Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vermuttung auf illegales

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.05.2010, 17:56   #1
Michali
 
Vermuttung auf illegales - Böse

Vermuttung auf illegales



Möchte nach dem ich meinen rechner nach einer LANparty bei einem "kumpel" stehen gelassen habe
nachschauen lassen ob da irgen dwas wie Keygen oder so drauf ist
Ich hab die vermuttung das er irgendwas da gemacht hat
MBAM ist gerade am laufen

hier der Logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:41, on 09.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7431 bytes

Alt 10.05.2010, 14:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Stell File Age am besten mal auf 90 Tage
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 10.05.2010, 22:15   #3
Michali
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



OTL logfile created on: 10.05.2010 21:48:42 - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Micha\Desktop\System
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,70 Gb Total Space | 10,22 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive D: | 21,05 Gb Total Space | 5,02 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive E: | 3,54 Gb Total Space | 3,50 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 7,67 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 115,96 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive H: | 149,05 Gb Total Space | 67,69 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive I: | 52,00 Gb Total Space | 49,26 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive J: | 145,49 Gb Total Space | 84,73 Gb Free Space | 58,24% Space Free | Partition Type: NTFS
Drive K: | 268,79 Gb Total Space | 147,50 Gb Free Space | 54,87% Space Free | Partition Type: NTFS
Drive P: | 3,91 Gb Total Space | 2,34 Gb Free Space | 59,81% Space Free | Partition Type: FAT32

Computer Name:XXX-PC
Current User Name: XXX
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\Micha\Desktop\System\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Users\Micha\Desktop\System\OTL.exe (OldTimer Tools)
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AODService) -- F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (LMIMaint) -- F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LogMeIn) -- F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
__________________

Alt 10.05.2010, 22:16   #4
Michali
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



Und hier die
OTL extra:
OTL Extras logfile created on: 10.05.2010 21:48:42 - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\xxxx\Desktop\System
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,70 Gb Total Space | 10,22 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive D: | 21,05 Gb Total Space | 5,02 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive E: | 3,54 Gb Total Space | 3,50 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 7,67 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 115,96 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive H: | 149,05 Gb Total Space | 67,69 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive I: | 52,00 Gb Total Space | 49,26 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive J: | 145,49 Gb Total Space | 84,73 Gb Free Space | 58,24% Space Free | Partition Type: NTFS
Drive K: | 268,79 Gb Total Space | 147,50 Gb Free Space | 54,87% Space Free | Partition Type: NTFS
Drive P: | 3,91 Gb Total Space | 2,34 Gb Free Space | 59,81% Space Free | Partition Type: FAT32

