\users\tim\appdata\local\{89784105-383F-479A-8D2D-FCFC253DD7BE}
2012-03-20 08:45:09 -------- d--h--w- c:\users\tim\appdata\local\{2A120F72-14C2-4E6C-8AE3-6A9FBE90F23F}
2012-03-20 08:44:01 -------- d--h--w- c:\users\tim\appdata\local\{63E822B4-FFDD-4204-A230-3C391B080AC1}
2012-03-19 20:22:54 -------- d--h--w- c:\users\tim\appdata\local\{E1C86CA5-75F1-47E1-ABFD-7CD215FA519C}
2012-03-19 20:22:45 -------- d--h--w- c:\users\tim\appdata\local\{3A38CCD4-BE0D-4E5E-BFAE-EE02FCF2266D}
2012-03-19 08:22:21 -------- d--h--w- c:\users\tim\appdata\local\{DB96986A-90C8-4415-A142-F59E0EF194C8}
2012-03-19 08:20:45 -------- d--h--w- c:\users\tim\appdata\local\{E6F2045E-0915-4F6B-9DE2-C67E840F9C06}
2012-03-18 13:08:29 -------- d--h--w- c:\users\tim\appdata\local\{45580A3C-5A36-43D0-93C4-DB1097E6E8E7}
2012-03-18 13:08:19 -------- d--h--w- c:\users\tim\appdata\local\{3753E0A4-F2F2-4A06-9CA1-17F2A8D8E88A}
2012-03-17 17:18:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-17 17:18:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-17 09:56:34 -------- d--h--w- c:\users\tim\appdata\local\{B9E53D4C-C04B-4D26-B76E-72CF91D01485}
2012-03-17 09:54:59 -------- d--h--w- c:\users\tim\appdata\local\{5DBA6D5D-1FCF-4FE3-B0D3-B5F2611F8E18}
2012-03-16 18:07:13 -------- d-----w- c:\users\tim\appdata\local\ElevatedDiagnostics
2012-03-16 12:15:44 -------- d--h--w- c:\users\tim\appdata\local\{BF4CBE36-31C9-44D7-B875-37C8D3479205}
2012-03-16 12:15:34 -------- d--h--w- c:\users\tim\appdata\local\{80CAC4A6-B04D-4BA3-9167-C18E9FF4B919}
2012-03-15 23:37:39 -------- d--h--w- c:\users\tim\appdata\local\{9A36813A-FD9C-41C1-A104-89DDD11564ED}
2012-03-15 23:37:29 -------- d--h--w- c:\users\tim\appdata\local\{46C0BD45-A012-4F59-AE7E-DFB423D78EB5}
2012-03-15 10:36:24 -------- d--h--w- c:\users\tim\appdata\local\{1AFC7E61-B75C-46FB-8DC2-4E14509ECA6A}
2012-03-15 10:34:48 -------- d--h--w- c:\users\tim\appdata\local\{C5D4F8A9-F1F1-4E79-ADF0-B6C843A50CEC}
2012-03-14 12:32:00 -------- d-----w- c:\windows\system32\appmgmt
2012-03-14 12:13:21 -------- d-----w- c:\windows\system32\32bit
2012-03-14 11:36:24 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 11:36:24 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:32:21 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:32:20 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:31:51 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:31:51 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:31:51 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:31:50 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:31:49 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:31:49 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:29:02 -------- d--h--w- c:\users\tim\appdata\local\{AA9E8203-F10E-451D-BFCF-3F9C0CB1F49F}
2012-03-14 11:28:51 -------- d--h--w- c:\users\tim\appdata\local\{ED9E28F4-55E8-46FF-8187-2CD7435F3D70}
2012-03-13 09:17:42 -------- d--h--w- c:\users\tim\appdata\local\{F517FB15-9A96-4D9B-BBA3-FD678B57EBC8}
2012-03-12 14:57:06 -------- d--h--w- c:\users\tim\appdata\local\{5335B526-C3CC-43C1-9E0A-2A74C1FD64FF}
2012-03-12 14:56:55 -------- d--h--w- c:\users\tim\appdata\local\{E4AA9C88-0C5D-4230-844C-4059EFCEFA59}
2012-03-10 11:26:45 -------- d--h--w- c:\users\tim\appdata\local\{8E246D73-9CCC-4F26-A45D-B6ABDDC192E4}
2012-03-10 11:26:34 -------- d--h--w- c:\users\tim\appdata\local\{E5CE3353-BC33-4878-9BA1-1283B5299E50}
2012-03-10 00:16:48 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-09 22:03:13 -------- d--h--w- c:\users\tim\appdata\local\{7598CAA2-2F46-4C3F-A828-BBC2B8E22200}
2012-03-09 22:03:01 -------- d--h--w- c:\users\tim\appdata\local\{ED4828B2-024A-4FD5-A9FB-24A60B37A25C}
2012-03-09 12:51:22 -------- d--h--w- C:\Black
2012-03-09 10:02:28 -------- d--h--w- c:\users\tim\appdata\local\{E6B01C48-1723-46CA-9731-17D5B678E83F}
2012-03-08 22:01:50 -------- d--h--w- c:\users\tim\appdata\local\{1D32F748-3217-4EE9-A668-CCA6F81F58F3}
2012-03-08 10:01:10 -------- d--h--w- c:\users\tim\appdata\local\{6DC01205-E85F-47EE-B5B1-2A94690358D6}
2012-03-08 10:00:57 -------- d--h--w- c:\users\tim\appdata\local\{6E042693-057C-40D0-AE0F-006D227B44B4}
2012-03-07 21:10:02 -------- d--h--w- c:\users\tim\appdata\local\{E5D1EFA8-E8A1-4AF5-AB4F-791C7C996881}
2012-03-07 09:09:28 -------- d--h--w- c:\users\tim\appdata\local\{EC6A002E-6DAF-4249-976B-11215EB7624B}
2012-03-07 09:09:16 -------- d--h--w- c:\users\tim\appdata\local\{86F45F20-359B-48DA-9FD3-BED0A3C8F45F}
2012-03-06 20:58:21 -------- d--h--w- c:\users\tim\appdata\local\{6CF797DF-06AC-48D2-B457-FDFEB0DD7D2F}
2012-03-06 20:58:10 -------- d--h--w- c:\users\tim\appdata\local\{13B5A5C2-01C7-4623-B653-F8F7032CCB02}
2012-03-06 08:57:33 -------- d--h--w- c:\users\tim\appdata\local\{C1246D82-F5C7-4705-8800-42B2299BE262}
2012-03-06 08:57:22 -------- d--h--w- c:\users\tim\appdata\local\{A699392E-0403-4548-AACC-3713158919D1}
2012-03-05 22:34:54 -------- d--h--w- c:\users\tim\appdata\local\{97DF9F08-92EB-4BFC-9BB9-816E38B90E0C}
2012-03-05 19:57:25 -------- d--h--w- c:\users\tim\appdata\roaming\DataDesign
2012-03-05 10:34:18 -------- d--h--w- c:\users\tim\appdata\local\{0F922214-881D-459E-AF9A-29BCFD4FBB04}
