Hallo
ich habe mir den Bundespolizei Trojaner eingefangen und nun im abgesicherten Modus einen WScan gemacht.
Code:OTL logfile created on: 03.12.2011 13:48:18 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Peter\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,35% Memory free 8,00 Gb Paging File | 6,94 Gb Available in Paging File | 86,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,01 Gb Total Space | 44,55 Gb Free Space | 44,55% Space Free | Partition Type: NTFS Drive D: | 831,50 Gb Total Space | 682,12 Gb Free Space | 82,03% Space Free | Partition Type: NTFS Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.03 13:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe PRC - [2011.12.03 13:01:27 | 001,962,152 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\decleaner\setup\deCleaner.exe PRC - [2011.12.03 13:01:09 | 000,514,216 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe PRC - [2011.11.09 17:21:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.17 09:30:23 | 000,299,688 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\avwebloader.exe ========== Modules (No Company Name) ========== MOD - [2011.11.09 17:21:34 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.02 20:52:06 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.02.04 11:39:40 | 000,126,824 | ---- | M] () -- C:\Users\Peter\AppData\Local\Temp\decleaner\scewxmlw.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.06 16:49:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.05.27 17:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.06 16:54:54 | 002,026,304 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.06 16:49:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 15:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.03 21:41:22 | 000,743,192 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.03 12:59:25 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162) DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.28 11:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.07.22 16:02:35 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140) DRV:64bit: - [2010.07.22 16:02:32 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.07.22 16:02:32 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2010.07.22 16:02:30 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.05.27 18:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 17:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.13 08:04:38 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.25 09:13:26 | 000,205,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.03 16:46:14 | 000,077,952 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV:64bit: - [2009.02.03 16:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV:64bit: - [2007.09.17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2011.07.28 11:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kiebel.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084 IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.13 14:39:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:21:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 22:22:57 | 000,000,000 | ---D | M] [2010.11.20 19:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions [2010.11.20 19:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2011.11.11 11:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions [2011.02.24 21:00:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 11:47:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.09 17:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.09 17:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008.06.19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll [2008.06.19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 17:38:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.08 17:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.08 17:38:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 17:38:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 17:38:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 17:38:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Personal ID] C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf) O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [*NMRUI] C:\Users\Peter\Desktop\de_cleaner.exe (Symantec Corporation) O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3:64bit: - HKCU WinNT: Load - (C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe) - C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe () F3 - HKCU WinNT: Load - (C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe) -C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: amazon.de ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87F7A994-F44E-4345-B88E-03ECE07BAB9D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 13:47:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2011.12.03 13:00:42 | 099,084,008 | ---- | C] ( ) -- C:\Users\Peter\Desktop\setup_9.0.0.722_27.11.2011_06-22.exe [2011.12.03 12:59:25 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.12.03 12:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.12.03 12:59:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\NPE [2011.12.03 12:59:01 | 006,161,912 | ---- | C] (Symantec Corporation) -- C:\Users\Peter\Desktop\de_cleaner.exe [2011.12.03 01:09:34 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Avira [2011.12.03 01:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.03 01:09:11 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.03 01:09:11 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.03 01:09:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.03 01:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.03 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.11.23 14:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.23 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.23 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.23 14:52:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.21 15:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign [2011.11.21 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase [2011.11.20 21:20:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\TIPP10 [2011.11.20 21:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [2011.11.17 17:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.13 13:55:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Games ========== Files - Modified Within 30 Days ========== [2011.12.03 13:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2011.12.03 13:46:48 | 000,000,000 | ---- | M] () -- C:\Users\Peter\defogger_reenable [2011.12.03 13:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe [2011.12.03 13:03:13 | 099,084,008 | ---- | M] ( ) -- C:\Users\Peter\Desktop\setup_9.0.0.722_27.11.2011_06-22.exe [2011.12.03 13:00:58 | 000,002,022 | ---- | M] () -- C:\Users\Peter\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.03 13:00:58 | 000,001,951 | ---- | M] () -- C:\Users\Peter\Desktop\Avira DE-Cleaner.lnk [2011.12.03 12:59:37 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR162.dat [2011.12.03 12:59:31 | 000,000,761 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\SMRBackup162.dat [2011.12.03 12:59:25 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.12.03 12:59:08 | 006,161,912 | ---- | M] (Symantec Corporation) -- C:\Users\Peter\Desktop\de_cleaner.exe [2011.12.03 12:58:02 | 000,883,840 | ---- | M] () -- C:\Users\Peter\Desktop\Avira-DE-Cleaner.exe [2011.12.03 01:15:21 | 056,877,146 | ---- | M] () -- C:\Users\Peter\Desktop\vdf_fusebundle.zip [2011.12.03 01:12:48 | 001,766,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 01:12:48 | 000,759,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 01:12:48 | 000,703,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 01:12:48 | 000,169,072 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 01:12:48 | 000,137,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.03 01:09:26 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.03 01:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 01:02:28 | 084,419,032 | ---- | M] () -- C:\Users\Peter\Desktop\avira_free_antivirus_de.exe [2011.12.03 00:58:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.03 00:54:37 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 00:19:05 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 00:19:05 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 16:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.23 14:54:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.21 15:53:19 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2011.lnk [2011.11.21 15:48:16 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2010.lnk [2011.11.21 15:34:49 | 000,000,153 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.21 15:19:38 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN Bibliothek 2012.lnk [2011.11.21 15:18:43 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2011.11.21 09:38:34 | 000,096,102 | ---- | M] () -- C:\Users\Peter\Desktop\TV Ticket Service_ Eintrittskarten für Fernseh-Sendungen.pdf [2011.11.20 21:20:11 | 000,000,692 | ---- | M] () -- C:\Users\Peter\Desktop\TIPP10.lnk [2011.11.17 17:21:42 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.15 11:51:31 | 000,041,377 | ---- | M] () -- C:\Users\Peter\Desktop\Muster017.pdf [2011.11.13 13:55:12 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2011.11.09 17:08:21 | 000,350,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.12.03 13:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Peter\defogger_reenable [2011.12.03 13:45:59 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe [2011.12.03 13:00:58 | 000,002,022 | ---- | C] () -- C:\Users\Peter\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.03 13:00:58 | 000,001,951 | ---- | C] () -- C:\Users\Peter\Desktop\Avira DE-Cleaner.lnk [2011.12.03 12:59:31 | 000,000,761 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\SMRBackup162.dat [2011.12.03 12:59:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR162.dat [2011.12.03 12:58:09 | 000,883,840 | ---- | C] () -- C:\Users\Peter\Desktop\Avira-DE-Cleaner.exe [2011.12.03 01:11:40 | 056,877,146 | ---- | C] () -- C:\Users\Peter\Desktop\vdf_fusebundle.zip [2011.12.03 01:09:26 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.03 00:58:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.03 00:57:41 | 084,419,032 | ---- | C] () -- C:\Users\Peter\Desktop\avira_free_antivirus_de.exe [2011.11.23 14:54:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.21 15:48:16 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2010.lnk [2011.11.21 15:34:49 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.21 15:19:38 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN Bibliothek 2012.lnk [2011.11.21 15:18:43 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2011.11.21 09:38:34 | 000,096,102 | ---- | C] () -- C:\Users\Peter\Desktop\TV Ticket Service_ Eintrittskarten für Fernseh-Sendungen.pdf [2011.11.20 21:20:11 | 000,000,692 | ---- | C] () -- C:\Users\Peter\Desktop\TIPP10.lnk [2011.11.17 17:21:42 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.15 11:51:31 | 000,041,377 | ---- | C] () -- C:\Users\Peter\Desktop\Muster017.pdf [2011.11.13 13:55:12 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf [2011.11.08 10:56:09 | 005,133,509 | ---- | C] () -- C:\Users\Peter\Desktop\IMG_8450.JPG [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.06.10 11:53:49 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2011.04.30 15:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{D431F69B-9F80-4998-8606-16B2FF4763C2} [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.13 15:06:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.11.03 22:34:25 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.10.17 19:03:42 | 001,653,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.24 12:27:18 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI [2010.08.27 16:22:42 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.08.19 16:11:13 | 000,003,314 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.08.14 18:02:08 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll [2010.08.14 13:07:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.14 12:46:47 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.08.11 19:14:48 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.08.01 15:26:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.25 18:27:31 | 000,027,648 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.25 