Computer Name: MICHA-PC
Current User Name: Micha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = FE 34 47 15 04 A5 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDB65B8-1FC4-47A1-A6B8-C2428881BFC7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0F6FA297-5557-4FD8-B853-D842AE009CB0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11F6C1DB-7105-4C27-9224-A4A4FA694787}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{1C85FFC9-0C58-4531-B273-628C77D16BD4}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{1CCBECC9-094B-4239-9DD5-9D15D66FCF16}" = lport=139 | protocol=6 | dir=in | app=system |
"{225AE970-6FBA-40A5-9725-68A8D60FB2A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2555B222-9259-4487-8E8B-F648FEDAD0F8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{273500B3-E445-44E5-B467-813C8E098212}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{387A81EF-C992-4646-8025-720F34F60D93}" = rport=137 | protocol=17 | dir=out | app=system |
"{3BDB007B-7616-499F-A195-1A893CABC9AB}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{4948C6BC-A1FB-4048-B24F-1896CF7DBB01}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{51BE340D-5854-4AD1-892C-F4569E3C5EC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{57B6BC02-2ACA-4DF9-B1A0-57EF624D7A7F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{67CB7D5F-E467-428C-8B12-5F3A7F765305}" = rport=5357 | protocol=6 | dir=out | app=system |
"{68157858-7464-4C20-880A-2A48099E2FE5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{6E686DC7-585F-42E0-A2C2-4C2697E57B23}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{7443CD59-8E7F-444A-BAE4-526C9F4EE6D3}" = rport=5358 | protocol=6 | dir=out | app=system |
"{78C009C6-1DAA-45F6-B4C2-74BB1A24F9CD}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7D97DC12-57C6-4393-8DAF-BC8CB6A652A2}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7FF01A75-580D-432F-B825-48469BFF6B60}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{8073337E-69B9-475F-90C5-7D8BAF4C43E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{835BB3CD-F3D9-45D1-BE80-5B78BE28133A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{888D1290-8F4B-4A45-AB46-2213CFEDD159}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9D9599E5-4D59-48B2-AEFE-C3917E7EE751}" = rport=445 | protocol=6 | dir=out | app=system |
"{9E2AC8B8-BD7D-4667-910D-B79B75AE2E54}" = lport=137 | protocol=17 | dir=in | app=system |
"{A39D998B-DDCD-4FA3-91A7-4686290A9B59}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B11B6BE4-97F7-416C-9A7E-5F05F9AD9BBC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B85F587D-B31D-4A87-87E6-5339E1843471}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B8821B0D-FB13-4891-946A-2CC61A84B6BC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B8B41C2A-F4F8-4C10-B6C4-B5FEF057350B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEF45C69-4538-41D4-A9A4-921A40F150FA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D110DB6F-9F07-478A-82C7-C62550BB0F65}" = lport=5357 | protocol=6 | dir=in | app=system |
"{E4A86D32-9BF1-4C5F-B139-4F31C2EE3D03}" = rport=138 | protocol=17 | dir=out | app=system |
"{E74051C2-84F4-47E8-88B3-D13750F9A0AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED4580E4-5A07-4C4B-84C7-65DE1267EF04}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{F132F331-99C0-4A11-85E5-B1A0C1C351D3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{F8C6384B-A16A-402D-8AA5-A7407231BE54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FAEC87E7-4F0C-46CB-937B-A852D918E94E}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025E9964-52B8-4D12-A1DF-04C1B06C7A8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0DF7F4CE-BD1D-4265-853F-D9C88097AAEA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{32B11BC7-B1D2-41E0-AB81-B28588F5D4F3}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{45309DA5-F9F2-44AC-95BF-D79F94AA2A62}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{57264238-FB9E-4720-96BA-60787F8C9B0B}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{617BCC59-CF7A-40CB-968F-29F5475A50B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6886FF3C-E66C-487F-92C8-FF8EE61AF8A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74BFFCC2-8DE0-49DD-A182-0007BA4E81B8}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{794C2F4A-BE34-42AC-A6B9-8C3AECDBB450}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{7C87D329-ACED-4956-9F79-5FBCF056E64C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{844E44DB-2E3F-4591-AFE9-35C566D19C80}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8466510E-803A-434F-B364-C64451D08AFD}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{90537A6E-E49D-485A-A3DF-EB2E7FF2DCA4}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A122B965-23A4-4E77-822C-E9EE8125E271}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A6AF2D15-588E-4B7C-BBC3-5FC4109A766D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D2301635-9D16-492D-A940-0A51BA70FBAC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D892A055-9B52-40BB-B0FC-2968A27DFAD2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{FF9AE530-CC21-4D0A-9784-0C88308C8BD7}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{DA93333C-0262-48C8-8921-5384AE563F99}" = Tunebite
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}" = AMD OverDrive
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.4
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Conan" = Conan
"DivX Setup.divx.com" = DivX-Setup
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.1d
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nano" = Nano 1.1.1
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"RivaTuner" = RivaTuner v2.24
"SpeedFan" = SpeedFan (remove only)
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.05.2010 15:31:09 | Computer Name = Micha-PC | Source = Software Licensing Service | ID = 12291
Description = Fehler beim Starten des Schlüsselverwaltungsdienstes (Key Management
Service, KMS). Info: hr=0xC004D301

Error - 03.05.2010 15:31:37 | Computer Name = Micha-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.

Error - 03.05.2010 15:32:14 | Computer Name = Micha-PC | Source = WinMgmt | ID = 10
Description =

Error - 03.05.2010 15:45:15 | Computer Name = Micha-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AODAssist.exe, Version 0.0.0.0, Zeitstempel
0x4ae01c7b, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004da45, Prozess-ID 0x8ac, Anwendungsstartzeit
01caeaf738730b27.

Error - 03.05.2010 15:50:49 | Computer Name = Micha-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dnetc.exe, Version 2.9105.511.0, Zeitstempel
0x4a27f13b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0xde9bd85c, Prozess-ID 0x110, Anwendungsstartzeit
01caeaf892d7937f.

Error - 04.05.2010 12:55:51 | Computer Name = Micha-PC | Source = WinMgmt | ID = 10
Description =

Error - 04.05.2010 12:58:12 | Computer Name = Micha-PC | Source = Software Licensing Service | ID = 8198
Description = Die Lizenzaktivierung (SLUINotify.dll) ist mit folgendem Fehlercode
fehlgeschlagen: 0x80070057

Error - 04.05.2010 12:59:01 | Computer Name = Micha-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 04.05.2010 12:59:01 | Computer Name = Micha-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\ProgramData\DivX\RunAsUser\RUNASUSERPROCESS.exe".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.05.2010 17:50:04 | Computer Name = Micha-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 02.05.2010 14:19:28 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03.05.2010 00:32:59 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03.05.2010 15:32:14 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03.05.2010 15:45:19 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 03.05.2010 15:58:33 | Computer Name = Micha-PC | Source = BROWSER | ID = 8032
Description =

Error - 04.05.2010 12:54:42 | Computer Name = Micha-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 04.05.2010 um 18:49:18 unerwartet heruntergefahren.

