Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.02.2011, 20:32   #1
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Hi Leute,

ich hoffe Ihr könnt mir weiterhelfen. Seit einigen Tagen ist mir aufgefallen dass mein Rechner langsamer wird und im Task Manager der Prozess iexplore.exe geöffnet bzw. sich mehrfach öffnet. Für das Internet benutze ich Mozilla.

Jede Datei belegt ca 30.000K +/- 8.000k

Wenn der PC 5 Stunden lang in Betrieb ist dann erscheint im Task Manager die Datei über 10 mal. Wenn die Prozessstruktur beendet wird ist alles weg. Nach einer gewissen Zeit öffnet sich die Datei wieder. Der Internet Explorer erscheint nicht auf dem Desktop! Also der Prozess läuft im Hintergrund.

Folgende Programme habe ich schon benutzt, aber leider ohne Ergebnis.

Bitdefender Internet Security 2011
CCleaner
Spybot-Search&Destroy


Könnt Ihr mir weiterhelfen?

Anbei die Logfiles


Falls noch was fehlt bitte fragen!!!

Danke für eure Hilfe

Andy

Alt 17.02.2011, 21:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Hallo und

Zitat:
Internet Explorer 9.0.8080.16413
Wieso JETZT schon IE9?? Der ist noch nicht freigegeben!

Zitat:
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 18.02.2011, 06:37   #3
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Hi Cosinus,

vielen Dank für Deine Hilfe !

Den IE9 habe ich aus rein "Verzweiflung" installiert. Der Fehler war schon beim IE8 da.

Sry dass es so lang gedauert hat mit dem Log. Musste den erst durchlaufen lassen.


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5786

Windows 6.1.7600
Internet Explorer 9.0.8080.16413

18.02.2011 06:34:31
mbam-log-2011-02-18 (06-34-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 785035
Laufzeit: 1 Stunde(n), 48 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5672

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

04.02.2011 07:59:09
mbam-log-2011-02-04 (07-59-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 777219
Laufzeit: 57 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5622

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.01.2011 19:04:26
mbam-log-2011-01-27 (19-04-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169384
Laufzeit: 2 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 18.02.2011, 09:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Zitat:
Bitdefender Internet Security 2011
Das Teil bitte komplett deinstallieren. Suites sind kontraproduktiv.
Mach danach bitte frische OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.02.2011, 20:33   #5
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Hier die zwei Logfiles

OTL

Code:
ATTFilter
OTL logfile created on: 18.02.2011 18:46:51 - Run 4
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Fischmoesi\Desktop\MFTools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 81,00% Memory free
24,00 Gb Paging File | 22,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,64 Gb Total Space | 53,07 Gb Free Space | 38,00% Space Free | Partition Type: NTFS
Drive E: | 279,46 Gb Total Space | 35,98 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 195,23 Gb Free Space | 20,96% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 737,13 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 65,23 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive K: | 149,00 Gb Total Space | 50,46 Gb Free Space | 33,86% Space Free | Partition Type: FAT32
 
Computer Name: AQUARIUM | User Name: Fischmoesi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fischmoesi\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe ()
PRC - C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Programme\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe (ROCCAT)
PRC - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fischmoesi\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AcronisOSSReinstallSvc) -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV:64bit: - (OV550I) -- C:\Windows\SysNative\drivers\ov550ivx.sys (Omnivision Technologies, Inc.)
DRV:64bit: - (SynUSB64) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)
DRV:64bit: - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\SysNative\drivers\s117bus.sys (MCCI Corporation)
DRV:64bit: - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\SysNative\drivers\s117unic.sys (MCCI Corporation)
DRV:64bit: - (s117obex) -- C:\Windows\SysNative\drivers\s117obex.sys (MCCI Corporation)
DRV:64bit: - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\SysNative\drivers\s117nd5.sys (MCCI Corporation)
DRV:64bit: - (s117mdm) -- C:\Windows\SysNative\drivers\s117mdm.sys (MCCI Corporation)
DRV:64bit: - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s117mgmt.sys (MCCI Corporation)
DRV:64bit: - (s117mdfl) -- C:\Windows\SysNative\drivers\s117mdfl.sys (MCCI Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SAVRKBootTasks) -- C:\Windows\SysWOW64\SAVRKBootTasks.sys (Sophos Plc)
DRV - (WinRing0_1_2_0) -- C:\Users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys (OpenLibSys.org)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (EverestDriver) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 ()
DRV - (Aspi32) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb) -- C:\Windows\SysWOW64\drivers\SNTNLUSB.SYS (Rainbow Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 7A 27 EC C9 FC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.02.03 18:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.02.03 18:38:36 | 000,000,000 | ---D | M]
 