13:49:01 | 000,000,130 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\default.rss [2010.07.24 20:05:40 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2010.07.24 20:05:40 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2010.07.24 20:05:40 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2010.07.24 20:05:40 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2010.07.24 20:05:40 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2010.07.24 20:05:40 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2010.07.24 20:05:40 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2010.07.24 20:05:40 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2010.07.24 20:05:40 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2010.07.24 20:05:40 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2010.07.24 20:05:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2010.07.24 20:05:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2010.07.24 20:05:40 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2010.07.24 20:05:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2010.07.24 20:05:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2010.07.24 20:05:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2010.07.24 20:05:40 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2010.07.24 20:05:40 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010.07.24 20:05:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.06.21 12:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.21 12:03:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.06.21 12:03:04 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.06.21 12:03:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.06.21 12:03:01 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.06.21 11:29:41 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.06.21 11:29:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.21 11:29:40 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.21 11:29:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.04.29 16:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll [2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll [2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:96D0C06F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:42D9E231 < End of report >Code:OTL logfile created on: 03.12.2011 13:48:18 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Peter\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,35% Memory free 8,00 Gb Paging File | 6,94 Gb Available in Paging File | 86,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,01 Gb Total Space | 44,55 Gb Free Space | 44,55% Space Free | Partition Type: NTFS Drive D: | 831,50 Gb Total Space | 682,12 Gb Free Space | 82,03% Space Free | Partition Type: NTFS Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.03 13:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe PRC - [2011.12.03 13:01:27 | 001,962,152 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\decleaner\setup\deCleaner.exe PRC - [2011.12.03 13:01:09 | 000,514,216 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe PRC - [2011.11.09 17:21:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.17 09:30:23 | 000,299,688 | ---- | M] (Avira GmbH) -- C:\Users\Peter\AppData\Local\Temp\decleaner\avwebloader.exe ========== Modules (No Company Name) ========== MOD - [2011.11.09 17:21:34 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.02 20:52:06 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.02.04 11:39:40 | 000,126,824 | ---- | M] () -- C:\Users\Peter\AppData\Local\Temp\decleaner\scewxmlw.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.06.06 16:49:50 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.05.27 17:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.12 08:58:19 | 000,688,648 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.06.06 16:54:54 | 002,026,304 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.06 16:49:44 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009.08.10 15:01:04 | 000,626,208 | ---- | M] () [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009.06.18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.03 21:41:22 | 000,743,192 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.03 12:59:25 | 000,090,232 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR162.SYS -- (SMR162) DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.28 11:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2010.07.22 16:02:35 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm140.sys -- (tdrpman140) Acronis Try&Decide and Restore Points filter (build 140) DRV:64bit: - [2010.07.22 16:02:32 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.07.22 16:02:32 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2010.07.22 16:02:30 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.05.27 18:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 17:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.13 08:04:38 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.25 09:13:26 | 000,205,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.03 16:46:14 | 000,077,952 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV:64bit: - [2009.02.03 16:40:13 | 000,077,432 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) DRV:64bit: - [2007.09.17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2011.07.28 11:27:17 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kiebel.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2206084 IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.02.13 14:39:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:21:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 22:22:57 | 000,000,000 | ---D | M] [2010.11.20 19:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions [2010.11.20 19:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2011.11.11 11:47:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions [2011.02.24 21:00:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 11:47:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\jyhzdx6r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.09 17:21:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.09 17:21:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008.06.19 10:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll [2008.06.19 10:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 17:38:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.08 17:38:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.08 17:38:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 17:38:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 17:38:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 17:38:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Personal ID] C:\PROGRA~2\COOLSP~1\PERSON~1\PID.EXE (coolspot AG, Düsseldorf) O4:64bit: - HKLM..