Error - 04.05.2010 12:55:51 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 05.05.2010 17:50:04 | Computer Name = Micha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08.05.2010 04:42:27 | Computer Name = Micha-PC | Source = BROWSER | ID = 8032
Description =

Error - 09.05.2010 05:56:24 | Computer Name = Micha-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

Alt 11.05.2010, 11:41   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



Das OTL Log (das erste) ist unvollständig.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2010, 20:42   #6
Michali
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



hier nochmal das komplette log:

OTL logfile created on: 10.05.2010 21:48:42 - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Micha\Desktop\System
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 46,70 Gb Total Space | 10,22 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive D: | 21,05 Gb Total Space | 5,02 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive E: | 3,54 Gb Total Space | 3,50 Gb Free Space | 98,74% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 7,67 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive G: | 232,88 Gb Total Space | 115,96 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive H: | 149,05 Gb Total Space | 67,69 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive I: | 52,00 Gb Total Space | 49,26 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive J: | 145,49 Gb Total Space | 84,73 Gb Free Space | 58,24% Space Free | Partition Type: NTFS
Drive K: | 268,79 Gb Total Space | 147,50 Gb Free Space | 54,87% Space Free | Partition Type: NTFS
Drive P: | 3,91 Gb Total Space | 2,34 Gb Free Space | 59,81% Space Free | Partition Type: FAT32

Computer Name: MICHA-PC
Current User Name: Micha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\Micha\Desktop\System\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Users\Micha\Desktop\System\OTL.exe (OldTimer Tools)
MOD - C:\Programme\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AODService) -- F:\Program Files (x86)\AMD\OverDrive\AODAssist.exe ()
SRV - (LMIMaint) -- F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (LogMeIn) -- F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (nTuneService) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVStrap) -- C:\Windows\SysNative\drivers\NVStrap.sys ()
DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys (Check Point Software Technologies LTD)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\DRIVERS\vncmirror.sys (RealVNC Ltd.)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVAC64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (DRHARD64) -- C:\Windows\SysNative\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV:64bit: - (SI3112r) -- C:\Windows\SysNative\DRIVERS\SI3112r.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\DRIVERS\ATITool64.sys ()
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\DRIVERS\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys ()
DRV - (AODDriver) -- F:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys (Advanced Micro Devices)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (LMIInfo) -- F:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (DRHARD64) -- C:\Windows\SysWOW64\drivers\DRHARD64.sys (Licensed for Gebhard Software)
DRV - (CrystalSysInfo) -- C:\Users\Micha\Documents\CrystalCPUID415x64\SysInfoX64.sys ()
DRV - (NVR0Dev) -- C:\Windows\nvoclk64.sys (NVidia Corp.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 6B 65 BA 1F C6 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.578


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010.02.01 19:54:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.01 16:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.01 16:12:42 | 000,000,000 | ---D | M]