[2002.01.01 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Extensions
[2011.02.17 20:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions
[2010.11.24 23:33:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.24 20:18:11 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2010.12.15 20:25:57 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.01.12 22:43:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.12 22:43:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.08.24 19:54:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.16 21:01:16 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\fb_add_on@avm.de
[2010.09.11 22:50:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Fischmoesi\AppData\Roaming\mozilla\Firefox\Profiles\f1f48eki.default\extensions\personas@christopher.beard
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\conduit.xml
[2002.01.01 19:59:41 | 000,002,399 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\daemon-search.xml
[2009.11.07 15:36:18 | 000,000,694 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icq-search.xml
[2010.01.07 23:31:46 | 000,000,961 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-1.xml
[2010.01.21 20:37:02 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-2.xml
[2010.02.08 17:37:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-3.xml
[2010.04.04 17:22:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-4.xml
[2010.12.13 18:46:25 | 000,000,950 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin-5.xml
[2010.08.01 16:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.gif
[2010.08.01 16:24:42 | 000,000,618 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.src
[2009.12.03 01:01:57 | 000,000,961 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\icqplugin.xml
[2009.10.21 22:52:35 | 000,001,774 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\searchplugins\wowdbbuffedde.xml
[2011.02.17 20:33:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2002.01.02 19:24:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.04 20:44:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.20 17:07:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.26 16:55:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.20 17:12:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.16 19:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.12.04 16:37:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.11.25 13:49:56 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.10.05 18:45:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.05 18:45:24 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.05 18:45:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.05 18:45:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.05 18:45:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.16 10:40:55 | 000,429,948 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14798 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [JFSW2Launch] C:\Users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell - "" = AutoRun
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell\AutoRun\command - "" = J:\Borderlands.exe
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.18 18:41:09 | 000,000,000 | ---D | C] -- C:\Device
[2011.02.18 18:31:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.17 18:26:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.17 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.02.17 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.02.17 11:02:59 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Desktop\MFTools
[2011.02.16 21:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.02.16 21:19:09 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\NPE
[2011.02.16 21:18:31 | 006,100,408 | ---- | C] (Symantec Corporation) -- C:\Users\Fischmoesi\Desktop\NPE.exe
[2011.02.16 19:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.02.16 19:53:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.16 19:53:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.16 19:53:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.16 11:54:27 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.02.16 11:54:26 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.02.16 11:54:26 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.02.16 11:54:26 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.02.16 11:54:26 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.02.16 11:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.02.16 11:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011.02.16 07:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.02.15 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Documents\Meine empfangenen Dateien
[2011.02.15 23:06:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.02.15 23:06:53 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.02.15 23:06:51 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.02.15 23:06:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.02.15 23:06:50 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.02.15 23:06:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.02.15 23:06:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.02.15 23:06:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.02.15 23:06:47 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.02.15 23:06:47 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.02.15 23:06:46 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.02.15 23:06:46 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.02.15 23:06:41 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.02.15 23:06:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.02.15 23:06:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.02.15 23:06:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.02.15 23:06:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.02.15 22:12:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.02.15 22:12:28 | 001,426,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.02.15 22:12:28 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.15 22:12:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.02.15 22:12:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.15 22:12:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011.02.15 22:12:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.02.15 22:12:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.02.15 22:12:28 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011.02.15 22:12:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.02.15 22:12:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.02.15 22:12:28 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011.02.15 22:12:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.02.15 22:12:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.02.15 22:12:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.02.15 22:12:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.02.15 22:12:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.02.15 22:12:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.02.15 22:12:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.02.15 22:12:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.02.15 22:12:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.02.15 22:12:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.02.15 22:12:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.02.15 22:12:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.02.15 22:12:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.02.15 22:12:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.15 22:12:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.02.15 22:12:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.02.15 22:12:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.02.15 22:12:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.02.15 22:12:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.02.15 22:12:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.15 22:12:27 | 002,272,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.02.15 22:12:27 | 001,791,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.02.15 22:12:27 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.15 22:12:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.15 22:12:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.02.15 22:12:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.02.15 22:12:27 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.02.15 22:12:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.02.15 22:12:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.02.15 22:12:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.02.15 22:12:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.02.15 22:12:27 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.02.15 22:12:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.02.15 22:12:27 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.15 22:12:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.02.15 22:12:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.15 22:12:27 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.02.15 22:12:27 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.02.15 22:12:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.02.15 22:12:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.02.15 22:12:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.02.15 22:12:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.02.15 22:12:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.02.15 22:12:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.02.15 22:12:27 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011.02.15 22:12:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.02.15 22:12:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.15 22:12:27 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.15 22:12:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.02.15 22:12:26 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.02.15 22:12:26 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.15 22:12:26 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.15 22:12:26 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.02.15 22:12:26 | 000,453,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.02.15 22:12:26 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.15 22:12:26 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.02.15 22:12:26 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.02.15 22:12:26 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.02.15 22:12:26 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.02.15 22:12:26 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.02.15 22:12:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.15 22:12:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.02.15 22:12:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.02.15 22:12:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.02.15 22:12:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.02.15 22:12:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.15 22:10:45 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.15 22:10:45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.15 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2011.02.14 21:14:05 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2011.02.14 18:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.02.14 18:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.02.11 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Unity
[2011.02.11 17:58:55 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\vlc
[2011.02.11 17:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.02.10 20:06:45 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.02.10 20:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2011.02.10 06:45:42 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.02.09 21:56:59 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\Unity
[2011.02.08 21:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.02.05 09:11:16 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Documents\PhatHack Media Manager
[2011.02.05 09:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhatHack
[2011.02.05 09:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhatHack
[2011.02.04 19:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.02.04 19:08:58 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.02.04 19:08:45 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011.02.03 21:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.02.03 21:43:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.02.03 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.02.03 00:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.02.03 00:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.01.31 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.01.31 19:18:27 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.01.31 19:18:26 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.01.27 19:31:44 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.01.27 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\Sunbelt Software
[2011.01.27 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.01.27 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Roaming\Malwarebytes
[2011.01.27 19:01:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.27 19:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.27 19:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.27 19:01:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.27 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.26 21:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.01.26 20:37:51 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\Desktop\backups
[2011.01.26 20:33:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fischmoesi\Desktop\HiJackThis204.exe
[2011.01.20 20:13:39 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.01.20 20:13:39 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.01.20 20:13:39 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.01.20 20:13:39 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.01.20 20:13:39 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.01.20 20:13:39 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.01.20 20:13:39 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.01.20 20:13:39 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.01.20 20:13:39 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.01.20 20:13:39 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.01.20 20:13:39 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.01.20 20:13:39 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2011.01.20 20:13:39 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64hda.dll
[2011.01.20 20:13:39 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2011.01.20 20:13:39 | 000,155,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2011.01.20 20:13:39 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.01.20 20:13:39 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.01.20 20:13:39 | 000,029,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2011.01.20 20:13:39 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.01.20 19:56:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logishrd
[2011.01.20 19:56:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\logishrd
[2011.01.20 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2011.01.20 19:42:06 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011.01.20 19:42:06 | 000,000,000 | ---D | C] -- C:\Users\Fischmoesi\AppData\Local\eSupport.com
[2009.07.14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.18 18:49:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job
[2011.02.18 18:44:15 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.18 18:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.18 18:43:55 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.18 18:42:42 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.02.18 18:42:42 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.02.18 18:42:42 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-0000000B-00431102}.rfx
[2011.02.18 18:42:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 18:42:39 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.18 18:42:38 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.02.18 18:42:22 | 000,034,232 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110218_184218.reg
[2011.02.18 18:36:43 | 000,994,979 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011.02.18 17:52:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.18 06:49:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job
[2011.02.17 18:26:17 | 000,001,108 | ---- | M] () -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.17 18:26:15 | 000,000,928 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\NTREGOPT.lnk
[2011.02.17 18:26:15 | 000,000,909 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\ERUNT.lnk
[2011.02.16 21:47:35 | 001,628,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.16 21:47:35 | 000,702,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.16 21:47:35 | 000,657,136 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.16 21:47:35 | 000,150,120 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.16 21:47:35 | 000,122,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.16 21:31:48 | 000,429,948 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2011.02.16 21:31:48 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.smr
[2011.02.16 20:18:02 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.02.16 11:54:26 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.02.16 11:54:26 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.02.16 10:40:55 | 000,429,948 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.02.16 07:35:46 | 000,429,948 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110216-104055.backup
[2011.02.16 07:33:03 | 000,001,262 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Spybot - Search & Destroy.lnk
[2011.02.15 23:28:21 | 000,514,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.15 22:44:51 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.02.15 22:12:29 | 000,161,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011.02.15 22:12:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.02.15 22:12:28 | 001,426,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.02.15 22:12:28 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.02.15 22:12:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.02.15 22:12:28 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.02.15 22:12:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011.02.15 22:12:28 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.02.15 22:12:28 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.02.15 22:12:28 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011.02.15 22:12:28 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.02.15 22:12:28 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.02.15 22:12:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.02.15 22:12:28 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.02.15 22:12:28 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.02.15 22:12:28 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.02.15 22:12:28 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.02.15 22:12:28 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.02.15 22:12:28 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.02.15 22:12:28 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.02.15 22:12:28 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.02.15 22:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.02.15 22:12:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.02.15 22:12:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.02.15 22:12:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.02.15 22:12:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.02.15 22:12:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.02.15 22:12:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.02.15 22:12:28 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.02.15 22:12:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.02.15 22:12:28 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.02.15 22:12:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.02.15 22:12:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.02.15 22:12:28 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.02.15 22:12:27 | 002,272,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.02.15 22:12:27 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.02.15 22:12:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.02.15 22:12:27 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.02.15 22:12:27 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.02.15 22:12:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.02.15 22:12:27 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.02.15 22:12:27 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.02.15 22:12:27 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.02.15 22:12:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.02.15 22:12:27 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.02.15 22:12:27 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.02.15 22:12:27 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.02.15 22:12:27 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.02.15 22:12:27 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.02.15 22:12:27 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.02.15 22:12:27 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.02.15 22:12:27 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.02.15 22:12:27 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.02.15 22:12:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.02.15 22:12:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.02.15 22:12:27 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.02.15 22:12:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.02.15 22:12:27 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011.02.15 22:12:27 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.02.15 22:12:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.02.15 22:12:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.02.15 22:12:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.02.15 22:12:26 | 001,490,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.02.15 22:12:26 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.02.15 22:12:26 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.02.15 22:12:26 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.02.15 22:12:26 | 000,453,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.02.15 22:12:26 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.02.15 22:12:26 | 000,282,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.02.15 22:12:26 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.02.15 22:12:26 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.02.15 22:12:26 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.02.15 22:12:26 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.02.15 22:12:26 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.02.15 22:12:26 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.02.15 22:12:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.02.15 22:12:26 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.02.15 22:12:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.02.15 22:12:26 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.02.15 22:12:26 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.02.15 22:10:45 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.02.15 22:10:45 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.02.12 12:34:18 | 000,472,080 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Load.exe
[2011.02.12 03:49:43 | 000,002,426 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Google Chrome.lnk
[2011.02.11 17:58:46 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.11 17:53:29 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.02.11 06:32:30 | 000,000,017 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\stinger10101361.opt
[2011.02.10 20:06:45 | 000,002,997 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\HiJackThis.lnk
[2011.02.10 20:03:42 | 000,022,092 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110210_200338.reg
[2011.02.09 22:13:19 | 000,001,429 | ---- | M] () -- C:\ProgramData\search_result.xml
[2011.02.06 16:28:14 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001811.LCS
[2011.02.06 16:17:48 | 000,001,392 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\Emergency 2012.lnk
[2011.02.05 09:31:21 | 000,000,026 | ---- | M] () -- C:\Windows\PhatMan.INI
[2011.02.05 09:13:29 | 000,000,026 | ---- | M] () -- C:\Windows\BasicMan.INI
[2011.02.04 19:09:15 | 001,650,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.04 19:03:20 | 000,041,500 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110204_190316.reg
[2011.02.03 22:21:45 | 000,429,816 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110216-073546.backup
[2011.02.03 11:42:29 | 000,004,936 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110203_114224.reg
[2011.02.02 21:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.02 21:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.02 21:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.02 21:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.01.31 19:18:48 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.27 19:31:44 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.01.27 19:01:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.26 21:44:52 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.01.26 21:40:20 | 000,222,424 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.01.26 20:50:16 | 000,091,232 | ---- | M] () -- C:\Users\Fischmoesi\Documents\cc_20110126_205011.reg
[2011.01.26 20:47:37 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.26 17:59:52 | 000,015,160 | ---- | M] () -- C:\Users\Fischmoesi\Documents\Lebenslauf Kerstin.docx
[2011.01.26 17:32:26 | 000,013,894 | ---- | M] () -- C:\Users\Fischmoesi\Documents\Kündigung Kerstin Herbort.docx
[2011.01.26 06:45:15 | 000,493,912 | ---- | M] () -- C:\Users\Fischmoesi\Desktop\OG.pdf
[2011.01.20 20:39:20 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.01.20 20:24:08 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2011.01.20 19:56:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.01.20 19:55:42 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.01.20 19:42:06 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
 