\RunOnce: [GrpConv] C:\Windows\SysNative\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [*NMRUI] C:\Users\Peter\Desktop\de_cleaner.exe (Symantec Corporation) O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3:64bit: - HKCU WinNT: Load - (C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe) - C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe () F3 - HKCU WinNT: Load - (C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe) -C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: amazon.de ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87F7A994-F44E-4345-B88E-03ECE07BAB9D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 13:47:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2011.12.03 13:00:42 | 099,084,008 | ---- | C] ( ) -- C:\Users\Peter\Desktop\setup_9.0.0.722_27.11.2011_06-22.exe [2011.12.03 12:59:25 | 000,090,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.12.03 12:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.12.03 12:59:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\NPE [2011.12.03 12:59:01 | 006,161,912 | ---- | C] (Symantec Corporation) -- C:\Users\Peter\Desktop\de_cleaner.exe [2011.12.03 01:09:34 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Avira [2011.12.03 01:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.03 01:09:11 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.03 01:09:11 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.03 01:09:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.03 01:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.03 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.11.23 14:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.23 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.23 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.23 14:52:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.21 15:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign [2011.11.21 15:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase [2011.11.20 21:20:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\TIPP10 [2011.11.20 21:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10 [2011.11.17 17:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.13 13:55:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Games ========== Files - Modified Within 30 Days ========== [2011.12.03 13:47:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2011.12.03 13:46:48 | 000,000,000 | ---- | M] () -- C:\Users\Peter\defogger_reenable [2011.12.03 13:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe [2011.12.03 13:03:13 | 099,084,008 | ---- | M] ( ) -- C:\Users\Peter\Desktop\setup_9.0.0.722_27.11.2011_06-22.exe [2011.12.03 13:00:58 | 000,002,022 | ---- | M] () -- C:\Users\Peter\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.03 13:00:58 | 000,001,951 | ---- | M] () -- C:\Users\Peter\Desktop\Avira DE-Cleaner.lnk [2011.12.03 12:59:37 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR162.dat [2011.12.03 12:59:31 | 000,000,761 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\SMRBackup162.dat [2011.12.03 12:59:25 | 000,090,232 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR162.SYS [2011.12.03 12:59:08 | 006,161,912 | ---- | M] (Symantec Corporation) -- C:\Users\Peter\Desktop\de_cleaner.exe [2011.12.03 12:58:02 | 000,883,840 | ---- | M] () -- C:\Users\Peter\Desktop\Avira-DE-Cleaner.exe [2011.12.03 01:15:21 | 056,877,146 | ---- | M] () -- C:\Users\Peter\Desktop\vdf_fusebundle.zip [2011.12.03 01:12:48 | 001,766,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 01:12:48 | 000,759,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 01:12:48 | 000,703,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 01:12:48 | 000,169,072 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 01:12:48 | 000,137,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.03 01:09:26 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.03 01:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 01:02:28 | 084,419,032 | ---- | M] () -- C:\Users\Peter\Desktop\avira_free_antivirus_de.exe [2011.12.03 00:58:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.03 00:54:37 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 00:19:05 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 00:19:05 | 000,019,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.01 16:20:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.23 14:54:54 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.21 15:53:19 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2011.lnk [2011.11.21 15:48:16 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2010.lnk [2011.11.21 15:34:49 | 000,000,153 | ---- | M] () -- C:\Windows\ODBC.INI [2011.11.21 15:19:38 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN Bibliothek 2012.lnk [2011.11.21 15:18:43 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2011.11.21 09:38:34 | 000,096,102 | ---- | M] () -- C:\Users\Peter\Desktop\TV Ticket Service_ Eintrittskarten für Fernseh-Sendungen.pdf [2011.11.20 21:20:11 | 000,000,692 | ---- | M] () -- C:\Users\Peter\Desktop\TIPP10.lnk [2011.11.17 17:21:42 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.15 11:51:31 | 000,041,377 | ---- | M] () -- C:\Users\Peter\Desktop\Muster017.pdf [2011.11.13 13:55:12 | 000,000,628 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2011.11.09 17:08:21 | 000,350,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.12.03 13:46:48 | 000,000,000 | ---- | C] () -- C:\Users\Peter\defogger_reenable [2011.12.03 13:45:59 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe [2011.12.03 13:00:58 | 000,002,022 | ---- | C] () -- C:\Users\Peter\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.12.03 13:00:58 | 000,001,951 | ---- | C] () -- C:\Users\Peter\Desktop\Avira DE-Cleaner.lnk [2011.12.03 12:59:31 | 000,000,761 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\SMRBackup162.dat [2011.12.03 12:59:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR162.dat [2011.12.03 12:58:09 | 000,883,840 | ---- | C] () -- C:\Users\Peter\Desktop\Avira-DE-Cleaner.exe [2011.12.03 01:11:40 | 056,877,146 | ---- | C] () -- C:\Users\Peter\Desktop\vdf_fusebundle.zip [2011.12.03 01:09:26 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.12.03 00:58:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.03 00:57:41 | 084,419,032 | ---- | C] () -- C:\Users\Peter\Desktop\avira_free_antivirus_de.exe [2011.11.23 14:54:54 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.21 15:48:16 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2010.lnk [2011.11.21 15:34:49 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI [2011.11.21 15:19:38 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN Bibliothek 2012.lnk [2011.11.21 15:18:43 | 000,002,669 | ---- | C] () -- C:\Users\Public\Desktop\TAXMAN 2012.lnk [2011.11.21 09:38:34 | 000,096,102 | ---- | C] () -- C:\Users\Peter\Desktop\TV Ticket Service_ Eintrittskarten für Fernseh-Sendungen.pdf [2011.11.20 21:20:11 | 000,000,692 | ---- | C] () -- C:\Users\Peter\Desktop\TIPP10.lnk [2011.11.17 17:21:42 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.15 11:51:31 | 000,041,377 | ---- | C] () -- C:\Users\Peter\Desktop\Muster017.pdf [2011.11.13 13:55:12 | 000,000,628 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf [2011.11.08 10:56:09 | 005,133,509 | ---- | C] () -- C:\Users\Peter\Desktop\IMG_8450.JPG [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.06.10 11:53:49 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi [2011.04.30 15:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{D431F69B-9F80-4998-8606-16B2FF4763C2} [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.13 15:06:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.11.03 22:34:25 | 000,000,038 | ---- | C] () -- C:\Windows\osAviSplitter.INI [2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.10.17 19:03:42 | 001,653,284 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.24 12:27:18 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI [2010.08.27 16:22:42 | 000,000,123 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.08.19 16:11:13 | 000,003,314 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.08.14 18:02:08 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll [2010.08.14 13:07:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.14 12:46:47 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010.08.11 19:14:48 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.08.01 15:26:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.25 18:27:31 | 000,027,648 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.25 13:49:01 | 000,000,130 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\default.rss [2010.07.24 20:05:40 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2010.07.24 20:05:40 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2010.07.24 20:05:40 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2010.07.24 20:05:40 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2010.07.24 20:05:40 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2010.07.24 20:05:40 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2010.07.24 20:05:40 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2010.07.24 20:05:40 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2010.07.24 20:05:40 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2010.07.24 20:05:40 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2010.07.24 20:05:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2010.07.24 20:05:40 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2010.07.24 20:05:40 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2010.07.24 20:05:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2010.07.24 20:05:40 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2010.07.24 20:05:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2010.07.24 20:05:40 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2010.07.24 20:05:40 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010.07.24 20:05:40 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.06.21 12:08:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.21 12:03:04 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.06.21 12:03:04 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.06.21 12:03:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.06.21 12:03:01 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.06.21 11:29:41 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.06.21 11:29:41 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.06.21 11:29:40 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.21 11:29:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.04.29 16:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll [2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll [2006.04.21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll [2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:96D0C06F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:42D9E231 < End of report >[CODE]Code:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.1.7601] C: 03.12.2011 14:20 C:\Program Files (x86) --------- 32768 03.12.2011 14:10 C:\ProgramData --------- 12288 03.12.2011 12:59 C:\Windows --------- 24576 C:\pagefile.sys --------- 28.11.2011 23:54 C:\System Volume Information --------- 20480 23.11.2011 14:59 C:\Config.Msi --------- 0 23.11.2011 14:54 C:\Program Files --------- 8192 18.11.2011 19:31 C:\$Recycle.Bin --------- 4096 23.09.2011 19:54 C:\Users --------- 4096 07.08.2011 11:37 C:\Boot --------- 4096 20.11.2010 13:40 C:\bootmgr --------- 383786 17.10.2010 19:02 C:\inetpub --------- 0 14.08.2010 18:02 C:\videooutput --------- 0 25.07.2010 11:53 C:\MSOCache --------- 0 22.07.2010 15:49 C:\Recovery --------- 0 21.06.2010 12:03 C:\ATI --------- 0 21.06.2010 11:56 C:\NVIDIA --------- 0 21.06.2010 11:24 C:\BOOTSECT.BAK --------- 8192 21.06.2010 10:29 C:\Programme --------- 0 21.06.2010 10:29 C:\Dokumente und Einstellungen --------- 0 14.07.2009 06:08 C:\Documents and Settings --------- 0 14.07.2009 04:20 C:\PerfLogs --------- 0 ---------------------------------------- C:\Windows 03.12.2011 12:59 C:\Windows\ntbtlog.txt.bak --------- 602030 03.12.2011 01:08 C:\Windows\bootstat.dat --------- 67584 03.12.2011 01:08 C:\Windows\PFRO.log --------- 324 03.12.2011 01:04 C:\Windows\WindowsUpdate.log --------- 1650342 03.12.2011 00:54 C:\Windows\setupact.log --------- 50355 21.11.2011 15:34 C:\Windows\ODBC.INI --------- 153 29.10.2011 16:32 C:\Windows\setuperr.log --------- 0 25.02.2011 07:19 C:\Windows\explorer.exe --------- 2871808 22.11.2010 13:29 C:\Windows\osAviSplitter.INI --------- 38 20.11.2010 14:25 C:\Windows\splwow64.exe --------- 67072 20.11.2010 14:24 C:\Windows\bfsvc.exe --------- 71168 20.11.2010 13:21 C:\Windows\twain_32.dll --------- 51200 29.10.2010 15:51 C:\Windows\NeroDigital.ini --------- 69 24.09.2010 12:27 C:\Windows\DEBUGSM.INI --------- 29 19.08.2010 17:49 C:\Windows\cdplayer.ini --------- 3314 14.08.2010 12:46 C:\Windows\Irremote.ini --------- 4767 08.08.2010 16:47 C:\Windows\setup.iss --------- 1165 21.06.2010 12:08 C:\Windows\ativpsrm.bin --------- 0 04.05.2010 19:35 C:\Windows\atiogl.xml --------- 21360 13.04.2010 08:04 C:\Windows\difxapi.dll --------- 414632 02.02.2010 19:00 C:\Windows\avisplitter.ini --------- 38 14.07.2009 06:09 C:\Windows\win.ini --------- 403 14.07.2009 05:54 C:\Windows\WindowsShell.Manifest --------- 749 14.07.2009 02:39 C:\Windows\write.exe --------- 10240 14.07.2009 02:14 C:\Windows\regedit.exe --------- 398336 14.07.2009 02:39 C:\Windows\notepad.exe --------- 193536 14.07.2009 02:39 C:\Windows\HelpPane.exe --------- 733696 14.07.2009 02:39 C:\Windows\hh.exe --------- 16896 14.07.2009 02:39 C:\Windows\fveupdate.exe --------- 15360 14.07.2009 02:14 C:\Windows\winhlp32.exe --------- 9728 14.07.2009 02:14 C:\Windows\twunk_32.exe --------- 31232 14.07.2009 00:06 C:\Windows\mib.bin --------- 43131 10.06.2009 22:41 C:\Windows\twunk_16.exe --------- 49680 10.06.2009 22:41 C:\Windows\twain.dll --------- 94784 10.06.2009 22:08 C:\Windows\system.ini --------- 219 10.06.2009 21:52 C:\Windows\WMSysPr9.prx --------- 316640 10.06.2009 21:36 C:\Windows\msdfmap.ini --------- 1405 10.06.2009 21:31 C:\Windows\Starter.xml --------- 48201 10.06.2009 21:30 C:\Windows\HomePremium.xml --------- 48265 ---------------------------------------- C:\Windows\System 17.02.2009 13:19 C:\Windows\System\readme.txt --------- 2082 02.12.2007 12:28 C:\Windows\System\PhysXLoader.dll --------- 53248 ---------------------------------------- C:\Windows\System32 03.12.2011 07:30 C:\Windows\system32\drivers --------- 4096 21.11.2011 15:18 C:\Windows\system32\_TraceLog.txt --------- 363 02.11.2011 20:52 C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 414368 24.10.2011 13:29 C:\Windows\system32\QuickTimeVR.qtx --------- 94208 24.10.2011 13:29 C:\Windows\system32\QuickTime.qts --------- 69632 20.10.2011 17:06 C:\Windows\system32\LxXtreme100.dll --------- 4771184 20.10.2011 17:06 C:\Windows\system32\LxUISettingsN100.dll --------- 104304 20.10.2011 17:06 C:\Windows\system32\LxTPSW100.dll --------- 25968 20.10.2011 17:06 C:\Windows\system32\LxTool100.dll --------- 1334128 20.10.2011 17:05 C:\Windows\system32\LxPXTree100.dll --------- 63344 20.10.2011 17:05 C:\Windows\system32\LxMail100.dll --------- 127344 20.10.2011 17:05 C:\Windows\system32\LxBasics100.dll --------- 193904 19.10.2011 18:14 C:\Windows\system32\FKStampPainter20.dll --------- 44032 14.10.2011 12:32 C:\Windows\system32\LXCurr100.dll --------- 49520 14.10.2011 12:32 C:\Windows\system32\LxCI12.dll --------- 67952 13.10.2011 11:21 C:\Windows\system32\migration --------- 4096 27.09.2011 11:17 C:\Windows\system32\LXReportManage.ocx --------- 133632 27.09.2011 11:17 C:\Windows\system32\LXPrnUtil10.dll --------- 198144 27.09.2011 11:16 C:\Windows\system32\LxDNT100.dll --------- 304128 27.09.2011 11:14 C:\Windows\system32\LxDNTvmc100.dll --------- 133120 27.09.2011 11:13 C:\Windows\system32\LxDNTvm100.dll --------- 69120 01.09.2011 03:36 C:\Windows\system32\mshtml.dll --------- 12275200 01.09.2011 03:35 C:\Windows\system32\jscript9.dll --------- 1798144 01.09.2011 03:33 C:\Windows\system32\ieframe.dll --------- 9704960 01.09.2011 03:28 C:\Windows\system32\urlmon.dll --------- 1102848 01.09.2011 03:28 C:\Windows\system32\wininet.dll --------- 1126912 01.09.2011 03:27 C:\Windows\system32\url.dll --------- 231936 01.09.2011 03:26 C:\Windows\system32\jsproxy.dll --------- 65024 01.09.2011 03:24 C:\Windows\system32\jscript.dll --------- 716800 01.09.2011 03:23 C:\Windows\system32\iertutil.dll --------- 1791488 01.09.2011 03:23 C:\Windows\system32\mshtmled.dll --------- 72704 01.09.2011 03:22 C:\Windows\system32\mshtml.tlb --------- 2382848 01.09.2011 03:21 C:\Windows\system32\ieui.dll --------- 176640 30.08.2011 22:05 C:\Windows\system32\jdns_sd.dll --------- 50536 30.08.2011 22:05 C:\Windows\system32\dnssdX.dll --------- 178536 30.08.2011 22:05 C:\Windows\system32\dns-sd.exe --------- 83816 30.08.2011 22:05 C:\Windows\system32\dnssd.dll --------- 73064 27.08.2011 05:26 C:\Windows\system32\oleaut32.dll --------- 571904 27.08.2011 05:26 C:\Windows\system32\oleacc.dll --------- 233472 24.08.2011 17:20 C:\Windows\system32\de-DE --------- 262144 17.08.2011 05:24 C:\Windows\system32\psisdecd.dll --------- 465408 17.08.2011 05:19 C:\Windows\system32\psisrndr.ax --------- 75776 16.07.2011 05:29 C:\Windows\system32\ntvdm64.dll --------- 14336 16.07.2011 05:25 C:\Windows\system32\setup16.exe --------- 25600 16.07.2011 05:24 C:\Windows\system32\wow32.dll --------- 5120 16.07.2011 05:24 C:\Windows\system32\KernelBase.dll --------- 272384 16.07.2011 05:24 C:\Windows\system32\kernel32.dll --------- 1114112 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 4096 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll --------- 3072 16.07.2011 05:15 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll --------- 3072 16.07.2011 03:21 C:\Windows\system32\instnm.exe --------- 7680 16.07.2011 03:21 C:\Windows\system32\user.exe --------- 2048 16.07.2011 03:17 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3584 16.07.2011 03:17 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072 