[2010.01.28 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2010.05.09 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions
[2010.01.30 16:18:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.16 05:56:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.06 12:59:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.05 22:13:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.02.26 00:44:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\DeviceDetection@logitech.com
[2010.04.13 21:49:27 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\r4n4fswf.default\extensions\LogMeInClient@logmein.com
[2010.03.09 22:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.04.28 19:23:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.28 19:23:09 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.28 19:23:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.28 19:23:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.28 19:23:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] F:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Micha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Micha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.04 16:45:34 | 000,942,960 | ---- | M] (RapidSolution Software AG) - F:\autotag.dll -- [ NTFS ]
O32 - AutoRun File - [1998.10.08 20:09:50 | 000,058,880 | ---- | M] () - G:\AUTORUN.EXE -- [ NTFS ]
O32 - AutoRun File - [2009.01.30 15:54:40 | 004,113,004 | ---- | M] () - H:\AutoRuns - Kopie.arn -- [ NTFS ]
O32 - AutoRun File - [2009.01.30 15:54:40 | 004,113,004 | ---- | M] () - H:\AutoRuns.arn -- [ NTFS ]
O33 - MountPoints2\{0f9e701a-4fb2-11df-a1e2-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{0f9e701a-4fb2-11df-a1e2-001731ad66da}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d12bad6-2fa0-11df-b75d-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{4d12bad6-2fa0-11df-b75d-001731ad66da}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d12bae0-2fa0-11df-b75d-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{4d12bae0-2fa0-11df-b75d-001731ad66da}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{4d12bae8-2fa0-11df-b75d-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{4d12bae8-2fa0-11df-b75d-001731ad66da}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{8972e3d0-0c46-11df-b1c0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8972e3d0-0c46-11df-b1c0-806e6f6e6963}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O33 - MountPoints2\{aab10d57-0e4c-11df-91e0-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{aab10d57-0e4c-11df-91e0-001731ad66da}\Shell\AutoRun\command - "" = R:\AutoRun.exe -- File not found
O33 - MountPoints2\{aab10d6a-0e4c-11df-91e0-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{aab10d6a-0e4c-11df-91e0-001731ad66da}\Shell\AutoRun\command - "" = N:\AutoRun.exe -- File not found
O33 - MountPoints2\{e20bc937-504d-11df-bc95-001731ad66da}\Shell - "" = AutoRun
O33 - MountPoints2\{e20bc937-504d-11df-bc95-001731ad66da}\Shell\AutoRun\command - "" = O:\AutoRun.exe -- File not found
O33 - MountPoints2\R\Shell - "" = AutoRun
O33 - MountPoints2\R\Shell\AutoRun\command - "" = R:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010.05.04 18:58:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\DivX
[2010.05.04 18:58:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.05.04 18:58:17 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.05.01 16:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010.04.25 19:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.04.25 19:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.04.25 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.25 03:12:23 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.04.25 03:12:23 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.04.25 03:12:23 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.04.25 03:12:21 | 021,005,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.04.25 03:12:21 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.04.25 03:12:19 | 009,386,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.04.25 03:12:19 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.04.25 03:12:19 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.04.25 03:12:19 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.04.25 03:12:19 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.04.25 03:12:17 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.04.25 03:12:17 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.04.25 03:12:17 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.04.25 03:12:17 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.04.25 03:12:17 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.04.25 03:12:17 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010.04.25 03:12:17 | 000,254,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.04.25 02:21:03 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFC71.dll
[2010.04.25 02:21:03 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp71.dll
[2010.04.25 02:21:03 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr71.dll
[2010.04.25 02:20:54 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\NVIDIA Corporation
[2010.04.25 02:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.04.25 02:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA nTune Performance Application
[2010.04.24 20:39:51 | 000,000,000 | RH-D | C] -- C:\Users\Micha\AppData\Roaming\SecuROM
[2010.04.24 20:34:20 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2010.04.24 20:34:20 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2010.04.24 20:34:20 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2010.04.24 20:34:20 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2010.04.24 20:34:09 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2010.04.24 20:34:09 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2010.04.24 20:34:09 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2010.04.24 20:34:09 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2010.04.24 20:34:08 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2010.04.24 20:34:08 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.04.24 20:34:08 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2010.04.24 20:34:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.04.24 20:34:07 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010.04.24 20:34:07 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2010.04.24 20:34:07 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010.04.24 20:34:07 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2010.04.24 20:12:04 | 000,081,034 | ---- | C] (BioWare Corp.) -- C:\Windows\Uninstall Jade Empire.exe
[2010.04.24 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft Games
[2010.04.24 10:41:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Command and Conquer Generals Zero Hour Data
[2010.04.22 23:00:50 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Microsoft Games
[2010.04.13 20:42:10 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.13 20:42:07 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.13 20:42:07 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.13 20:42:04 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.13 20:42:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.13 20:42:02 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.13 20:42:02 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.13 20:42:00 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codecp.acm
[2010.04.13 20:42:00 | 000,181,760 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codecp.acm
[2010.04.13 20:42:00 | 000,072,192 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysNative\l3codeca.acm
[2010.04.13 20:42:00 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\SysWow64\l3codeca.acm
[2010.04.11 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Any Video Converter
[2010.04.11 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\AnvSoft