========== Files Created - No Company Name ==========
 
[2011.02.18 18:42:19 | 000,034,232 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110218_184218.reg
[2011.02.17 18:24:02 | 000,001,108 | ---- | C] () -- C:\Users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011.02.17 18:23:58 | 000,000,928 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\NTREGOPT.lnk
[2011.02.17 18:23:58 | 000,000,909 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\ERUNT.lnk
[2011.02.17 11:02:28 | 000,472,080 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Load.exe
[2011.02.16 11:54:26 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.02.16 11:54:26 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.02.16 11:54:25 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.02.16 07:33:03 | 000,001,262 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Spybot - Search & Destroy.lnk
[2011.02.15 22:12:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.02.15 22:12:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.02.11 17:58:46 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.10 20:03:40 | 000,022,092 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110210_200338.reg
[2011.02.10 06:45:45 | 000,002,426 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\Google Chrome.lnk
[2011.02.10 06:44:16 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job
[2011.02.10 06:44:16 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job
[2011.02.09 22:13:18 | 000,001,429 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011.02.09 06:32:54 | 000,000,017 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\stinger10101361.opt
[2011.02.07 21:45:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.02.05 09:14:39 | 000,000,026 | ---- | C] () -- C:\Windows\PhatMan.INI
[2011.02.05 09:13:29 | 000,000,026 | ---- | C] () -- C:\Windows\BasicMan.INI
[2011.02.04 19:09:01 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.02.04 19:03:18 | 000,041,500 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110204_190316.reg
[2011.02.04 18:57:32 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.02.03 11:42:26 | 000,004,936 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110203_114224.reg
[2011.01.31 19:18:48 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.01.27 19:01:26 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.26 21:44:52 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.01.26 20:50:13 | 000,091,232 | ---- | C] () -- C:\Users\Fischmoesi\Documents\cc_20110126_205011.reg
[2011.01.26 17:59:51 | 000,015,160 | ---- | C] () -- C:\Users\Fischmoesi\Documents\Lebenslauf Kerstin.docx
[2011.01.26 17:32:26 | 000,013,894 | ---- | C] () -- C:\Users\Fischmoesi\Documents\Kündigung Kerstin Herbort.docx
[2011.01.26 06:45:15 | 000,493,912 | ---- | C] () -- C:\Users\Fischmoesi\Desktop\OG.pdf
[2011.01.20 20:39:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.01.20 19:55:42 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.01.09 14:29:41 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010.12.31 12:51:55 | 000,994,979 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.11.13 22:51:39 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010.11.10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.24 21:46:48 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2010.08.12 21:03:13 | 000,000,400 | ---- | C] () -- C:\Windows\g_oirotq399.ini
[2010.08.12 19:48:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.26 21:58:50 | 000,004,076 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.26 21:58:50 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CD25BC2C3C.sys
[2010.04.20 18:21:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.03.25 17:51:00 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010.02.16 22:03:13 | 000,000,025 | ---- | C] () -- C:\Users\Fischmoesi\AppData\Roaming\bdfvconp.ini
[2010.01.27 19:28:11 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.11.02 20:17:29 | 001,650,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.26 22:16:32 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\wh2robo.dll
[2009.10.26 22:16:32 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\sx32w.dll
[2009.10.26 22:12:28 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2009.10.26 22:12:28 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2009.10.24 19:36:53 | 000,000,059 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.10.22 20:15:56 | 000,143,872 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009.10.22 20:01:22 | 004,835,652 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009.10.17 00:58:06 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009.10.17 00:57:06 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009.10.17 00:04:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009.10.17 00:04:08 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009.10.17 00:03:48 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009.10.17 00:03:44 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009.10.17 00:03:40 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009.10.16 23:10:10 | 000,281,748 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009.10.16 21:53:32 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009.10.16 21:53:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.10.16 20:40:42 | 000,957,047 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009.10.16 20:38:20 | 000,914,464 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.16 20:35:50 | 000,311,204 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009.10.16 20:08:54 | 000,611,638 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009.10.16 20:04:28 | 001,632,375 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
[2009.10.11 17:47:07 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009.07.14 01:14:20 | 000,027,839 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:28:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.12.01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe
[2002.01.01 21:30:25 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2002.01.01 18:52:56 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2002.01.01 18:16:50 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2002.01.01 18:16:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2002.01.01 18:06:19 | 000,034,729 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2002.01.01 18:05:42 | 000,025,106 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2002.01.01 16:10:04 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2002.01.01 16:10:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2002.01.01 16:09:51 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2002.01.01 16:09:27 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
 