2012-03-05 10:34:07 -------- d--h--w- c:\users\tim\appdata\local\{81522F1E-AF6B-4FB3-A48E-D9DA98BB7BFE}
2012-03-02 09:26:58 -------- d--h--w- c:\users\tim\appdata\local\{10248E99-FCD5-4DBC-BD8D-A2C88B8BB222}
2012-03-02 09:26:46 -------- d--h--w- c:\users\tim\appdata\local\{A6DAB23E-0950-4836-BDD4-FAB2BF3D65B2}
2012-03-01 21:26:13 -------- d--h--w- c:\users\tim\appdata\local\{2F467FBD-3EBE-4282-8C5D-8B88C2267795}
2012-03-01 21:26:02 -------- d--h--w- c:\users\tim\appdata\local\{6308FC79-414A-4532-920F-81F430981621}
2012-03-01 09:44:04 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
2012-03-01 09:25:32 -------- d--h--w- c:\users\tim\appdata\local\{F94A49AB-B7FC-47C4-A20C-A0D6EFBCB36C}
2012-02-29 11:08:29 -------- d--h--w- c:\users\tim\appdata\local\{748CC442-51FD-4FA0-A241-0A0E6CBA10FE}
2012-02-29 11:08:19 -------- d--h--w- c:\users\tim\appdata\local\{0EDA4505-C612-477C-A70E-EAF717A42136}
2012-02-28 23:07:48 -------- d--h--w- c:\users\tim\appdata\local\{03501109-3989-49CC-9303-490010641B9E}
2012-02-28 23:07:32 -------- d--h--w- c:\users\tim\appdata\local\{58A09299-50FF-41AF-A282-BFA6423AE1DB}
2012-02-28 11:04:52 -------- d--h--w- c:\users\tim\appdata\local\{35A9597E-5562-41E2-888A-DCAB973F061C}
2012-02-28 11:04:41 -------- d--h--w- c:\users\tim\appdata\local\{80BBCC43-1885-4392-8F2E-A15402859A2F}
2012-02-27 23:04:08 -------- d--h--w- c:\users\tim\appdata\local\{9C52CD55-1CBE-462D-BDC2-8DCC9C1A81F0}
2012-02-27 23:03:54 -------- d--h--w- c:\users\tim\appdata\local\{D44D7871-94C5-4B7F-961A-67C8E6055433}
2012-02-27 11:03:18 -------- d--h--w- c:\users\tim\appdata\local\{7694AC0F-5DC5-4BA7-AAE3-7477FA04321B}
2012-02-26 13:14:57 -------- d--h--w- c:\users\tim\appdata\local\{7E602F4A-F8C8-4E38-801E-87669497DBAC}
2012-02-26 13:14:45 -------- d--h--w- c:\users\tim\appdata\local\{D21EA966-0F3F-4FAE-AFED-C5DCE9FF22D7}
2012-02-25 12:11:30 -------- d--h--w- c:\users\tim\appdata\local\{8CFA108B-66CA-4C3A-B836-000D7F938271}
2012-02-25 12:11:19 -------- d--h--w- c:\users\tim\appdata\local\{BE3D9C9D-92A6-440E-BC7A-A4CD7D2C564B}
2012-02-25 00:10:49 -------- d--h--w- c:\users\tim\appdata\local\{DE350CA9-4EE7-4EDF-A009-9AC17CF6067F}
2012-02-24 12:10:20 -------- d--h--w- c:\users\tim\appdata\local\{A7874EA8-F078-4BC8-B59D-A32F381BAC3C}
2012-02-24 12:10:09 -------- d--h--w- c:\users\tim\appdata\local\{C25BF937-C6DE-4CE8-B42A-548A298C212B}
2012-02-24 00:09:45 -------- d--h--w- c:\users\tim\appdata\local\{8F27F645-3CED-4F33-B44E-4BAAD0635222}
2012-02-23 12:09:24 -------- d--h--w- c:\users\tim\appdata\local\{C3CFB9F6-7EB8-47C3-9B19-6DFDA530F9D8}
.
==================== Find3M ====================
.
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 09:45:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-10 12:28:16 0 ----a-w- c:\windows\invcol.tmp
2012-01-05 01:52:59 119808 ----a-w- c:\windows\system32\umpo.dll
2012-01-05 00:19:33 505128 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-05 00:19:33 353576 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-05 00:19:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2012-01-05 00:08:44 93224 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-01-05 00:08:44 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-01-05 00:08:44 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-01-05 00:08:44 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-01-05 00:08:44 114728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
.
============= FINISH: 1:16:08,03 ===============
 schon mal im voraus! |
|
24.03.2012, 16:13
| #2 |
| /// Malware-holic   | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar hi,
__________________öffne avira, ereignisse, poste die fundmeldungen komplett. falls es ein scan war, avira, berichte, kompletten scan bericht posten, den mit funden. danach: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
24.03.2012, 19:16
| #3 |
| | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar Hi Markus!
__________________Danke für die Hilfe!! Ereignisse aus Avira Code:
ATTFilter Exportierte Ereignisse:
24.03.2012 00:48 [System Scanner] Malware gefunden
Die Datei
'C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\12e69ce6-739481d
d'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Inject.U' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0070dd99.qua'
verschoben!
24.03.2012 00:48 [System Scanner] Malware gefunden
Die Datei
'C:\Users\tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\65d69226-71ad306
c'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2010-0840' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '522c876c.qua'
verschoben!
24.03.2012 00:48 [System Scanner] Malware gefunden
Die Datei 'C:\Users\tim\Documents\GOLDPUNKT OMA\Arbeitsmaterialien\SEO
Tools\SBOX\Addons\sboutbound.sb'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.PEPM.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ab6af26.qua'
verschoben!
24.03.2012 00:48 [System Scanner] Malware gefunden
Die Datei 'C:\Users\tim\AppData\Local\Temp\CE49.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '23b0b888.qua'
verschoben!
24.03.2012 00:48 [System Scanner] Malware gefunden
Die Datei 'C:\Users\tim\AppData\Local\Temp\SoftwareUpdate.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6646959c.qua'
verschoben!