[2010.04.06 20:57:05 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010.04.05 18:31:13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.04.05 18:31:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.04.05 18:31:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.04.05 18:31:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.04.05 18:31:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.04.05 18:31:10 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.04.05 18:31:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.04.05 18:31:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.04.05 18:31:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.04.05 18:31:09 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.04.05 18:31:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.04.05 18:31:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.04.05 18:31:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.04.05 18:31:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.04.05 18:31:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.04.05 18:31:07 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.04.05 18:31:06 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.04.05 18:31:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.04.05 18:31:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.04.05 18:31:05 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.04.05 18:31:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.04.05 18:31:04 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.04.05 18:31:04 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.04.05 18:31:03 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.04.05 18:31:02 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.04.05 18:31:02 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.04.05 18:31:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.05 18:31:02 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.04.05 18:31:01 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.04.05 18:31:01 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.04.05 18:31:01 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.05 18:31:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.04.05 18:31:00 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.04.03 18:42:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.04.03 18:42:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.04.03 18:42:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.04.03 18:42:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.04.03 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack
[2010.04.03 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Micha\{4203f447-cf87-4684-a133-7925450b4f68}
[2010.04.03 11:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010.04.03 11:51:52 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\RapidSolution
[2010.03.27 10:45:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.03.25 20:27:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Avira
[2010.03.25 20:09:00 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.03.25 20:09:00 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.03.25 20:09:00 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.03.25 20:09:00 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.03.25 20:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.03.25 20:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.03.24 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Jacobs, Aaron-Peter
[2010.03.24 06:50:15 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\LogMeIn
[2010.03.24 06:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2010.03.24 06:50:05 | 000,029,496 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2010.03.24 06:50:04 | 000,087,384 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2010.03.24 06:50:04 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2010.03.24 06:50:02 | 000,080,696 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2010.03.24 06:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Deployment
[2010.03.24 06:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Apps
[2010.03.24 06:09:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\AntiBrowserSpy 2009
[2010.03.24 06:08:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Abelssoft
[2010.03.17 00:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.03.16 23:19:51 | 000,039,424 | ---- | C] (AMD, Inc.) -- C:\Windows\SysNative\drivers\AmdLLD64.sys
[2010.03.16 23:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2010.03.16 23:13:41 | 000,012,800 | ---- | C] (AsusTek Computer Inc.) -- C:\Windows\BS_DEF.sys
[2010.03.16 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Download Manager
[2010.03.16 02:17:41 | 000,000,000 | ---D | C] -- C:\Users\Micha\Application Data
[2010.03.15 00:58:39 | 000,132,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2010.03.15 00:58:39 | 000,116,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2010.03.15 00:58:39 | 000,113,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2010.03.15 00:58:39 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2010.03.12 11:24:28 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.03.12 04:01:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.03.12 04:01:53 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.03.12 04:01:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.03.12 04:01:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010.03.10 19:36:26 | 000,000,000 | ---D | C] -- C:\Users\Micha\DoctorWeb
[2010.03.08 19:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2010.03.04 16:13:36 | 000,046,112 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2010.03.02 20:46:46 | 000,000,000 | R--D | C] -- C:\Users\Micha\Documents\Notes
[2010.03.02 15:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.02.28 01:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.02.27 15:25:55 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Ashampoo
[2010.02.27 15:18:54 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\ashampoo
[2010.02.27 15:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.02.27 15:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2010.02.27 15:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.02.27 14:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.02.27 14:19:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.02.27 00:48:49 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Vso
[2010.02.27 00:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2010.02.26 01:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2010.02.26 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.02.26 01:06:26 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Logitech
[2010.02.26 01:06:18 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2010.02.26 01:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.02.26 01:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.02.26 01:03:50 | 000,190,992 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\BtCoreIf.dll
[2010.02.26 01:03:45 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2010.02.26 01:03:45 | 000,235,536 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\kemutb.dll
[2010.02.26 01:03:45 | 000,159,248 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2010.02.26 01:03:45 | 000,096,272 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\KemXML.dll
[2010.02.26 01:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.02.26 01:03:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.02.26 01:03:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd
[2010.02.26 01:03:17 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.02.26 01:01:22 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\TuneUp Software
[2010.02.26 01:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.02.26 00:59:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.02.24 23:35:50 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.02.24 23:35:50 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.02.24 23:35:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.02.24 23:35:23 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.02.24 23:35:23 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.02.24 23:35:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.02.24 23:35:22 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.02.24 23:35:22 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.02.24 23:35:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.02.24 23:35:22 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.02.24 23:35:22 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.02.24 23:35:22 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.02.24 23:35:22 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.02.24 23:35:22 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.02.24 23:35:21 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010.02.24 23:35:21 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010.02.24 23:35:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.02.24 23:35:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.02.24 23:35:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.02.24 23:35:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.02.24 23:35:17 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010.02.24 23:35:17 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010.02.24 23:35:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.02.24 23:35:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.02.24 23:35:16 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.02.24 23:35:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.02.24 23:24:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.02.23 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes
[2010.02.23 20:17:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.23 20:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.23 20:17:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.23 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.19 21:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivX.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx0c.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx07.dll
[2010.02.19 21:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx0a.dll
[2010.02.19 21:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx16.dll
[2010.02.19 21:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx11.dll
[2010.02.16 19:28:01 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\DVDFab
[2010.02.11 17:50:36 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.02.11 17:50:35 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.02.11 17:50:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.02.11 17:50:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.02.11 17:50:35 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.02.11 17:50:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.02.11 17:50:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.02.11 17:50:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.02.11 17:50:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010.02.11 17:50:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.05.10 21:47:49 | 001,048,576 | -HS- | M] () -- C:\Users\Micha\ntuser.dat
[2010.05.10 21:43:25 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31332379-6E26-4810-ADC0-A39F223E7EE1}.job
[2010.05.10 21:43:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.09 21:39:40 | 000,002,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.09 21:39:40 | 000,002,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 23:49:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.05 23:46:08 | 000,524,288 | -HS- | M] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TMContainer00000000000000000001.regtrans-ms
[2010.05.05 23:46:08 | 000,065,536 | -HS- | M] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TM.blf
[2010.05.05 23:46:06 | 001,921,233 | -H-- | M] () -- C:\Users\Micha\AppData\Local\IconCache.db
[2010.05.04 18:58:55 | 000,001,429 | ---- | M] () -- C:\Users\Micha\Desktop\DivX Movies.lnk
[2010.05.04 18:58:26 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.04 18:58:14 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.03 21:30:54 | 388,050,194 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.03 06:32:13 | 000,261,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.02 20:12:35 | 000,110,592 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl
[2010.05.01 16:07:56 | 000,000,732 | ---- | M] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
[2010.05.01 12:54:43 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.01 12:54:43 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.01 12:54:43 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.01 12:54:43 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.01 12:54:43 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.01 11:05:23 | 000,000,082 | ---- | M] () -- C:\Users\Micha\Documents\cc_20100501_110521.reg
[2010.05.01 11:05:02 | 000,004,386 | ---- | M] () -- C:\Users\Micha\Documents\cc_20100501_110455.reg
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010.04.25 02:21:14 | 000,001,906 | ---- | M] () -- C:\Users\Micha\Desktop\NVIDIA Monitor.lnk
[2010.04.25 02:21:14 | 000,001,537 | ---- | M] () -- C:\Users\Micha\Desktop\nTune.lnk
[2010.04.24 20:12:05 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\Jade Empire.lnk
[2010.04.24 20:12:04 | 000,081,034 | ---- | M] (BioWare Corp.) -- C:\Windows\Uninstall Jade Empire.exe
[2010.04.24 19:53:47 | 000,002,484 | ---- | M] () -- C:\Users\Micha\Documents\cc_20100424_195344.reg
[2010.04.22 12:15:10 | 000,024,064 | ---- | M] () -- C:\Users\Micha\Documents\Michael Lindner schreiben amt Heindel 22.doc
[2010.04.11 23:31:39 | 000,007,014 | ---- | M] () -- C:\Users\Micha\Documents\cc_20100411_233052.reg
[2010.04.11 23:28:32 | 000,001,695 | ---- | M] () -- C:\Users\Micha\Desktop\CCleaner.lnk
[2010.04.11 22:42:40 | 000,028,160 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 10:44:01 | 000,000,742 | ---- | M] () -- C:\Users\Micha\Desktop\Any Video Converter.lnk
[2010.04.06 05:52:35 | 000,524,288 | -HS- | M] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 17:54:31 | 000,524,288 | -HS- | M] () -- C:\Users\Micha\ntuser.dat{66e9c8dc-110c-11df-8559-001731ad66da}.TMContainer00000000000000000001.regtrans-ms
[2010.04.05 17:54:31 | 000,065,536 | -HS- | M] () -- C:\Users\Micha\ntuser.dat{66e9c8dc-110c-11df-8559-001731ad66da}.TM.blf
[2010.04.04 00:55:31 | 021,005,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.04.04 00:55:31 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.04.04 00:55:31 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.04.04 00:55:31 | 011,906,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.04.04 00:55:31 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.04.04 00:55:31 | 009,386,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.04.04 00:55:31 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.04.04 00:55:31 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.04.04 00:55:31 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.04.04 00:55:31 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.04.04 00:55:31 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.04.04 00:55:31 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.04.04 00:55:31 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010.04.04 00:55:31 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.04.04 00:55:31 | 000,658,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvudisp.exe
[2010.04.04 00:55:31 | 000,254,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1914.dll
[2010.04.04 00:55:31 | 000,254,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.04.04 00:55:31 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.04.04 00:55:31 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.04.04 00:55:31 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.04.04 00:55:31 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.04.03 18:42:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.04.03 18:42:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.04.03 18:42:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.04.03 18:42:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.04.03 18:41:38 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2010.04.03 18:41:38 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml
[2010.04.02 16:54:44 | 000,658,536 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010.03.27 19:58:14 | 000,000,683 | ---- | M] () -- C:\Users\Micha\Desktop\GameSpy Arcade.lnk
[2010.03.27 19:54:42 | 000,000,773 | ---- | M] () -- C:\Users\Micha\Desktop\Conan.lnk
[2010.03.25 20:09:22 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.03.24 07:53:41 | 000,022,054 | ---- | M] () -- C:\Users\Micha\Documents\cc_20100324_065303.reg
[2010.03.24 06:49:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.03.24 06:08:47 | 000,000,717 | ---- | M] () -- C:\Users\Micha\Desktop\AntiBrowserSpy.lnk
[2010.03.16 23:15:26 | 000,025,794 | ---- | M] () -- C:\Users\Micha\Documents\AWDFLASH117.zip
[2010.03.16 23:14:17 | 000,012,800 | ---- | M] (AsusTek Computer Inc.) -- C:\Windows\BS_DEF.sys
[2010.03.16 23:13:02 | 004,239,941 | ---- | M] () -- C:\Users\Micha\Documents\AsusUpdt_V70602.zip
[2010.03.16 13:53:53 | 000,001,106 | ---- | M] () -- C:\Users\Micha\Documents\DrWeb.csv2neu.csv
[2010.03.16 02:16:45 | 000,000,772 | ---- | M] () -- C:\Users\Micha\Documents\DrWeb.csv
[2010.03.15 00:58:51 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.03.12 15:11:05 | 002,600,960 | ---- | M] () -- C:\Users\Micha\Image(300g).iso
[2010.03.12 11:23:34 | 001,215,419 | ---- | M] () -- C:\Users\Micha\Documents\mcdonalds_coupons.pdf
[2010.03.08 19:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\dpl100.dll
[2010.03.05 16:32:42 | 000,612,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.03.05 16:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.03.04 16:13:36 | 000,046,112 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\tbhsd.sys
[2010.03.02 14:36:16 | 002,868,264 | ---- | M] () -- C:\Users\Micha\Documents\congstar_DSL-Box_Bedienungsanleitung_Kurzfassung.pdf
[2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.02.27 16:17:46 | 000,771,742 | ---- | M] () -- C:\Users\Micha\Documents\Datenrettung_von__moeglicherweise__infizierten_Datentraegern___Rechnern_1.4.pdf
[2010.02.27 15:17:34 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk
[2010.02.27 11:46:26 | 000,024,064 | ---- | M] () -- C:\Users\Micha\Documents\10-02-25 Wohnungsanzeige.doc