========== Files - Unicode (All) ==========
[2011.02.18 18:36:43 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011.02.18 18:31:44 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 295 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 10 bytes -> C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU

< End of report >
         
OTL Extras

Code:
ATTFilter
OTL Extras logfile created on: 18.02.2011 18:46:51 - Run 4
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Fischmoesi\Desktop\MFTools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 81,00% Memory free
24,00 Gb Paging File | 22,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139,64 Gb Total Space | 53,07 Gb Free Space | 38,00% Space Free | Partition Type: NTFS
Drive E: | 279,46 Gb Total Space | 35,98 Gb Free Space | 12,87% Space Free | Partition Type: NTFS
Drive F: | 931,50 Gb Total Space | 195,23 Gb Free Space | 20,96% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 737,13 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 65,23 Gb Free Space | 21,88% Space Free | Partition Type: NTFS
Drive K: | 149,00 Gb Total Space | 50,46 Gb Free Space | 33,86% Space Free | Partition Type: FAT32
 
Computer Name: AQUARIUM | User Name: Fischmoesi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F84D9B9F-3A33-4115-981F-8FDDBF42ED4D}" = PDF-XChange Viewer
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"CCleaner" = CCleaner
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00406322-04F7-44D0-94DA-13D07F73B2F2}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1161D415-64B5-45F3-97AD-E1D2786E33FC}" = MAGIX Speed burnR (MSI)
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14F2EFBD-98E8-4EE1-BF58-762B1AB13E6E}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Tutorials)
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15B0C6CC-BA72-4386-BEB6-12EF56C07871}" = .NET Bildbearbeitung 1.7.9
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B546047-843E-418C-A0DA-420ADC647929}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Überblendeffekte)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{29CB3A0C-8980-45B6-95A0-B1118B776C5A}" = Fly The Airbus A380 v2 for FSX
"{2BB61B48-FEA6-4096-9201-6FE5AB0CD038}" = MAGIX Screenshare
"{2F4AF40B-433A-494E-BB41-816D113F32BA}" = aerosoft's - Mega Airport London Heathrow X
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2010
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters (TM): The Video Game
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5CE23B58-2323-43A0-8F51-10F0551AA0F1}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 4)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{61C6337D-EDF5-43F0-9E50-541A389070BD}" = Aerosoft's - VFR Germany 3
"{65B32A06-A49D-47A4-9863-86DD5F635130}" = MAGIX Online Druck Service
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6C2A42BE-C7CA-4D15-9E8B-B6608F64631B}_is1" = Strategic Engine 1.3
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7B956E7E-7709-4B43-90C2-432FE5DB5134}" = MAGIX Xtreme Grafik Designer 5
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{823FCA70-5B66-4DFE-9D9D-117E4672773F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 3)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADDB203-8A7B-443A-A9C2-D3AF7156EB17}" = PhatNoise CAS Speech Support
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5101403-2C42-40E0-8D9E-5E49E7C3B89E}" = Tycoon City - New York
"{A663BED9-978C-4A04-82A3-3029245055BE}" = Aerosoft's - F-16 Fighting Falcon
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5342B67-F969-41C3-9913-6C20190A053C}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9737B90-6903-4C69-BE4B-0D9491AFB280}" = MAGIX Foto Manager 10
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAEE0C24-C8C2-4820-9DF4-887909F1A286}" = aerosoft's - Mega Airport Frankfurt X
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CF704302-9E0E-4366-98D0-162DF7F0734F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Menüvorlagen)
"{D186EE99-F905-4F87-B188-01D60D8FF1B3}" = Just Flight - Traffic X
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D8DF8554-9181-402A-9D77-4155C5802E06}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Fotoshow Maker-Stile)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E0439648-574A-4D4F-9CD8-A5944508570A}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Deluxe-Content 2)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{E9E9C6AE-1D9D-4A6F-B5F4-AA673E9861BD}" = Deep Exploration 5 CE
"{EA74B216-7ADB-4F40-99D0-08DEF8C0F30F}" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version (Designelemente)
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F94C940F-3B72-4877-9B27-9C71D3EF6540}" = PhatHack DMS Tools
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Album Art Downloader XUI" = Album Art Downloader XUI 0.36
"ALchemy" = Creative ALchemy
"Allway Sync_is1" = Allway Sync version 11.1.3
"AnyDVD" = AnyDVD
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.01
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE 
"Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cities XL 2011" = Cities XL 2011
"CloneDVD2" = CloneDVD2
"Company of Heroes" = Company of Heroes
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"CurseClient" = Curse Client
"Diagnostics 4_5" = Creative-Diagnose
"Digital DJ" = Digital DJ
"dm-Fotowelt" = dm-Fotowelt
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Emergency 2012" = Emergency 2012
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"f1mustang_FSX" = Flight1 Citation Mustang
"FileZilla Client" = FileZilla Client 3.3.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.2
"Freelancer 1.0" = Freelancer
"FSDreamTeam JFK FSX_is1" = FSDreamTeam JFK FSX 1.2
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"HijackThis" = HijackThis 2.0.2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX Fotos auf CD & DVD 10 Deluxe Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Mp3tag" = Mp3tag v2.47b
"mv61xxDriver" = marvell 61xx
"MyTraffic X 5.2a Simmarket Edition" = MyTraffic X 5.2a Simmarket Edition
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PhatMan" = PhatNoise Music Manager
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"Rainbow Sentinel Driver" = Sentinel System Driver
"Security Task Manager" = Security Task Manager 1.8c
"SFBM" = SoundFont-Bank-Manager
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SysInfo" = Creative Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"Tropico3" = Tropico 3 1.00
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltraISO_is1" = UltraISO Premium V9.33
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.7
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.2.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.1.4.8
"ZOTAC FireStorm" = ZOTAC FireStorm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"022f67d83d91b1c6" = Lotto-Check
"090215de958f1060" = Curse Client
"Area 52 Simulations C-5M Super Galaxy" = Area 52 Simulations C-5M Super Galaxy
"F/A 18 Hornet for FSX" = F/A 18 Hornet for FSX
"Google Chrome" = Google Chrome
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         


Alt 18.02.2011, 21:05   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell - "" = AutoRun
O33 - MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\Shell\AutoRun\command - "" = J:\Borderlands.exe
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
@Alternate Data Stream - 295 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 10 bytes -> C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher

Alt 18.02.2011, 22:46   #7
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Sodele,

nach dem Neustart hat es die Logfile angezeigt

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d38ee41-fee9-11d5-83bc-90e6ba1f9b88}\ not found.
File J:\Borderlands.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2e953b3-fec8-11d5-ba7c-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
ADS C:\Users\Fischmoesi\Desktop\SWGameDE.exe:BDU deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Fischmoesi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21679903 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92153248 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1038 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92140 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 313965 bytes
RecycleBin emptied: 181986151 bytes
 
Total Files Cleaned = 283,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02182011_224245

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 19.02.2011, 22:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2011, 08:32   #9
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



CCleaner habe ich durchlaufen lassen

Hier die nächste Logfile

Code:
ATTFilter
ComboFix 11-02-19.02 - Fischmoesi 20.02.2011   8:20.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.12279.8725 [GMT 1:00]
ausgeführt von:: c:\users\Fischmoesi\Desktop\confi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ccrpTmr6.dll
c:\windows\SysWow64\ccrpTmr6.dll
G:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-20 bis 2011-02-20  ))))))))))))))))))))))))))))))
.