16.07.2011 03:17 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608 16.07.2011 03:17 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144 09.07.2011 05:29 C:\Windows\system32\tzres.dll --------- 2048 30.06.2011 13:05 C:\Windows\system32\da-DK --------- 4096 30.06.2011 13:05 C:\Windows\system32\oobe --------- 0 30.06.2011 13:05 C:\Windows\system32\AdvancedInstallers --------- 0 30.06.2011 13:05 C:\Windows\system32\Setup --------- 4096 30.06.2011 13:05 C:\Windows\system32\cs-CZ --------- 4096 30.06.2011 13:05 C:\Windows\system32\manifeststore --------- 4096 30.06.2011 13:05 C:\Windows\system32\sppui --------- 0 30.06.2011 13:05 C:\Windows\system32\es-ES --------- 4096 30.06.2011 13:05 C:\Windows\system32\inetsrv --------- 8192 30.06.2011 13:05 C:\Windows\system32\wbem --------- 32768 30.06.2011 13:05 C:\Windows\system32\migwiz --------- 4096 30.06.2011 13:05 C:\Windows\system32\Dism --------- 4096 30.06.2011 12:49 C:\Windows\system32\msclmd.dll --------- 152576 23.06.2011 05:33 C:\Windows\system32\ntkrnlpa.exe --------- 3967872 23.06.2011 05:33 C:\Windows\system32\ntoskrnl.exe --------- 3912576 16.06.2011 05:33 C:\Windows\system32\xmllite.dll --------- 180224 15.06.2011 09:55 C:\Windows\system32\odbcjt32.dll --------- 319488 15.06.2011 09:55 C:\Windows\system32\odbctrac.dll --------- 163840 15.06.2011 09:55 C:\Windows\system32\odbccu32.dll --------- 86016 15.06.2011 09:55 C:\Windows\system32\odbccr32.dll --------- 81920 15.06.2011 09:55 C:\Windows\system32\odbccp32.dll --------- 122880 11.06.2011 00:58 C:\Windows\system32\msvcr100.dll --------- 773968 ---------------------------------------- C:\Windows\Prefetch 03.12.2011 00:53 C:\Windows\Prefetch\ReadyBoot --------- 4096 03.12.2011 00:52 C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 2251789 03.12.2011 00:52 C:\Windows\Prefetch\AgGlFaultHistory.db --------- 560739 03.12.2011 00:52 C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 4948177 03.12.2011 00:52 C:\Windows\Prefetch\AgRobust.db --------- 299656 03.12.2011 00:52 C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584 03.12.2011 00:52 C:\Windows\Prefetch\AgCx_SC3_E4C39F7CC2B52157.db --------- 429559 03.12.2011 00:52 C:\Windows\Prefetch\TUNEUPUTILITIESAPP64.EXE-EDBD8849.pf --------- 11594 03.12.2011 00:52 C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 173150 03.12.2011 00:52 C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 52704 03.12.2011 00:51 C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 30508 03.12.2011 00:51 C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf --------- 8536 03.12.2011 00:51 C:\Windows\Prefetch\ATIECLXX.EXE-19F63085.pf --------- 16018 03.12.2011 00:51 C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf --------- 36660 03.12.2011 00:51 C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf --------- 19050 03.12.2011 00:51 C:\Windows\Prefetch\READER_SL.EXE-F021BC49.pf --------- 30772 03.12.2011 00:51 C:\Windows\Prefetch\SMSS.EXE-1DCD0EB1.pf --------- 5500 03.12.2011 00:51 C:\Windows\Prefetch\AgCx_S1_S-1-5-21-842238141-2409979310-1428428874-1000.snp.db --------- 2438636 03.12.2011 00:51 C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 42178 03.12.2011 00:51 C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 15538 03.12.2011 00:51 C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 35908 03.12.2011 00:51 C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 15898 03.12.2011 00:51 C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 29722 03.12.2011 00:18 C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 48952 03.12.2011 00:17 C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 12080 03.12.2011 00:17 C:\Windows\Prefetch\MBAMSERVICE.EXE-61E9265F.pf --------- 50860 03.12.2011 00:17 C:\Windows\Prefetch\AVWSC.EXE-3F986FB6.pf --------- 38568 03.12.2011 00:17 C:\Windows\Prefetch\GOOGLEUPDATE.EXE-648FB068.pf --------- 38976 03.12.2011 00:17 C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-0B9BB945.pf --------- 23846 03.12.2011 00:17 C:\Windows\Prefetch\MSCORSVW.EXE-98F0699A.pf --------- 21516 03.12.2011 00:17 C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf --------- 18108 03.12.2011 00:16 C:\Windows\Prefetch\SVCHOST.EXE-F03E4D6B.pf --------- 214494 03.12.2011 00:14 C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 8594 03.12.2011 00:13 C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 122316 03.12.2011 00:08 C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-842238141-2409979310-1428428874-1000.db --------- 788992 03.12.2011 00:08 C:\Windows\Prefetch\AgGlUAD_S-1-5-21-842238141-2409979310-1428428874-1000.db --------- 2112857 02.12.2011 23:59 C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 17478 02.12.2011 23:59 C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 26520 02.12.2011 23:59 C:\Windows\Prefetch\LPREMOVE.EXE-F992050D.pf --------- 2388 02.12.2011 23:52 C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 271496 02.12.2011 23:49 C:\Windows\Prefetch\Layout.ini --------- 1164118 02.12.2011 23:36 C:\Windows\Prefetch\ONECLICKSTARTER.EXE-668CF5BA.pf --------- 100450 02.12.2011 23:36 C:\Windows\Prefetch\SVCHOST.EXE-F59CA9BD.pf --------- 17506 02.12.2011 23:35 C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 25912 02.12.2011 19:58 C:\Windows\Prefetch\FIREFOX.EXE-FBBD985A.pf --------- 236362 02.12.2011 19:57 C:\Windows\Prefetch\CTFMON.EXE-79423C0A.pf --------- 23158 02.12.2011 19:57 C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 28448 02.12.2011 19:57 C:\Windows\Prefetch\EXTRAC32.EXE-F25A1F4B.pf --------- 23846 02.12.2011 19:56 C:\Windows\Prefetch\SVCHOST.EXE-7A08330A.pf --------- 23022 02.12.2011 19:56 C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-78000DE6.pf --------- 517938 02.12.2011 19:56 C:\Windows\Prefetch\JAVA.EXE-E3C0BFD0.pf --------- 119108 02.12.2011 19:56 C:\Windows\Prefetch\JP2LAUNCHER.EXE-B55ED0F4.pf --------- 19318 02.12.2011 19:56 C:\Windows\Prefetch\NETSH.EXE-19B647C9.pf --------- 55538 02.12.2011 19:56 C:\Windows\Prefetch\0.749043411130123DF35.EXE-0091D18B.pf --------- 18718 02.12.2011 19:43 C:\Windows\Prefetch\SCRNSAVE.SCR-225A7D32.pf --------- 8586 02.12.2011 19:42 C:\Windows\Prefetch\WMIPRVSE.EXE-94D7CB13.pf --------- 31688 02.12.2011 19:41 