[2010.02.27 00:49:59 | 000,000,399 | ---- | M] () -- C:\Users\Micha\Desktop\DVDFab - Verknüpfung.lnk
[2010.02.26 01:04:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.02.26 01:04:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.02.26 01:03:50 | 000,001,695 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.02.25 06:28:09 | 000,055,184 | ---- | M] () -- C:\Users\Micha\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.24 11:26:46 | 000,294,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.02.23 09:03:02 | 001,147,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.02.23 09:01:17 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.02.23 08:59:33 | 001,062,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.02.23 08:58:56 | 000,700,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.02.23 08:58:56 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.02.23 08:58:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.02.23 08:58:09 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.02.23 08:57:40 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.02.23 08:57:40 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.02.23 08:57:39 | 002,334,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.02.23 08:57:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.02.23 08:57:35 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.02.23 08:57:34 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.02.23 08:57:21 | 000,459,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.02.23 08:39:13 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.02.23 08:37:26 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.02.23 08:35:21 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.02.23 08:34:49 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.02.23 08:34:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.02.23 08:34:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.02.23 08:33:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.02.23 08:33:45 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.02.23 08:33:45 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.02.23 08:33:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.02.23 08:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.02.23 08:33:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.02.23 08:33:38 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.02.23 07:19:22 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.02.23 07:19:01 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.02.23 07:18:34 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.02.23 06:55:36 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.02.23 06:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.02.23 06:54:43 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.02.21 01:15:56 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.02.21 01:14:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.02.21 01:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.02.21 01:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010.02.19 21:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivX.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx0c.dll
[2010.02.19 21:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx07.dll
[2010.02.19 21:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx0a.dll
[2010.02.19 21:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx16.dll
[2010.02.19 21:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\divx_xx11.dll
[2010.02.18 16:28:01 | 004,697,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.04 18:58:26 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.04 18:58:14 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.01 12:42:46 | 388,050,194 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.05.01 11:05:23 | 000,000,082 | ---- | C] () -- C:\Users\Micha\Documents\cc_20100501_110521.reg
[2010.05.01 11:04:59 | 000,004,386 | ---- | C] () -- C:\Users\Micha\Documents\cc_20100501_110455.reg
[2010.04.25 19:29:23 | 000,001,429 | ---- | C] () -- C:\Users\Micha\Desktop\DivX Movies.lnk
[2010.04.25 03:12:23 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.04.25 02:21:14 | 000,001,906 | ---- | C] () -- C:\Users\Micha\Desktop\NVIDIA Monitor.lnk
[2010.04.25 02:21:14 | 000,001,537 | ---- | C] () -- C:\Users\Micha\Desktop\nTune.lnk
[2010.04.24 20:12:05 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\Jade Empire.lnk
[2010.04.24 19:53:46 | 000,002,484 | ---- | C] () -- C:\Users\Micha\Documents\cc_20100424_195344.reg
[2010.04.22 12:15:10 | 000,024,064 | ---- | C] () -- C:\Users\Micha\Documents\Michael Lindner schreiben amt Heindel 22.doc
[2010.04.11 23:30:55 | 000,007,014 | ---- | C] () -- C:\Users\Micha\Documents\cc_20100411_233052.reg
[2010.04.11 10:42:13 | 000,000,742 | ---- | C] () -- C:\Users\Micha\Desktop\Any Video Converter.lnk
[2010.04.05 18:25:00 | 000,524,288 | -HS- | C] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 18:25:00 | 000,524,288 | -HS- | C] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TMContainer00000000000000000001.regtrans-ms
[2010.04.05 18:25:00 | 000,065,536 | -HS- | C] () -- C:\Users\Micha\ntuser.dat{483f16cf-40cf-11df-b522-001731ad66da}.TM.blf
[2010.04.03 18:41:38 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2010.04.03 18:41:38 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2010.04.03 11:59:59 | 000,356,344 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistMSI7289.txt
[2010.04.03 11:59:58 | 000,014,146 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistUI7289.txt
[2010.03.27 19:58:14 | 000,000,683 | ---- | C] () -- C:\Users\Micha\Desktop\GameSpy Arcade.lnk
[2010.03.27 19:54:42 | 000,000,773 | ---- | C] () -- C:\Users\Micha\Desktop\Conan.lnk
[2010.03.25 20:09:22 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.03.25 19:47:23 | 000,442,258 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistMSI1916.txt
[2010.03.25 19:47:23 | 000,014,394 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistUI1916.txt
[2010.03.24 07:53:09 | 000,022,054 | ---- | C] () -- C:\Users\Micha\Documents\cc_20100324_065303.reg
[2010.03.24 06:49:58 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.03.24 06:08:47 | 000,000,717 | ---- | C] () -- C:\Users\Micha\Desktop\AntiBrowserSpy.lnk
[2010.03.18 00:20:40 | 000,001,789 | ---- | C] () -- C:\Users\Micha\Documents\Mozilla Firefox.lnk
[2010.03.17 00:04:13 | 000,001,695 | ---- | C] () -- C:\Users\Micha\Desktop\CCleaner.lnk
[2010.03.16 23:15:26 | 000,025,794 | ---- | C] () -- C:\Users\Micha\Documents\AWDFLASH117.zip
[2010.03.16 23:12:55 | 004,239,941 | ---- | C] () -- C:\Users\Micha\Documents\AsusUpdt_V70602.zip
[2010.03.16 13:53:53 | 000,001,106 | ---- | C] () -- C:\Users\Micha\Documents\DrWeb.csv2neu.csv
[2010.03.16 02:16:45 | 000,000,772 | ---- | C] () -- C:\Users\Micha\Documents\DrWeb.csv
[2010.03.15 00:58:51 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.03.12 11:23:34 | 001,215,419 | ---- | C] () -- C:\Users\Micha\Documents\mcdonalds_coupons.pdf
[2010.03.02 14:36:02 | 002,868,264 | ---- | C] () -- C:\Users\Micha\Documents\congstar_DSL-Box_Bedienungsanleitung_Kurzfassung.pdf
[2010.02.27 16:17:46 | 000,771,742 | ---- | C] () -- C:\Users\Micha\Documents\Datenrettung_von__moeglicherweise__infizierten_Datentraegern___Rechnern_1.4.pdf
[2010.02.27 15:21:27 | 000,000,438 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{31332379-6E26-4810-ADC0-A39F223E7EE1}.job
[2010.02.27 15:17:34 | 000,000,783 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2010.lnk
[2010.02.27 11:46:26 | 000,024,064 | ---- | C] () -- C:\Users\Micha\Documents\10-02-25 Wohnungsanzeige.doc
[2010.02.27 00:49:59 | 000,000,399 | ---- | C] () -- C:\Users\Micha\Desktop\DVDFab - Verknüpfung.lnk
[2010.02.26 01:04:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.02.26 01:04:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.02.26 01:03:50 | 000,001,695 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.02.03 23:04:29 | 000,000,732 | ---- | C] () -- C:\Users\Micha\AppData\Local\d3d9caps64.dat
[2010.01.30 02:45:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.01.30 02:44:23 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.01.30 01:35:47 | 000,028,160 | ---- | C] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.28 23:58:21 | 000,024,226 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\UserTile.png
[2010.01.28 23:33:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.28 23:24:23 | 000,421,948 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistMSI27B6.txt
[2010.01.28 23:24:22 | 000,013,254 | ---- | C] () -- C:\Users\Micha\AppData\Local\dd_vcredistUI27B6.txt
[2008.09.10 14:17:24 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.03.12 12:01:30 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
< End of report >