2011-02-20 07:23 . 2011-02-20 07:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-19 21:50 . 2011-02-02 16:10	7844688	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{018BA68D-B96F-41E2-8A55-D4383DB4584C}\mpengine.dll
2011-02-18 21:42 . 2011-02-18 21:42	--------	d-----w-	C:\_OTL
2011-02-18 17:41 . 2011-02-18 17:41	--------	d-----w-	C:\Device
2011-02-17 17:23 . 2011-02-17 17:26	--------	d-----w-	c:\program files (x86)\ERUNT
2011-02-16 20:19 . 2011-02-16 20:19	--------	d-----w-	c:\programdata\Norton
2011-02-16 20:19 . 2011-02-16 20:29	--------	d-----w-	c:\users\Fischmoesi\AppData\Local\NPE
2011-02-16 18:53 . 2011-02-16 18:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-02-16 10:54 . 2010-12-14 13:05	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-02-16 10:54 . 2010-12-14 13:01	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-02-16 10:54 . 2010-12-14 13:00	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-02-16 10:54 . 2010-12-14 13:00	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2011-02-16 10:54 . 2010-12-14 13:00	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2011-02-16 10:54 . 2011-02-16 10:54	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2011
2011-02-15 22:13 . 2011-02-15 22:13	85465960	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\wlc9148.tmp
2011-02-15 21:13 . 2011-02-15 21:13	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2011-02-15 21:13 . 2011-02-15 21:13	--------	d-----w-	c:\windows\system32\wbem\en-US
2011-02-15 21:13 . 2011-02-15 21:13	94208	----a-w-	c:\program files (x86)\Internet Explorer\de\iediag.resources.dll
2011-02-15 21:10 . 2011-02-15 21:10	982912	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-02-15 21:10 . 2011-02-15 21:10	265088	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-15 21:10 . 2011-02-15 21:10	144384	----a-w-	c:\windows\system32\cdd.dll
2011-02-15 21:09 . 2011-02-15 21:09	--------	d-----w-	c:\program files (x86)\Feedback Tool
2011-02-14 20:14 . 2010-05-26 09:45	18816	------w-	c:\windows\SysWow64\SAVRKBootTasks.sys
2011-02-14 17:59 . 2011-02-14 17:59	--------	d-----w-	c:\program files (x86)\Sophos
2011-02-11 20:55 . 2011-02-11 20:55	--------	d-----w-	c:\users\Fischmoesi\AppData\Roaming\Unity
2011-02-11 16:58 . 2011-02-16 23:03	--------	d-----w-	c:\users\Fischmoesi\AppData\Roaming\vlc
2011-02-10 19:06 . 2011-02-10 19:06	388096	----a-r-	c:\users\Fischmoesi\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-02-10 19:06 . 2011-02-10 19:06	--------	d-----w-	c:\program files (x86)\TrendMicro
2011-02-09 20:56 . 2011-02-15 21:45	--------	d-----w-	c:\users\Fischmoesi\AppData\Local\Unity
2011-02-08 20:27 . 2011-02-08 20:27	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-02-07 20:45 . 2003-04-18 18:06	8192	----a-w-	c:\windows\SysWow64\srvany.exe
2011-02-05 08:10 . 2011-02-05 08:10	--------	d-----w-	c:\program files (x86)\PhatHack
2011-02-05 01:05 . 2011-02-02 16:10	7844688	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-04 18:21 . 2011-02-04 18:20	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-02-04 18:21 . 2011-02-04 18:20	601424	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{608C7388-C37D-4CEB-9750-50D35B2D9BD6}\gapaengine.dll
2011-02-04 18:09 . 2011-02-04 18:09	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-02-04 18:08 . 2011-02-04 18:09	--------	d-----w-	c:\program files\Microsoft Security Client
2011-02-04 18:08 . 2010-04-09 11:06	374664	----a-w-	c:\windows\system32\drivers\netio.sys
2011-02-03 20:43 . 2011-02-20 07:16	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-02-03 20:43 . 2011-02-16 06:34	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2011-02-02 23:54 . 2011-02-16 20:14	--------	d-----w-	c:\programdata\SecTaskMan
2011-02-02 23:54 . 2011-02-02 23:55	--------	d-----w-	c:\program files (x86)\Security Task Manager
2011-01-31 18:18 . 2011-01-31 18:18	--------	d-----w-	c:\program files\iPod
2011-01-31 18:18 . 2011-01-31 18:18	--------	d-----w-	c:\program files\iTunes
2011-01-27 18:31 . 2011-01-27 18:31	49752	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-01-27 18:19 . 2011-01-27 18:19	--------	d-----w-	c:\users\Fischmoesi\AppData\Local\Sunbelt Software
2011-01-27 18:18 . 2011-02-02 23:54	--------	d-----w-	c:\programdata\Lavasoft
2011-01-27 18:01 . 2011-01-27 18:01	--------	d-----w-	c:\users\Fischmoesi\AppData\Roaming\Malwarebytes
2011-01-27 18:01 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-27 18:01 . 2011-01-27 18:01	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-27 18:01 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-27 18:01 . 2011-01-27 18:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 17:36 . 2010-12-31 11:51	994979	----a-w-	c:\programdata\bdinstall.bin
2011-02-02 20:40 . 2010-05-04 19:44	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-01-20 18:56 . 2011-01-20 18:56	53248	----a-r-	c:\users\Fischmoesi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-01-20 18:42 . 2011-01-20 18:42	21712	----a-w-	c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-01-08 03:27 . 2011-01-20 19:13	67176	----a-w-	c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-01-20 19:13	6604904	----a-w-	c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-01-20 19:13	57960	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-01-08 03:27 . 2011-01-20 19:13	5653096	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-01-08 03:27 . 2011-01-20 19:13	4941928	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-01-08 03:27 . 2011-01-20 19:13	3112040	----a-w-	c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-01-20 19:13	2895976	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-01-08 03:27 . 2011-01-20 19:13	2479720	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-20 19:13	2251368	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-01-08 03:27 . 2011-01-20 19:13	20471912	----a-w-	c:\windows\system32\nvoglv64.dll
2011-01-08 03:27 . 2011-01-20 19:13	18580072	----a-w-	c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-01-20 19:13	1614440	----a-w-	c:\windows\system32\nvdispco642090.dll
2011-01-08 03:27 . 2011-01-20 19:13	15047272	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-01-08 03:27 . 2011-01-20 19:13	1359976	----a-w-	c:\windows\system32\nvgenco642040.dll
2011-01-08 03:27 . 2011-01-20 19:13	13011560	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-01-08 03:27 . 2011-01-20 19:13	12961640	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2010-10-28 19:55	10078312	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-01-08 03:27 . 2010-03-10 17:50	7729256	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-01-08 03:27 . 2010-03-10 17:50	2200680	----a-w-	c:\windows\system32\nvapi64.dll
2011-01-08 03:27 . 2010-03-10 17:50	1965672	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-01-08 03:27 . 2010-03-10 17:50	12859496	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-01-07 19:50 . 2011-01-07 19:50	795752	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-07 19:50 . 2011-01-07 19:50	6143080	----a-w-	c:\windows\system32\nvcpl.dll
2011-01-07 19:49 . 2011-01-07 19:49	3156072	----a-w-	c:\windows\system32\nvsvc64.dll
2011-01-07 19:49 . 2011-01-07 19:49	117864	----a-w-	c:\windows\system32\nvmctray.dll
2011-01-07 19:49 . 2011-01-07 19:49	2558568	----a-w-	c:\windows\system32\nvsvcr.dll
2011-01-07 19:49 . 2011-01-07 19:49	1005160	----a-w-	c:\windows\system32\nvvsvc.exe
2010-12-27 15:11 . 2010-12-27 15:11	127034	------r-	c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2010-12-17 17:22 . 2010-05-26 20:58	4076	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-12-02 09:12 . 2011-01-20 19:13	1359976	----a-w-	c:\windows\system32\nvgenco64hda.dll
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\SysWow64\GPhotos.scr
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2007-03-12 16:59 . 2007-03-12 16:59	299008	----a-w-	c:\program files (x86)\navigram_register.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"JFSW2Launch"="c:\users\Fischmoesi\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe" [2010-02-03 176128]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