Code:
ATTFilter OTL logfile created on: 24.03.2012 19:00:54 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tim\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,82% Memory free 5,83 Gb Paging File | 4,37 Gb Available in Paging File | 75,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,28 Gb Total Space | 130,02 Gb Free Space | 57,71% Space Free | Partition Type: NTFS Computer Name: GOLDKISTE | User Name: tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.24 18:58:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.01.05 02:53:02 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.01.03 08:23:11 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2011.08.24 23:15:32 | 001,568,664 | ---- | M] (Dell Inc.) -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe PRC - [2011.08.24 23:15:20 | 006,306,712 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe PRC - [2011.08.10 16:39:48 | 001,313,640 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\itype.exe PRC - [2011.08.10 16:39:48 | 000,412,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe PRC - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.07.25 16:43:18 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2011.07.21 00:09:46 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2011.07.01 20:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe PRC - [2011.06.29 17:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe PRC - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.06.05 06:20:20 | 000,803,944 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.05.28 00:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe PRC - [2011.05.28 00:39:18 | 000,214,384 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe PRC - [2011.05.11 07:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2011.05.11 07:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2011.04.13 20:41:22 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.08 22:52:08 | 000,227,328 | -H-- | M] (Dell Computer Corporation) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe PRC - [2011.02.24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Services\IPT\jhi_service.exe PRC - [2011.02.08 07:48:18 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2011.01.25 10:57:18 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011.01.25 10:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2010.12.23 21:04:26 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.12.23 21:04:10 | 001,210,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2010.12.23 20:55:44 | 000,577,536 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe PRC - [2010.12.23 20:48:40 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 22:29:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2010.09.15 18:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2010.08.14 02:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- C:\Windows\System32\SDIOAssist.exe PRC - [2010.07.07 22:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2010.05.31 23:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2010.03.12 17:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe PRC - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe ========== Modules (No Company Name) ========== MOD - [2012.02.16 10:43:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\bc264c7dba2096c2c88080090bf42600\IAStorUtil.ni.dll MOD - [2012.02.16 10:36:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012.02.16 10:35:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012.02.16 10:35:52 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012.02.16 10:35:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012.02.16 10:35:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012.02.16 10:35:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012.02.16 10:35:36 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012.01.26 13:29:55 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2012.01.05 02:52:59 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.04 17:58:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.25 16:43:18 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2011.06.10 19:36:34 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2011.06.05 16:22:00 | 000,004,096 | ---- | M] () -- C:\Programme\NVIDIA Corporation\coprocmanager\detoured.dll MOD - [2011.05.05 00:04:04 | 000,355,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2011.05.05 00:04:02 | 001,558,120 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nView.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.21 01:45:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ========== Win32 Services (SafeList) ========== SRV - [2012.03.10 13:30:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.10 22:11:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.08.24 23:15:32 | 001,568,664 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService) SRV - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.07.01 20:28:34 | 001,131,520 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service) SRV - [2011.06.29 17:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.05 06:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.06.05 05:31:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.28 00:39:28 | 002,605,424 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2011.05.24 22:13:38 | 001,508,232 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2011.05.11 07:15:08 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2011.05.11 07:15:08 | 000,031,648 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.24 07:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R) SRV - [2011.02.17 16:08:52 | 001,633,280 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2011.02.08 07:48:18 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2011.01.25 10:57:18 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010.12.23 21:04:26 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.12.23 20:55:44 | 000,577,536 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZCfgSvc7.exe -- (ZcfgSvc7) Intel(R) SRV - [2010.12.23 20:48:40 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.09.22 23:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.11 02:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.03 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2003.04.19 03:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\srvany.exe -- (O2SDIOAssist) ========== Driver Services (SafeList) ========== DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 21:28:26 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler) DRV - [2011.07.20 18:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R) DRV - [2011.07.19 23:24:20 | 000,011,008 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HBtnKey.sys -- (HBtnKey) DRV - [2011.07.15 21:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2011.06.05 16:22:00 | 010,581,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.06.05 16:22:00 | 000,020,328 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2011.05.26 19:50:30 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011.05.10 21:05:48 | 000,033,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2011.05.10 11:41:30 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.03.23 22:50:58 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR) DRV - [2011.01.25 10:57:18 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011.01.04 23:41:58 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011.01.04 22:44:06 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR) DRV - [2010.12.21 20:07:44 | 007,434,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netvsc60.sys -- (netvsc) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusVideoM.sys -- (SynthVid) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.20 03:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2010.07.21 20:13:40 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) DRV - [2010.02.27 01:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 19:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.16 23:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.05.28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{D633CD86-8500-4D76-AFF1-2B31A057F4A0}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{AE420E34-B413-4D93-ACC3-279F27852A26}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.01.10 22:59:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.17 18:18:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.17 18:03:01 | 000,000,000 | ---D | M] [2012.02.08 14:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Extensions [2012.02.08 14:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2012.03.13 17:50:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions [2012.03.13 17:50:41 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.01.26 10:21:39 | 000,000,000 | -H-D | M] (TradeManager-Plugin) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [2012.01.26 10:21:40 | 000,000,000 | -H-D | M] ("OutWit Kernel") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1} [2012.01.26 10:21:42 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.03.13 16:04:26 | 000,000,000 | -H-D | M] (FT DeepDark) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012.01.26 10:21:18 | 000,000,000 | -H-D | M] ("OutWit Hub") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\base-outfit@outwit.com [2012.01.26 10:21:27 | 000,000,000 | -H-D | M] (Delicious Extension) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\delicious@vjkarunapg.com [2012.01.26 10:21:28 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\DeviceDetection@logitech.com [2012.01.26 10:21:35 | 000,000,000 | -H-D | M] ("Xmarks") -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\foxmarks@kei.com [2012.01.26 10:21:35 | 000,000,000 | -H-D | M] (Page Ruler) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\jid1-g0J5YenAv9JWlA@jetpack [2012.01.26 10:21:37 | 000,000,000 | -H-D | M] (Linky) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\linky@gemal.dk [2012.01.26 10:21:37 | 000,000,000 | -H-D | M] ([verify-U]-AVS) -- C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\extensions\verify-u_2@cybits.de [2012.02.01 15:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.17 18:18:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\tim\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACPW05EN] C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [DFEPApplication] c:\Programme\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.) O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.19 62.109.123.