Alt 11.05.2010, 20:49   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



Für mich sind die Logs unauffällig. Warum hast Du denn da so viele Partitionen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2010, 21:00   #8
Michali
 
Vermuttung auf illegales - Standard

Vermuttung auf illegales



sind teilweise noch alte platten die ich noch nicht ausgetauscht habe
die neue sata wird nicht angenomen da sata 3? es ist
Mainboard kennt nur sata 1-2
ist eine Maxtor mit 500Gb
hab vor die daten rüber zu kopieren und die alten platten zu formatieren
einzig windows bleibt so wie es ist

gut ich will halt nur auf nummer sicher gehen weil er zimlich rumgesponnen hat als ich ihn holte

Antwort

Themen zu Vermuttung auf illegales
adobe, antivir, antivir guard, avg, avira, bho, checkpoint, desktop, excel, explorer, firefox, hijack, hijackthis, internet, internet explorer, keygen, logfile, malwarebytes' anti-malware, monitor, mozilla, nvidia, rundll, security, security scan, software, syswow64, vista, windows, wmp




Zum Thema Vermuttung auf illegales - Möchte nach dem ich meinen rechner nach einer LANparty bei einem "kumpel" stehen gelassen habe nachschauen lassen ob da irgen dwas wie Keygen oder so drauf ist Ich hab die - Vermuttung auf illegales...
Archiv
Du betrachtest: Vermuttung auf illegales auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.