c:\users\Fischmoesi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"CTxfiHlp"=CTXFIHLP.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R3 cpuz130;cpuz130;c:\users\FISCHM~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-01 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2002-01-01 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-10-11 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-07-14 230424]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-07-14 95256]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-24 1436424]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CAF3.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [2007-10-24 29432]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 178728]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2002-01-01 871408]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MDES;DVM Meta Data Export Service;c:\asus.sys\CONFIG\DVMExportService.exe [2009-02-18 315392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-03-25 14544]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-07-14 230424]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-07-14 1445912]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-07-14 95256]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2009-10-01 26240]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-07-14 1613336]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 15488]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-13 402720]

.
Inhalt des "geplante Tasks" Ordners

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 20:22]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-11 20:22]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001Core.job
- c:\users\Fischmoesi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 16:47]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220478906-1765848077-1096141842-1001UA.job
- c:\users\Fischmoesi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-10 16:47]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 190472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Fischmoesi\AppData\Roaming\Mozilla\Firefox\Profiles\f1f48eki.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: QuickStores-Toolbar: quickstores@quickstores.de - c:\program files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: FRITZ!Box AddOn: fb_add_on@avm.de - %profile%\extensions\fb_add_on@avm.de
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DHL Packstation Bestellhelfer: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66} - %profile%\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKU-Default-Run-CtxfiReg - CTXFIREG.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CAF3.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"

[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}*]
"paeeekfnacdbdbeehkbomefpfmkljhme"=hex:61,62,6c,6d,6b,65,6c,69,62,68,69,66,6b,
   61,66,67,62,61,6f,6b,65,62,63,65,68,6a,66,6d,6f,67,67,6e,64,6c,00,60

[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fd,35,51,fc,1c,0d,2c,12,f4,77,e4,c8,26,98,dd,e1,8c,43,26,94,9b,36,81,
   8f,c7,63,58,ff,1e,2f,31,43,34,9d,b9,87,89,27,51,76,45,cd,53,3b,e4,1c,4d,ef,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1220478906-1765848077-1096141842-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,31,97,6b,89,d7,d1,63,d3,81,bc,3d,12,5e,6d,2d,c2,1c,b5,fd,13,
   fa,39,7c,87,5b,37,e0,b4,19,3e,f3,80,fc,1f,6a,81,81,5f,53,15,87,9a,fe,01,4b,\
"rkeysecu"=hex:32,73,d6,69,eb,63,ed,a9,db,c5,71,60,2e,a4,91,10

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\ROCCAT\Kone Mouse\osd.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-20  08:29:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-20 07:29

Vor Suchlauf: 18 Verzeichnis(se), 56.442.675.200 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 55.938.134.016 Bytes frei

- - End Of File - - 5A34AAA835B1091943D9347D60E2AE74
         

Alt 20.02.2011, 17:50   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2011, 20:48   #11
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



GMER Log

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-20 20:44:38
Windows 6.1.7600  
Running: 1ignp81j.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507601                                                                       
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                  
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                               C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                               0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                            0xE0 0x70 0xA1 0x16 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                      0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                   0x6D 0xF6 0xC2 0x21 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                              0xDD 0x82 0x8E 0xC3 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507601 (not active ControlSet)                                                   
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                              
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                   C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                   0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                0xE0 0x70 0xA1 0x16 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                     
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                          0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                       0x6D 0xF6 0xC2 0x21 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                  0xDD 0x82 0x8E 0xC3 ...
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}                                   
Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7388AE4-449D-BC29-5E37-3AB14CEF12B3}@paeeekfnacdbdbeehkbomefpfmkljhme  0x61 0x62 0x6C 0x6D ...

---- EOF - GMER 1.0.15 ----
         
Hier MBRCheck Log

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		 (build 7600), 64-bit
Base Board Manufacturer:	ASUSTeK Computer INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		System manufacturer
System Product Name:		System Product Name
Logical Drives Mask:		0x000007fd