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8CF7C7-5844-48B7-93C0-009D803A38C3}: DhcpNameServer = 213.191.74.19 62.109.123.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB}: NameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{81926905-4c0c-11e1-97ed-74de2b9c8e2e}\Shell - "" = AutoRun O33 - MountPoints2\{81926905-4c0c-11e1-97ed-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{81926912-4c0c-11e1-97ed-74de2b9c8e2e}\Shell - "" = AutoRun O33 - MountPoints2\{81926912-4c0c-11e1-97ed-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c04531e0-4d78-11e1-ac4b-100ba9101ce0}\Shell - "" = AutoRun O33 - MountPoints2\{c04531e0-4d78-11e1-ac4b-100ba9101ce0}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{c691bbe7-4c5b-11e1-97d4-74de2b9c8e2e}\Shell - "" = AutoRun O33 - MountPoints2\{c691bbe7-4c5b-11e1-97d4-74de2b9c8e2e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {713D3715-4B10-B951-7BCB-A1F8A741D1B5} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.24 18:57:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2012.03.24 18:41:42 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{2FB28022-CE87-4063-951A-149C08A6338D} [2012.03.24 18:40:35 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{9133C499-B5F9-4905-83AF-48B000237585} [2012.03.24 15:22:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.03.24 01:15:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\tim\Desktop\dds.com [2012.03.24 00:52:15 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{FEFAFC49-B184-41C0-A871-5C71A3F12A93} [2012.03.24 00:51:09 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\{08821E59-7892-4EAA-A1F7-5119AC2F7BA8} [2012.03.23 22:20:51 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Avira [2012.03.23 22:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.03.23 22:15:36 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.03.23 22:15:36 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.03.23 22:15:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.03.23 22:15:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.03.23 22:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.03.23 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.03.23 21:49:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.03.23 12:45:35 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\MySEOSolution_DB_Dir [2012.03.23 12:45:31 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\MySEOSolution [2012.03.23 12:45:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Wizard [2012.03.23 12:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Article Wizard [2012.03.23 10:42:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{271870CF-448E-45AE-ADAF-24E6C25DD9D3} [2012.03.23 10:41:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80C75872-6458-4FDD-85F2-872AC216C186} [2012.03.22 22:16:46 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0F31B976-6470-4CDA-AB61-6EEAFD8B5DA2} [2012.03.22 22:16:35 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{AE10FD9E-B7AA-4DD9-9429-F0D8AF7ECF01} [2012.03.22 10:16:12 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ACA94B5F-F5EE-4D38-BD0C-23E2B76B00BF} [2012.03.22 10:16:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0FF106DB-FDCF-4A36-85A5-E143421CA464} [2012.03.21 22:15:38 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{87BF61A4-1BEF-434D-B77B-1AFDC1423516} [2012.03.21 10:15:17 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DB66502F-A12D-471F-89D0-2CDD4B5CDC8F} [2012.03.21 10:14:40 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{086299ED-B6C4-4D03-8944-3FDAB5EE1CFE} [2012.03.20 21:45:40 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{89784105-383F-479A-8D2D-FCFC253DD7BE} [2012.03.20 09:45:09 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{2A120F72-14C2-4E6C-8AE3-6A9FBE90F23F} [2012.03.20 09:44:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{63E822B4-FFDD-4204-A230-3C391B080AC1} [2012.03.19 21:22:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E1C86CA5-75F1-47E1-ABFD-7CD215FA519C} [2012.03.19 21:22:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{3A38CCD4-BE0D-4E5E-BFAE-EE02FCF2266D} [2012.03.19 09:22:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DB96986A-90C8-4415-A142-F59E0EF194C8} [2012.03.19 09:20:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E6F2045E-0915-4F6B-9DE2-C67E840F9C06} [2012.03.18 14:08:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{45580A3C-5A36-43D0-93C4-DB1097E6E8E7} [2012.03.18 14:08:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{3753E0A4-F2F2-4A06-9CA1-17F2A8D8E88A} [2012.03.17 10:56:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{B9E53D4C-C04B-4D26-B76E-72CF91D01485} [2012.03.17 10:54:59 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{5DBA6D5D-1FCF-4FE3-B0D3-B5F2611F8E18} [2012.03.16 19:07:13 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\ElevatedDiagnostics [2012.03.16 13:15:44 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{BF4CBE36-31C9-44D7-B875-37C8D3479205} [2012.03.16 13:15:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80CAC4A6-B04D-4BA3-9167-C18E9FF4B919} [2012.03.16 00:37:39 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{9A36813A-FD9C-41C1-A104-89DDD11564ED} [2012.03.16 00:37:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{46C0BD45-A012-4F59-AE7E-DFB423D78EB5} [2012.03.15 11:36:24 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{1AFC7E61-B75C-46FB-8DC2-4E14509ECA6A} [2012.03.15 11:34:48 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C5D4F8A9-F1F1-4E79-ADF0-B6C843A50CEC} [2012.03.14 13:32:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.03.14 13:13:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\32bit [2012.03.14 12:29:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{AA9E8203-F10E-451D-BFCF-3F9C0CB1F49F} [2012.03.14 12:28:51 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ED9E28F4-55E8-46FF-8187-2CD7435F3D70} [2012.03.13 10:17:42 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{F517FB15-9A96-4D9B-BBA3-FD678B57EBC8} [2012.03.12 15:57:06 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{5335B526-C3CC-43C1-9E0A-2A74C1FD64FF} [2012.03.12 15:56:55 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E4AA9C88-0C5D-4230-844C-4059EFCEFA59} [2012.03.10 13:30:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012.03.10 12:26:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8E246D73-9CCC-4F26-A45D-B6ABDDC192E4} [2012.03.10 12:26:34 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E5CE3353-BC33-4878-9BA1-1283B5299E50} [2012.03.09 23:03:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7598CAA2-2F46-4C3F-A828-BBC2B8E22200} [2012.03.09 23:03:01 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{ED4828B2-024A-4FD5-A9FB-24A60B37A25C} [2012.03.09 13:51:22 | 000,000,000 | -H-D | C] -- C:\Black [2012.03.09 11:02:28 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E6B01C48-1723-46CA-9731-17D5B678E83F} [2012.03.08 23:01:50 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{1D32F748-3217-4EE9-A668-CCA6F81F58F3} [2012.03.08 11:01:10 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6DC01205-E85F-47EE-B5B1-2A94690358D6} [2012.03.08 11:00:57 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6E042693-057C-40D0-AE0F-006D227B44B4} [2012.03.07 22:10:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{E5D1EFA8-E8A1-4AF5-AB4F-791C7C996881} [2012.03.07 10:09:28 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{EC6A002E-6DAF-4249-976B-11215EB7624B} [2012.03.07 10:09:16 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{86F45F20-359B-48DA-9FD3-BED0A3C8F45F} [2012.03.06 21:58:21 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6CF797DF-06AC-48D2-B457-FDFEB0DD7D2F} [2012.03.06 21:58:10 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{13B5A5C2-01C7-4623-B653-F8F7032CCB02} [2012.03.06 09:57:33 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C1246D82-F5C7-4705-8800-42B2299BE262} [2012.03.06 09:57:22 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A699392E-0403-4548-AACC-3713158919D1} [2012.03.05 23:34:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{97DF9F08-92EB-4BFC-9BB9-816E38B90E0C} [2012.03.05 20:57:25 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\DataDesign [2012.03.05 11:34:18 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0F922214-881D-459E-AF9A-29BCFD4FBB04} [2012.03.05 11:34:07 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{81522F1E-AF6B-4FB3-A48E-D9DA98BB7BFE} [2012.03.02 16:59:52 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.03.02 10:26:58 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{10248E99-FCD5-4DBC-BD8D-A2C88B8BB222} [2012.03.02 10:26:46 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A6DAB23E-0950-4836-BDD4-FAB2BF3D65B2} [2012.03.01 22:26:13 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{2F467FBD-3EBE-4282-8C5D-8B88C2267795} [2012.03.01 22:26:02 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{6308FC79-414A-4532-920F-81F430981621} [2012.03.01 10:44:04 | 000,131,072 | ---- | C] (Dell, Inc.) -- C:\Windows\System32\DellSPMsg.dll [2012.03.01 10:25:32 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{F94A49AB-B7FC-47C4-A20C-A0D6EFBCB36C} [2012.02.29 12:08:29 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{748CC442-51FD-4FA0-A241-0A0E6CBA10FE} [2012.02.29 12:08:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{0EDA4505-C612-477C-A70E-EAF717A42136} [2012.02.29 00:07:48 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{03501109-3989-49CC-9303-490010641B9E} [2012.02.29 00:07:32 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{58A09299-50FF-41AF-A282-BFA6423AE1DB} [2012.02.28 12:04:52 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{35A9597E-5562-41E2-888A-DCAB973F061C} [2012.02.28 12:04:41 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{80BBCC43-1885-4392-8F2E-A15402859A2F} [2012.02.28 00:04:08 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{9C52CD55-1CBE-462D-BDC2-8DCC9C1A81F0} [2012.02.28 00:03:54 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{D44D7871-94C5-4B7F-961A-67C8E6055433} [2012.02.27 12:03:18 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7694AC0F-5DC5-4BA7-AAE3-7477FA04321B} [2012.02.26 14:14:57 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{7E602F4A-F8C8-4E38-801E-87669497DBAC} [2012.02.26 14:14:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{D21EA966-0F3F-4FAE-AFED-C5DCE9FF22D7} [2012.02.25 13:11:30 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8CFA108B-66CA-4C3A-B836-000D7F938271} [2012.02.25 13:11:19 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{BE3D9C9D-92A6-440E-BC7A-A4CD7D2C564B} [2012.02.25 01:10:49 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{DE350CA9-4EE7-4EDF-A009-9AC17CF6067F} [2012.02.24 13:10:20 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{A7874EA8-F078-4BC8-B59D-A32F381BAC3C} [2012.02.24 13:10:09 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{C25BF937-C6DE-4CE8-B42A-548A298C212B} [2012.02.24 01:09:45 | 000,000,000 | -H-D | C] -- C:\Users\tim\AppData\Local\{8F27F645-3CED-4F33-B44E-4BAAD0635222} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\tim\Desktop\*.tmp files -> C:\Users\tim\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.24 18:58:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Desktop\OTL.exe [2012.03.24 18:47:16 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 18:47:16 | 000,021,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.24 18:44:29 | 000,711,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.24 18:44:29 | 000,666,084 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.24 18:44:29 | 000,152,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.24 18:44:29 | 000,125,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.24 18:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.24 18:39:56 | 2347,417,600 | -HS- | M] () -- C:\hiberfil.sys [2012.03.24 15:17:11 | 000,004,574 | ---- | M] () -- C:\Users\tim\Desktop\Logfiles.zip [2012.03.24 15:04:00 | 000,001,112 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job [2012.03.24 01:34:34 | 000,302,592 | ---- | M] () -- C:\Users\tim\Desktop\c4g1rcis.exe [2012.03.24 01:20:08 | 000,302,592 | ---- | M] () -- C:\Users\tim\Desktop\dsqkremy.exe [2012.03.24 01:15:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\tim\Desktop\dds.com [2012.03.24 01:14:20 | 000,000,000 | ---- | M] () -- C:\Users\tim\defogger_reenable [2012.03.24 01:13:21 | 000,050,477 | ---- | M] () -- C:\Users\tim\Desktop\Defogger.exe [2012.03.23 22:17:46 | 001,941,713 | ---- | M] () -- C:\Users\tim\Desktop\bookmarks.html [2012.03.23 22:15:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.23 22:03:14 | 087,227,952 | ---- | M] () -- C:\Users\tim\Desktop\avira_free_antivirus_de.exe [2012.03.23 21:49:55 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~aRVSajHSHnPUwD [2012.03.23 21:49:55 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~aRVSajHSHnPUwDr [2012.03.23 21:49:51 | 000,000,336 | -H-- | M] () -- C:\ProgramData\aRVSajHSHnPUwD [2012.03.23 17:04:00 | 000,001,060 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job [2012.03.23 12:45:02 | 000,002,975 | -H-- | M] () -- C:\Users\tim\Desktop\Article Wizard.lnk [2012.03.23 10:51:44 | 000,001,456 | -H-- | M] () -- C:\Users\tim\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.03.22 21:04:35 | 000,002,392 | -H-- | M] () -- C:\Users\tim\Desktop\Google Chrome.lnk [2012.03.21 12:02:30 | 017,533,723 | -H-- | M] () -- C:\Users\tim\Desktop\kayschlaf.wmv [2012.03.14 18:03:57 | 000,038,468 | -H-- | M] () -- C:\Users\tim\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.03.14 13:21:57 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini [2012.03.14 12:40:10 | 003,851,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.10 00:08:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.03.08 12:11:16 | 000,648,902 | -H-- | M] () -- C:\Users\tim\Desktop\ExCam handout.pdf [2012.03.05 13:45:36 | 000,005,032 | -H-- | M] () -- C:\Users\tim\Desktop\GOLDPUNKT OMA - Verknüpfung.lnk [2012.03.01 22:56:19 | 000,219,683 | -H-- | M] () -- C:\Users\tim\Desktop\sample-advanced.csv [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\tim\Desktop\*.tmp files -> C:\Users\tim\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.24 15:17:11 | 000,004,574 | ---- | C] () -- C:\Users\tim\Desktop\Logfiles.zip [2012.03.24 01:34:32 | 000,302,592 | ---- | C] () -- C:\Users\tim\Desktop\c4g1rcis.exe [2012.03.24 01:20:06 | 000,302,592 | ---- | C] () -- C:\Users\tim\Desktop\dsqkremy.exe [2012.03.24 01:14:20 | 000,000,000 | ---- | C] () -- C:\Users\tim\defogger_reenable [2012.03.24 01:13:20 | 000,050,477 | ---- | C] () -- C:\Users\tim\Desktop\Defogger.exe [2012.03.23 22:17:45 | 001,941,713 | ---- | C] () -- C:\Users\tim\Desktop\bookmarks.html [2012.03.23 22:15:38 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.23 22:02:24 | 087,227,952 | ---- | C] () -- C:\Users\tim\Desktop\avira_free_antivirus_de.exe [2012.03.23 21:49:55 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~aRVSajHSHnPUwD [2012.03.23 21:49:55 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~aRVSajHSHnPUwDr [2012.03.23 21:49:51 | 000,000,336 | -H-- | C] () -- C:\ProgramData\aRVSajHSHnPUwD [2012.03.23 12:45:02 | 000,002,975 | -H-- | C] () -- C:\Users\tim\Desktop\Article Wizard.lnk [2012.03.21 12:01:48 | 017,533,723 | -H-- | C] () -- C:\Users\tim\Desktop\kayschlaf.wmv [2012.03.14 17:43:51 | 000,038,468 | -H-- | C] () -- C:\Users\tim\AppData\Roaming\Microsoft Excel 97-2003.ADR [2012.03.10 00:08:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.03.08 12:11:14 | 000,648,902 | -H-- | C] () -- C:\Users\tim\Desktop\ExCam handout.pdf [2012.03.05 13:45:36 | 000,005,032 | -H-- | C] () -- C:\Users\tim\Desktop\GOLDPUNKT OMA - Verknüpfung.lnk [2012.03.02 16:59:54 | 000,002,392 | -H-- | C] () -- C:\Users\tim\Desktop\Google Chrome.lnk [2012.03.02 16:59:23 | 000,001,112 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job [2012.03.02 16:59:23 | 000,001,060 | -H-- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job [2012.03.01 21:35:46 | 000,219,683 | -H-- | C] () -- C:\Users\tim\Desktop\sample-advanced.csv [2012.02.09 11:39:13 | 000,001,456 | -H-- | C] () -- C:\Users\tim\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.05 21:05:50 | 000,000,132 | -H-- | C] () -- C:\Users\tim\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.01.26 17:33:03 | 000,021,916 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012.01.25 19:00:51 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2012.01.25 19:00:51 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.01.25 18:59:44 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.01.25 18:59:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.01.05 02:48:56 | 000,982,016 | ---- | C] () -- C:\Windows\System32\taboem.dll [2012.01.05 02:48:26 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2012.01.05 02:48:26 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2012.01.05 02:48:26 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.01.05 02:48:26 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.05 02:48:25 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.05 02:48:25 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2012.01.05 02:48:25 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2012.01.05 02:48:25 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.05 01:15:04 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2012.01.05 01:15:02 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2012.01.05 01:15:02 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll [2012.01.05 01:13:13 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2012.01.05 01:13:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\instsrv.exe [2012.01.05 01:13:03 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.06.05 06:20:52 | 001,613,548 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2011.05.13 00:33:50 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll [2011.05.13 00:33:48 | 000,087,040 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll [2011.05.13 00:33:46 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll [2011.05.13 00:33:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll [2011.05.13 00:33:44 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll [2011.05.13 00:33:40 | 000,088,064 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll [2011.05.13 00:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll [2011.05.13 00:33:38 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll [2011.05.13 00:33:36 | 000,091,136 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll [2011.05.13 00:33:34 | 000,089,088 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll [2011.05.13 00:33:34 | 000,084,480 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll [2011.05.13 00:33:32 | 000,095,744 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll [2011.05.13 00:33:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll [2011.05.13 00:33:28 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll [2011.05.13 00:33:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll [2011.05.13 00:33:26 | 000,074,240 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll [2011.05.13 00:33:24 | 000,090,624 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll [2011.05.13 00:33:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll [2011.05.13 00:33:22 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll [2011.05.13 00:33:20 | 000,092,160 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll [2011.05.13 00:33:20 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll [2011.05.13 00:33:18 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll [2011.05.13 00:33:16 | 000,078,848 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll [2011.05.13 00:33:14 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll [2011.05.13 00:33:14 | 000,080,384 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll [2011.05.13 00:33:12 | 000,093,696 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll [2011.05.13 00:33:10 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll [2011.05.13 00:33:08 | 000,094,720 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll [2011.05.13 00:33:06 | 000,091,648 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll [2011.03.21 23:13:58 | 000,012,288 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll [2010.11.21 01:46:14 | 000,711,412 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,152,664 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.20 00:18:20 | 001,008,640 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll ========== LOP Check ========== [2012.02.06 22:26:59 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\ACD Systems [2012.03.05 20:57:25 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\DataDesign [2012.03.19 13:24:08 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\FileZilla [2012.01.27 11:54:03 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\FireShot [2012.01.26 12:22:23 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\gnupg [2012.01.25 18:55:34 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\Lexware [2012.03.23 19:06:24 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\MySEOSolution_DB_Dir [2012.01.25 18:22:57 | 000,000,000 | -H-D | M] -- C:\Users\tim\AppData\Roaming\OpenOffice.org [2012.03.15 11:34:29 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.17 17:58:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.05 01:08:40 | 000,000,000 | -H-D | M] -- C:\Apps [2012.03.09 13:51:22 | 000,000,000 | -H-D | M] -- C:\Black [2012.03.24 18:39:56 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.03.01 10:43:59 | 000,000,000 | -H-D | M] -- C:\dell [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.10 13:25:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.05 02:48:45 | 000,000,000 | -H-D | M] -- C:\Drivers [2012.01.10 14:10:24 | 000,000,000 | -H-D | M] -- C:\Intel [2012.02.05 15:05:48 | 000,000,000 | -H-D | M] -- C:\Logs [2012.01.26 17:42:45 | 000,000,000 | -H-D | M] -- C:\Macromedia [2012.01.10 21:22:44 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.23 22:15:36 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.23 22:15:36 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.10 13:25:37 | 000,000,000 | -HSD | M] -- C:\Programme [2012.03.24 19:02:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.10 13:25:43 | 000,000,000 | ---D | M] -- C:\Users [2012.03.23 22:00:09 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2012.01.05 02:53:03 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTOR.SYS > [2010.11.06 03:39:18 | 000,354,840 | -H-- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Drivers\storage\R291720\iaStor.sys [2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\drivers\iaStor.sys [2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1d4bb208009ee37\iaStor.sys [2010.11.06 03:39:18 | 000,354,840 | ---- | M] (Intel Corporation) MD5=F4037A3FEDB92DD97C95F320766EA5C9 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b507f73c7f31069a\iaStor.sys < MD5 for: IASTORV.SYS > [2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2012.01.05 02:53:02 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2012.01.05 02:53:02 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.11.08 13:15:28 | 000,003,312 | -H-- | M] () -- C:\Users\tim\.ganttproject [2011.11.08 13:15:28 | 000,037,483 | -H-- | M] () -- C:\Users\tim\.ganttproject.log [2012.03.24 01:14:20 | 000,000,000 | ---- | M] () -- C:\Users\tim\defogger_reenable [2011.11.24 16:36:08 | 000,000,078 | -H-- | M] () -- C:\Users\tim\fwactivation.log [2012.03.24 19:00:49 | 005,767,168 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT [2012.03.24 19:00:49 | 000,262,144 | -HS- | M] () -- C:\Users\tim\ntuser.dat.LOG1 [2012.01.10 13:25:48 | 000,000,000 | -HS- | M] () -- C:\Users\tim\ntuser.dat.LOG2 [2012.01.10 13:47:05 | 000,065,536 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.01.10 13:47:05 | 000,524,288 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.01.10 13:47:05 | 000,524,288 | -HS- | M] () -- C:\Users\tim\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.01.10 13:25:48 | 000,000,020 | -HS- | M] () -- C:\Users\tim\ntuser.ini [2011.11.08 13:01:16 | 000,001,924 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-chart.html [2011.11.08 13:01:16 | 000,001,714 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-resources.html [2011.11.08 13:01:16 | 000,003,524 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project-tasks.html [2011.11.08 13:01:16 | 000,001,921 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.html [2011.11.08 13:01:16 | 000,009,633 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.png [2011.11.08 13:01:16 | 000,003,055 | -H-- | M] () -- C:\Users\tim\Untitled Gantt Project.res.png < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
24.03.2012, 19:17
| #4 |
| | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar Extras Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 19:00:54 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\tim\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,91 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 56,82% Memory free
5,83 Gb Paging File | 4,37 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,28 Gb Total Space | 130,02 Gb Free Space | 57,71% Space Free | Partition Type: NTFS
Computer Name: GOLDKISTE | User Name: tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11FCA050-2066-4351-A336-748D838C049C}" = Adobe Creative Suite 5 Web Premium
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{414B7B9C-B353-4821-9393-78AE034079E7}" = NTRU TCG Software Stack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43034BED-DF67-4CC8-8D13-D18B0298F402}" = Lexware büro easy 2011
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-490CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}" = Intel(R) PROSet/Wireless WiFi-Software
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CD55E5-2938-46FA-88E6-AE8EADDC7937}" = Wave Infrastructure Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7FA89EC8-023D-4AEA-94E2-32820FBBDC44}" = Dell ControlVault Host Components Installer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel(R) Network Connections 16.5.2.0
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}" = Dell Feature Enhancement Pack
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_950" = Adobe Acrobat 9.5.0 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8E00BC8-D619-4081-813A-6B5BCC846534}" = Lexware Elster
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1999042-FC82-4098-96B8-510A857C8EA8}" = Google AdWords Editor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"7-Zip" = 7-Zip 9.20
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 6 (Vollversion)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel(R) Network Connections 16.5.2.0
"Screaming Frog SEO Spider" = Screaming Frog SEO Spider
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.03.2012 15:54:20 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 20:54:20.612]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.100]
Error - 20.03.2012 16:07:45 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:07:45.447]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.100]
Error - 20.03.2012 16:12:07 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:12:07.543]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.100]
Error - 20.03.2012 16:17:22 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:17:22.993]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.100]
Error - 20.03.2012 16:19:24 | Computer Name = goldkiste | Source = SideBySide | ID = 16842761
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\outlook
backup assistant\AddIn\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei
"c:\program files\outlook backup assistant\AddIn\adxloader.dll.Manifest" in Zeile