Kernel Drivers (total 222):
  0x03655000 \SystemRoot\system32\ntoskrnl.exe
  0x0360C000 \SystemRoot\system32\hal.dll
  0x00BCD000 \SystemRoot\system32\kdcom.dll
  0x00CF9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D3D000 \SystemRoot\system32\PSHED.dll
  0x00D51000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00E15000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00EB9000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EC8000 \SystemRoot\System32\Drivers\spws.sys
  0x00E00000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x00CC0000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x010D2000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x01129000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x01133000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x01140000 \SystemRoot\system32\DRIVERS\pci.sys
  0x01173000 \SystemRoot\System32\drivers\partmgr.sys
  0x01188000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x0119D000 \SystemRoot\System32\drivers\volmgrx.sys
  0x011F9000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x01000000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x01010000 \SystemRoot\System32\drivers\mountmgr.sys
  0x0102A000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x01033000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x0105D000 \SystemRoot\system32\DRIVERS\mv61xx.sys
  0x010A3000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x00DAF000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010AE000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01459000 \SystemRoot\System32\Drivers\msrpc.sys
  0x014B7000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x014D1000 \SystemRoot\System32\Drivers\cng.sys
  0x01544000 \SystemRoot\System32\drivers\pcw.sys
  0x01555000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016B9000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01802000 \SystemRoot\System32\drivers\tcpip.sys
  0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x0155F000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x0169B000 \SystemRoot\System32\Drivers\spldr.sys
  0x015AB000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
  0x016A3000 \SystemRoot\System32\Drivers\mup.sys
  0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01A55000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01ABB000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x01AE5000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x01B16000 \SystemRoot\System32\Drivers\Null.SYS
  0x01B1F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01B26000 \SystemRoot\System32\drivers\vga.sys
  0x01B34000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01B59000 \SystemRoot\System32\drivers\watchdog.sys
  0x01B69000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x01B72000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01B7B000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x01B84000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01B8F000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01BA0000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01BBE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x02E98000 \SystemRoot\system32\drivers\afd.sys
  0x02F22000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x02F67000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x02F70000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x02F96000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x02FA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x02FC0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x02E68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x02E74000 \SystemRoot\System32\drivers\discache.sys
  0x042FF000 \SystemRoot\system32\drivers\csc.sys
  0x04382000 \SystemRoot\System32\Drivers\dfsc.sys
  0x043A0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x043B1000 \SystemRoot\SysWow64\drivers\AsIO.sys
  0x043B7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x043DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x04200000 \SystemRoot\system32\drivers\ctaud2k.sys
  0x042A9000 \SystemRoot\system32\drivers\portcls.sys
  0x02FD4000 \SystemRoot\system32\drivers\drmk.sys
  0x01A00000 \SystemRoot\system32\drivers\ks.sys
  0x01BCB000 \SystemRoot\system32\drivers\ctoss2k.sys
  0x042E6000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0x042EE000 \SystemRoot\system32\drivers\ksthunk.sys
  0x10E7E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x11AD9000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x11ADB000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x10E00000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x10E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x10E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x0448F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x044E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x044F6000 \SystemRoot\system32\DRIVERS\yk62x64.sys
  0x0455B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x04599000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x045A6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0x045AE000 \SystemRoot\SysWOW64\drivers\Afc.sys
  0x045B7000 \SystemRoot\System32\Drivers\AnyDVD.sys
  0x045D9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x04400000 \SystemRoot\System32\Drivers\amrbc5yj.SYS
  0x04444000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x0444D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x0445D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x11BCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x04473000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04C77000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04CA6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04CC1000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04CE2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04CFC000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04D07000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x04D16000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04D87000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x04D89000 \SystemRoot\system32\drivers\WmBEnum.sys
  0x04D8E000 \SystemRoot\system32\drivers\WmXlCore.sys
  0x04DA0000 \SystemRoot\system32\drivers\LGBusEnum.sys
  0x04DA4000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05426000 \SystemRoot\system32\drivers\ha20x22k.sys
  0x055B3000 \SystemRoot\system32\drivers\emupia2k.sys
  0x04D25000 \SystemRoot\system32\drivers\ctsfm2k.sys
  0x05400000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x0540B000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04D5D000 \SystemRoot\System32\drivers\CTHWIUT.SYS
  0x04DB6000 \SystemRoot\System32\drivers\CT20XUT.SYS
  0x05C5A000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
  0x05DBE000 \SystemRoot\system32\drivers\nvhda64v.sys
  0x000F0000 \SystemRoot\System32\win32k.sys
  0x05DE7000 \SystemRoot\System32\drivers\Dxapi.sys
  0x05C00000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x04C5A000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00460000 \SystemRoot\System32\TSDDD.dll
  0x00670000 \SystemRoot\System32\cdd.dll
  0x01A85000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x05C54000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x03E21000 \SystemRoot\system32\drivers\luafv.sys
  0x03E44000 \SystemRoot\system32\drivers\WudfPf.sys
  0x03E65000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x03E73000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x03E7F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x03E88000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x03E9B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x03ED1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x05E06000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
  0x03EEE000 \SystemRoot\system32\drivers\usbaudio.sys
  0x03F09000 \SystemRoot\system32\DRIVERS\lvrs64.sys
  0x05E00000 \SystemRoot\system32\drivers\Kone.sys
  0x03F5B000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x03F69000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x03F82000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x03F8B000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x03F98000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x03FA6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x03FD7000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x06A95000 \SystemRoot\system32\drivers\HTTP.sys
  0x06B5D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x06B7B000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x06B93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x06A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x06A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x06CFC000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0x06D56000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0x06DA5000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0x06C00000 \SystemRoot\system32\drivers\peauth.sys
  0x06CA6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x06CB1000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x06CDE000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x06CF0000 \??\C:\Users\Fischmoesi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
  0x074F0000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x07557000 \SystemRoot\System32\DRIVERS\srv.sys
  0x075F5000 \SystemRoot\system32\DRIVERS\LVPr2M64.sys
  0x0740A000 \SystemRoot\system32\drivers\LGVirHid.sys
  0x0740D000 \SystemRoot\system32\drivers\WmVirHid.sys
  0x07410000 \??\C:\Windows\system32\drivers\mbam.sys
  0x0748B000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x07493000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
  0x074A3000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
  0x77550000 \Windows\System32\ntdll.dll
  0x47660000 \Windows\System32\smss.exe
  0xFF870000 \Windows\System32\apisetschema.dll
  0xFFDE0000 \Windows\System32\autochk.exe
  0xFF750000 \Windows\System32\msctf.dll
  0xFF680000 \Windows\System32\usp10.dll
  0xFF5E0000 \Windows\System32\msvcrt.dll
  0xFF4B0000 \Windows\System32\rpcrt4.dll
  0x77400000 \Windows\System32\urlmon.dll
  0xFF430000 \Windows\System32\difxapi.dll
  0x772E0000 \Windows\System32\kernel32.dll
  0xFE6A0000 \Windows\System32\shell32.dll
  0xFE650000 \Windows\System32\Wldap32.dll
  0xFE630000 \Windows\System32\imagehlp.dll
  0x77720000 \Windows\System32\normaliz.dll
  0xFE610000 \Windows\System32\sechost.dll
  0xFE570000 \Windows\System32\clbcatq.dll
  0xFE560000 \Windows\System32\lpk.dll
  0xFE350000 \Windows\System32\ole32.dll
  0xFE270000 \Windows\System32\oleaut32.dll
  0x770D0000 \Windows\System32\iertutil.dll
  0xFE190000 \Windows\System32\advapi32.dll
  0xFE180000 \Windows\System32\nsi.dll
  0xFE150000 \Windows\System32\imm32.dll
  0xFE100000 \Windows\System32\ws2_32.dll
  0x76FD0000 \Windows\System32\user32.dll
  0x76E70000 \Windows\System32\wininet.dll
  0xFE080000 \Windows\System32\shlwapi.dll
  0xFDFE0000 \Windows\System32\comdlg32.dll
  0xFDE00000 \Windows\System32\setupapi.dll
  0x77710000 \Windows\System32\psapi.dll
  0xFDD90000 \Windows\System32\gdi32.dll
  0xFDCF0000 \Windows\System32\comctl32.dll
  0xFDCB0000 \Windows\System32\cfgmgr32.dll
  0xFDC70000 \Windows\System32\wintrust.dll
  0xFDC00000 \Windows\System32\KernelBase.dll
  0xFDA90000 \Windows\System32\crypt32.dll
  0xFDA70000 \Windows\System32\devobj.dll
  0xFDA60000 \Windows\System32\msasn1.dll
  0x77700000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):
       0 System Idle Process
       4 System
     452 C:\Windows\System32\smss.exe
     568 csrss.exe
     644 C:\Windows\System32\wininit.exe
     668 csrss.exe
     704 C:\Windows\System32\services.exe
     720 C:\Windows\System32\lsass.exe
     728 C:\Windows\System32\lsm.exe
     840 C:\Windows\System32\svchost.exe
     884 C:\Windows\System32\winlogon.exe
     948 C:\Windows\System32\nvvsvc.exe
    1008 C:\Windows\System32\svchost.exe
     468 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
     656 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\svchost.exe
    1216 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1316 C:\Windows\System32\svchost.exe
    1520 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1532 C:\Windows\System32\nvvsvc.exe
    1592 WUDFHost.exe
    1776 WUDFHost.exe
    1836 C:\Windows\System32\svchost.exe
    1956 C:\Windows\System32\spoolsv.exe
    1996 C:\Windows\System32\svchost.exe
    1648 C:\Windows\System32\AEADISRV.EXE
    1732 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2032 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    1452 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1716 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    1636 C:\Windows\System32\svchost.exe
    2052 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    2136 C:\ASUS.SYS\CONFIG\DVMExportService.exe
    2204 C:\Windows\SysWOW64\PnkBstrA.exe
    2228 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2276 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2308 C:\Windows\System32\svchost.exe
    2336 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    2416 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2496 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2800 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2092 C:\Windows\System32\dwm.exe
    2968 C:\Windows\explorer.exe
    3472 C:\Windows\System32\SearchIndexer.exe
    3692 C:\Windows\System32\svchost.exe
    3936 C:\Windows\System32\taskhost.exe
    3096 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    4144 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    5092 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5852 taskhost.exe
    5740 C:\Program Files\Microsoft Security Client\msseces.exe
    5768 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    6036 C:\Program Files\Windows Sidebar\sidebar.exe
    5232 C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe
    6096 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    4704 C:\Program Files\ASUS\TurboV\TurboV.exe
    2296 C:\Windows\SysWOW64\CTxfispi.exe
    6184 C:\Windows\System32\svchost.exe
    6888 dllhost.exe
    7020 WmiPrvSE.exe
    8140 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    8448 C:\Program Files\Internet Explorer\iexplore.exe
    8852 C:\Program Files\Internet Explorer\iexplore.exe
    8184 C:\Program Files\Internet Explorer\iexplore.exe
    1508 C:\Program Files\Internet Explorer\iexplore.exe
     544 C:\Program Files\Internet Explorer\iexplore.exe
    7868 C:\Program Files\Internet Explorer\iexplore.exe
    7424 WUDFHost.exe
    4292 C:\Program Files\Internet Explorer\iexplore.exe
    4232 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    7564 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3872 C:\Windows\System32\taskhost.exe
    7228 C:\Program Files\Internet Explorer\iexplore.exe
    9152 C:\Program Files\Internet Explorer\iexplore.exe
    4472 C:\Windows\System32\audiodg.exe
    1580 C:\Windows\System32\SearchProtocolHost.exe
    9084 C:\Windows\System32\SearchFilterHost.exe
     516 C:\Users\Fischmoesi\Desktop\MBRCheck.exe
    9268 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`06500000  (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)
\\.\G: --> \\.\PhysicalDrive3 at offset 0x00000000`00100000  (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00  (FAT32)

PhysicalDrive2 Model Number: WDCWD1500HLFS-01G6U1, Rev: 04.04V02
PhysicalDrive4 Model Number: WDCWD3000GLFS-01F8U0, Rev: 03.03V01
PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
PhysicalDrive3 Model Number: SAMSUNGHD103UJ, Rev: 1AA01118
PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.AAD   
PhysicalDrive5 Model Number: WDC WD1600BB-00RDA0, Rev: 

      Size  Device Name          MBR Status
  --------------------------------------------
    139 GB  \\.\PhysicalDrive2   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    279 GB  \\.\PhysicalDrive4   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB  \\.\PhysicalDrive1   Unknown MBR code
            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
    931 GB  \\.\PhysicalDrive3   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    149 GB  \\.\PhysicalDrive5   RE: Unknown MBR code
            SHA1: 4597B86E5C26EF38751DCC0504D119D7F3351C8A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!
         

Alt 21.02.2011, 11:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Du hast 6 Festplatten im Rechner??
Ist nur auf einer ein Betriebssystem installiert?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2011, 13:43   #13
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Ich habe 5 im Rechner und 1 ist USB Platte.

Das Betriebssystem ist nur auf 1 installiert.

Alt 21.02.2011, 14:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Dann gehts i.O.
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2011, 19:57   #15
Bluecobra0
 
iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Standard

iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher



Malearebytes

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5829

Windows 6.1.7600
Internet Explorer 9.0.8080.16413

21.02.2011 15:45:04
mbam-log-2011-02-21 (15-45-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|K:\|)
Durchsuchte Objekte: 782009
Laufzeit: 1 Stunde(n), 25 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
SUPERAntiSpyware fehlt noch

Antwort

Themen zu iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher
arbeitsspeicher, beendet, betrieb, datei, defender, desktop, erscheint, explorer, frage, fragen, hoffe, iexplore.exe, interne, internet, internet explorer, langsamer, leute, manager, mehrfach, programme, prozess, rechner, security, stunden, task manager



Ähnliche Themen: iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher


  1. CPU Auslastung 95-100% svchost.exe (netsvcs) Prozess im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (10)
  2. Russicher Prozess im Task Manager+Malware zeigt 3 Infizierungen
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (5)
  3. iexplore.exe öffnet sich automatisch im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (12)
  4. iexplore multipel im task manager, wave auf null
    Log-Analyse und Auswertung - 09.08.2010 (9)
  5. IEXPLORE.EXE im Task Manager, PC lahm, ie öffnet ab und zu Werbung
    Log-Analyse und Auswertung - 15.07.2010 (1)
  6. 2-4x iexplore.exe im Task-Manager (Lautstärke unverändert)
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
  7. iexplore.exe 3-mal im Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 05.07.2010 (15)
  8. IEXPLORE.EXE mehrmals im Task-Manager
    Log-Analyse und Auswertung - 18.01.2010 (28)
  9. 2 mal iexplore.exe im task-manager
    Log-Analyse und Auswertung - 15.01.2010 (5)
  10. Task Manager: Prozess SYSTEM
    Plagegeister aller Art und deren Bekämpfung - 24.12.2009 (5)
  11. iexplore.exe wird doppelt im Task Manager angezeigt
    Log-Analyse und Auswertung - 15.11.2009 (5)
  12. iexplore.exe 2 mal in Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 16.09.2009 (7)
  13. iexplore.exe 2 mal im Task-Manager
    Mülltonne - 15.09.2009 (1)
  14. iexplore.exe erscheint immer wieder im Task-Manager
    Log-Analyse und Auswertung - 10.08.2008 (3)
  15. Iexplore.exe 2 mal im Task Manager !HILFE!
    Log-Analyse und Auswertung - 02.08.2007 (15)
  16. IEXPLORE.EXE doppelt im Task-Manager
    Log-Analyse und Auswertung - 25.01.2006 (3)
  17. problem mit iexplore.exe im task-manager
    Plagegeister aller Art und deren Bekämpfung - 12.08.2004 (1)

Zum Thema iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher - Hi Leute, ich hoffe Ihr könnt mir weiterhelfen. Seit einigen Tagen ist mir aufgefallen dass mein Rechner langsamer wird und im Task Manager der Prozess iexplore.exe geöffnet bzw. sich mehrfach - iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher...
Archiv
Du betrachtest: iexplore.exe / über 10 mal im Task Manager / Prozess belegt Arbeitsspeicher auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.