2. Das Stammelement der Manifestdatei muss assembliert sein.
Error - 20.03.2012 16:19:24 | Computer Name = goldkiste | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 20.03.2012 16:19:25 | Computer Name = goldkiste | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\O2Micro\Oz600\DPInst64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.03.2012 16:19:53 | Computer Name = goldkiste | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 20.03.2012 16:44:19 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:44:19.668]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.100]
Error - 20.03.2012 16:45:29 | Computer Name = goldkiste | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/20 21:45:29.508]: [00002488]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.0.100]
[ System Events ]
Error - 21.03.2012 08:10:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description =
Error - 21.03.2012 08:46:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description =
Error - 21.03.2012 08:58:38 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description =
Error - 21.03.2012 09:47:36 | Computer Name = goldkiste | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 05:13:42 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 22.03.2012 12:03:42 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 22.03.2012 14:13:34 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 22.03.2012 16:57:44 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 23.03.2012 04:42:30 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 23.03.2012 05:40:50 | Computer Name = goldkiste | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.36 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
< End of report >
|
|
25.03.2012, 19:08
| #5 |
| /// Malware-holic | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbarCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.03.2012, 19:56
| #6 |
| | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar Hi! Wow - Verknüpfungen, Programme und Dateien sind wieder da!  Hier die Logdatei Code:
ATTFilter ComboFix 12-03-22.01 - tim 25.03.2012 20:45:45.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2985.1620 [GMT 2:00]
ausgeführt von:: c:\users\tim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~aRVSajHSHnPUwD
c:\programdata\~aRVSajHSHnPUwDr
c:\programdata\aRVSajHSHnPUwD
c:\users\tim\AppData\Local\assembly\tmp
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\system32\instsrv.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-25 bis 2012-03-25 ))))))))))))))))))))))))))))))
.
.
2012-03-23 21:20 . 2012-03-23 21:20 -------- d-----w- c:\users\tim\AppData\Roaming\Avira
2012-03-23 21:15 . 2012-03-23 21:15 -------- d-----w- c:\programdata\Avira
2012-03-23 21:15 . 2012-03-23 21:15 -------- d-----w- c:\program files\Avira
2012-03-23 21:15 . 2012-01-31 07:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-23 21:15 . 2012-01-31 07:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-23 21:15 . 2011-09-16 15:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-23 11:45 . 2012-03-23 18:06 -------- d--h--w- c:\users\tim\AppData\Roaming\MySEOSolution_DB_Dir
2012-03-23 11:45 . 2012-03-23 11:45 -------- d--h--w- c:\users\tim\AppData\Local\MySEOSolution
2012-03-23 11:45 . 2012-03-23 11:45 -------- d-----w- c:\program files\Article Wizard
2012-03-23 08:46 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED53BB12-40C8-43C0-9AF5-412FEB0CE39D}\mpengine.dll
2012-03-17 17:18 . 2012-03-17 17:18 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-17 17:18 . 2012-03-17 17:18 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 18:07 . 2012-03-16 18:07 -------- d-----w- c:\users\tim\AppData\Local\ElevatedDiagnostics
2012-03-14 12:13 . 2010-05-12 02:11 -------- d-----w- c:\windows\system32\32bit
2012-03-14 11:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 11:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:32 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:31 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:31 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:31 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:31 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-10 00:16 . 2012-03-10 00:16 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-09 12:51 . 2012-03-09 12:51 -------- d-----w- C:\Black
2012-03-05 19:57 . 2012-03-05 19:57 -------- d--h--w- c:\users\tim\AppData\Roaming\DataDesign
2012-03-01 09:44 . 2009-09-02 05:13 131072 ----a-w- c:\windows\system32\DellSPMsg.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2012-01-10 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 09:45 . 2012-01-05 00:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 10:16 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-10 12:28 . 2012-01-10 12:28 0 ----a-w- c:\windows\invcol.tmp
2012-01-05 01:53 . 2012-01-05 01:53 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-01-05 01:53 . 2012-01-05 01:53 666624 ----a-w- c:\windows\system32\mssvp.dll
2012-01-05 01:53 . 2012-01-05 01:53 59392 ----a-w- c:\windows\system32\msscntrs.dll
2012-01-05 01:53 . 2012-01-05 01:53 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-01-05 01:53 . 2012-01-05 01:53 337408 ----a-w- c:\windows\system32\mssph.dll
2012-01-05 01:53 . 2012-01-05 01:53 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-01-05 01:53 . 2012-01-05 01:53 197120 ----a-w- c:\windows\system32\mssphtb.dll
2012-01-05 01:53 . 2012-01-05 01:53 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-01-05 01:53 . 2012-01-05 01:53 1549312 ----a-w- c:\windows\system32\tquery.dll
2012-01-05 01:53 . 2012-01-05 01:53 1401344 ----a-w- c:\windows\system32\mssrch.dll
2012-01-05 01:53 . 2012-01-26 17:56 2616320 ----a-w- c:\windows\explorer - Kopie.exe
2012-01-05 01:53 . 2012-01-05 01:53 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-05 01:53 . 2012-01-05 01:53 741376 ----a-w- c:\windows\system32\inetcomm.dll
2012-01-05 01:53 . 2012-01-05 01:53 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-01-05 01:53 . 2012-01-05 01:53 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-01-05 01:53 . 2012-01-05 01:53 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-05 01:53 . 2012-01-05 01:53 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-01-05 01:53 . 2012-01-05 01:53 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-01-05 01:53 . 2012-01-05 01:53 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-05 01:53 . 2012-01-05 01:53 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-01-05 01:53 . 2012-01-05 01:53 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-01-05 01:53 . 2012-01-05 01:53 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-01-05 01:53 . 2012-01-05 01:53 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-01-05 01:53 . 2012-01-05 01:53 2616320 ----a-w- c:\windows\explorer.exe
2012-01-05 01:53 . 2012-01-05 01:53 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-01-05 01:53 . 2012-01-05 01:53 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-01-05 01:53 . 2012-01-05 01:53 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-01-05 01:53 . 2012-01-05 01:53 86016 ----a-w- c:\windows\system32\odbccu32.dll
2012-01-05 01:53 . 2012-01-05 01:53 850944 ----a-w- c:\windows\system32\sbe.dll
2012-01-05 01:53 . 2012-01-05 01:53 81920 ----a-w- c:\windows\system32\odbccr32.dll
2012-01-05 01:53 . 2012-01-05 01:53 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-01-05 01:53 . 2012-01-05 01:53 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-01-05 01:53 . 2012-01-05 01:53 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-01-05 01:53 . 2012-01-05 01:53 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-01-05 01:53 . 2012-01-05 01:53 642048 ----a-w- c:\windows\system32\CPFilters.dll
2012-01-05 01:53 . 2012-01-05 01:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-05 01:53 . 2012-01-05 01:53 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-01-05 01:53 . 2012-01-05 01:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-01-05 01:53 . 2012-01-05 01:53 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-01-05 01:53 . 2012-01-05 01:53 290816 ----a-w- c:\windows\system32\KernelBase.dll
2012-01-05 01:53 . 2012-01-05 01:53 271360 ----a-w- c:\windows\system32\conhost.exe
2012-01-05 01:53 . 2012-01-05 01:53 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-01-05 01:53 . 2012-01-05 01:53 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-01-05 01:53 . 2012-01-05 01:53 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-05 01:53 . 2012-01-05 01:53 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-01-05 01:53 . 2012-01-05 01:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-01-05 01:53 . 2012-01-05 01:53 1699328 ----a-w- c:\windows\system32\esent.dll
2012-01-05 01:53 . 2012-01-05 01:53 163840 ----a-w- c:\windows\system32\odbctrac.dll
2012-01-05 01:53 . 2012-01-05 01:53 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-01-05 01:53 . 2012-01-05 01:53 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-01-05 01:53 . 2012-01-05 01:53 122880 ----a-w- c:\windows\system32\odbccp32.dll
2012-01-05 01:53 . 2012-01-05 01:53 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-01-05 01:53 . 2012-01-05 01:53 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-01-05 01:53 . 2012-01-05 01:53 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-01-05 01:53 . 2012-01-05 01:53 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-01-05 01:53 . 2012-01-05 01:53 712576 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-01-05 01:53 . 2012-01-05 01:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-01-05 01:53 . 2012-01-05 01:53 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-05 01:53 . 2012-01-05 01:53 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-05 01:53 . 2012-01-05 01:53 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-01-05 01:53 . 2012-01-05 01:53 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-01-05 01:53 . 2012-01-05 01:53 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-01-05 01:53 . 2012-01-05 01:53 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-01-05 01:53 . 2012-01-05 01:53 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-01-05 01:53 . 2012-01-05 01:53 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-05 01:53 . 2012-01-05 01:53 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-01-05 01:53 . 2012-01-05 01:53 202240 ----a-w- c:\windows\system32\input.dll
2012-01-05 01:53 . 2012-01-05 01:53 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-17 17:18 . 2012-01-10 20:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 23:38 120184 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-20 505720]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1210640]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-08-09 112408]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2011-08-24 6306712]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 214384]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-01-03 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 176408]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-05 288872]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"ACPW05EN"="c:\program files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2011-8-25 494488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 17:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2003-04-19 8192]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 132480]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-10 139368]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7.sys [2011-01-04 60904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 20328]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 17904]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-05-11 826272]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-05-11 31648]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-08-24 1568664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-05 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-08 2656536]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1131520]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 577536]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys [2011-07-22 44144]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2012-01-05 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-01-05 33832]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2011-05-10 33896]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2011-07-20 268968]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-12-21 7434240]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [2011-01-04 62440]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [2011-03-23 63976]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002Core.job
- c:\users\tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 15:59]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1369712254-226175664-1249323534-1002UA.job
- c:\users\tim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 15:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.191.92.87 62.109.123.6
TCP: Interfaces\{F8DBC941-330C-4470-8F09-24C7E44A34EB}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\7ninmsum.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=fw
FF - prefs.js: network.proxy.ftp - 108.62.148.233
FF - prefs.js: network.proxy.ftp_port - 19755
FF - prefs.js: network.proxy.http - 108.62.148.233
FF - prefs.js: network.proxy.http_port - 19755
FF - prefs.js: network.proxy.socks - 108.62.148.233
FF - prefs.js: network.proxy.socks_port - 19755
FF - prefs.js: network.proxy.ssl - 108.62.148.233
FF - prefs.js: network.proxy.ssl_port - 19755
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-1369712254-226175664-1249323534-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-1369712254-226175664-1249323534-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\wvauth.DLL
c:\windows\System32\TdmNetworkProvider.dll
.
Zeit der Fertigstellung: 2012-03-25 20:51:46
ComboFix-quarantined-files.txt 2012-03-25 18:51
.
Vor Suchlauf: 5 Verzeichnis(se), 138.756.972.544 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 142.356.094.976 Bytes frei
.
- - End Of File - - 7E6D394EF884F94E77A96320BE72C75D
Nachtrag: Dateien sind anscheinend alle wieder da. Auch Programme kann ich öffnen, wenn ich die .exe direkt über c/programme/ aufrufe, allerdings sind die Verknüpfungen aus Windows Taskleiste/Schnellstart etc. noch leer. |
|
26.03.2012, 10:22
| #7 |
| /// Malware-holic | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar welche verknüpfungen meinst du, zuletzt verwendet oder alle programme? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 11:14
| #8 |
| | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar Ich rede vom Startmenü. Unter "Alle Programme" werden mir die Ordner der meisten Programme angezeigt (einige Programmordner fehlen aber, z.b. Firefox). Bei den Programmen, die angezeigt werden (beispielsweise MS Office) erscheint dort nur (leer). Direkt kann ich wie gesagt alle Programme über den entsprechenden Pfad aufrufen (C:\Program Files\Microsoft Office\Office14\Outlook.exe). Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.26.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 tim :: GOLDKISTE [Administrator] 26.03.2012 11:28:58 mbam-log-2012-03-26 (11-28-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 436206 Laufzeit: 32 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.03.2012, 15:34
| #9 |
| /// Malware-holic | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.03.2012, 12:29
| #10 |
| | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar unhide hat einige der Verknüpfungen wiederhergestellt - einige musste ich per Hand geradeziehen. An dieser Stelle VIELEN VIELEN DANK für die großartige + schnelle Hilfe. Ohne deine Hilfe hätte ich das niemals geschafft... Den Spendenbutton habe ich schon gesehen und werde ihn auch beherzigen. Damit sowas nicht nochmal passiert: Gibt es eine Empfehlung für einen guten Virenscanner? Danke nochmals + viele Grüße: Tim |
|
27.03.2012, 17:46
| #11 |
| /// Malware-holic | TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar der spenden buton is immer in meiner signatur :-) anleitung zur absicherung gibts noch. lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu TR/Crypt.xpack.gen - alle Programme/Dateien unsichtbar |
| adobe, antivir, browser, defender, desktop, desktop leer, document, exp/cve-2010-0840, explorer, firefox, helper, hängen, java/inject.u, neustart, notification, nvidia update, nvpciflt.sys, pdf, plug-in, scan, security, server, svchost.exe, tr/crypt.pepm.gen, tr/crypt.xpack.ge, tr/crypt.xpack.gen, updates, viele popups, windows |
Linear-Darstellung