C:\Windows\Prefetch\TUNEUPSYSTEMSTATUSCHECK.EXE-53D191D1.pf --------- 220640 02.12.2011 19:38 C:\Windows\Prefetch\TURATINGSYNCH.EXE-F4A529A8.pf --------- 206530 02.12.2011 19:38 C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf --------- 18688 02.12.2011 19:34 C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf --------- 29992 02.12.2011 19:34 C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf --------- 41542 02.12.2011 17:49 C:\Windows\Prefetch\XNVIEW.EXE-0F07D516.pf --------- 154170 02.12.2011 17:37 C:\Windows\Prefetch\IELOWUTIL.EXE-31ED7BBC.pf --------- 5424 02.12.2011 12:35 C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 287334 02.12.2011 12:32 C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf --------- 30284 02.12.2011 09:37 C:\Windows\Prefetch\CCC.EXE-000FEDE2.pf --------- 328992 01.12.2011 16:30 C:\Windows\Prefetch\RAREXTLOADER.EXE-4B76CB3C.pf --------- 16018 01.12.2011 16:20 C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 67392 01.12.2011 14:32 C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 10550 01.12.2011 14:20 C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf --------- 2194 01.12.2011 13:08 C:\Windows\Prefetch\WMPLAYER.EXE-61D40ED1.pf --------- 171574 28.11.2011 10:15 C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2095258 27.11.2011 13:37 C:\Windows\Prefetch\DISTNOTED.EXE-7270553F.pf --------- 22290 26.11.2011 09:21 C:\Windows\Prefetch\AgCx_SC1.db --------- 687623 26.11.2011 09:20 C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 34592 30.06.2011 13:11 C:\Windows\Prefetch\AgCx_SC4.db --------- 336184 19.11.2010 11:06 C:\Windows\Prefetch\AgAppLaunch.db --------- 334168 ---------------------------------------- C:\Windows\Tasks 03.12.2011 00:54 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1104 03.12.2011 00:54 C:\Windows\Tasks\SA.DAT --------- 6 01.12.2011 16:20 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1108 21.11.2011 09:04 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32640 ---------------------------------------- C:\Windows\Temp 03.12.2011 01:09 C:\Windows\Temp\AVSETUP_4ed96891 --------- 0 21.11.2011 16:48 C:\Windows\Temp\._msige61 --------- 24576 ---------------------------------------- C:\Users\Peter\AppData\Local\Temp 03.12.2011 14:27 C:\Users\Peter\AppData\Local\Temp\Rar$DI67.842 --------- 0 03.12.2011 14:21 C:\Users\Peter\AppData\Local\Temp\samples.sar --------- 8 03.12.2011 14:21 C:\Users\Peter\AppData\Local\Temp\sarscan.log --------- 286 03.12.2011 14:16 C:\Users\Peter\AppData\Local\Temp\hjtscanlist.zip --------- 2097 03.12.2011 14:10 C:\Users\Peter\AppData\Local\Temp\_iu14D2N.tmp --------- 697876 03.12.2011 13:00 C:\Users\Peter\AppData\Local\Temp\decleaner --------- 4096 03.12.2011 13:00 C:\Users\Peter\AppData\Local\Temp\aqnwnWxd.exe.part --------- 883840 03.12.2011 01:16 C:\Users\Peter\AppData\Local\Temp\~DF152686F7B647A29A.TMP --------- 16384 03.12.2011 01:09 C:\Users\Peter\AppData\Local\Temp\APNLogs --------- 0 03.12.2011 01:08 C:\Users\Peter\AppData\Local\Temp\APN-Stub --------- 0 03.12.2011 01:08 C:\Users\Peter\AppData\Local\Temp\AppRemover_Log.txt --------- 4330 03.12.2011 01:08 C:\Users\Peter\AppData\Local\Temp\WPDNSE --------- 0 03.12.2011 00:58 C:\Users\Peter\AppData\Local\Temp\~DFD50D2666978B3A64.TMP --------- 147456 03.12.2011 00:58 C:\Users\Peter\AppData\Local\Temp\~DFBC9183A46A750433.TMP --------- 147456 03.12.2011 00:56 C:\Users\Peter\AppData\Local\Temp\~DF75FE2A452BADE98C.TMP --------- 147456 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.out --------- 499 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.err --------- 0 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.dll --------- 0 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.tmp --------- 0 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.cmdline --------- 416 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\e0964twi.0.cs --------- 11186 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\tmp286.tmp2 --------- 0 03.12.2011 00:55 C:\Users\Peter\AppData\Local\Temp\tmp286.tmp1 --------- 0 03.12.2011 00:54 C:\Users\Peter\AppData\Local\Temp\AdobeARM.log --------- 127645 03.12.2011 00:54 C:\Users\Peter\AppData\Local\Temp\{AF82B87C9F73BFD328A8} --------- 1190 03.12.2011 00:26 C:\Users\Peter\AppData\Local\Temp\~DF4F8C8221EDFA967D.TMP --------- 147456 02.12.2011 19:58 C:\Users\Peter\AppData\Local\Temp\hsperfdata_Peter --------- 0 02.12.2011 19:56 C:\Users\Peter\AppData\Local\Temp\AF82B87C9F73BFD328A8.exe --------- 52224 01.12.2011 13:08 C:\Users\Peter\AppData\Local\Temp\wmplog01.sqm --------- 1416 30.11.2011 20:53 C:\Users\Peter\AppData\Local\Temp\Excel8.0 --------- 0 29.11.2011 21:14 C:\Users\Peter\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 807 29.11.2011 18:03 C:\Users\Peter\AppData\Local\Temp\RapidSolution --------- 4096 29.11.2011 18:03 C:\Users\Peter\AppData\Local\Temp\trk6C59.tmp --------- 0 29.11.2011 17:47 C:\Users\Peter\AppData\Local\Temp\StarMoney 8.0 --------- 0 28.11.2011 21:05 C:\Users\Peter\AppData\Local\Temp\wmplog00.sqm --------- 1544 28.11.2011 21:00 C:\Users\Peter\AppData\Local\Temp\plugtmp --------- 0 28.11.2011 20:57 C:\Users\Peter\AppData\Local\Temp\Adobe --------- 0 27.11.2011 20:37 C:\Users\Peter\AppData\Local\Temp\Easy Photo Print2EPQuicker.log --------- 320 27.11.2011 18:05 C:\Users\Peter\AppData\Local\Temp\VBE --------- 0 27.11.2011 16:45 C:\Users\Peter\AppData\Local\Temp\comtypes_cache --------- 0 27.11.2011 11:59 C:\Users\Peter\AppData\Local\Temp\E060.dir --------- 0 27.11.2011 11:59 C:\Users\Peter\AppData\Local\Temp\PDFCreator --------- 0 27.11.2011 11:59 C:\Users\Peter\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb} --------- 0 24.11.2011 15:40 C:\Users\Peter\AppData\Local\Temp\winsh324 --------- 481078 24.11.2011 01:08 C:\Users\Peter\AppData\Local\Temp\winsh320 --------- 481078 24.11.2011 01:08 C:\Users\Peter\AppData\Local\Temp\winsh321 --------- 481078 24.11.2011 01:08 C:\Users\Peter\AppData\Local\Temp\winsh323 --------- 481078 24.11.2011 01:08 C:\Users\Peter\AppData\Local\Temp\winsh322 --------- 481078 23.11.2011 14:52 C:\Users\Peter\AppData\Local\Temp\SetupAdminC74.log --------- 86 21.11.2011 16:18 C:\Users\Peter\AppData\Local\Temp\hr_temp --------- 0 18.11.2011 17:04 C:\Users\Peter\AppData\Local\Temp\msohtmlclip1 --------- 0 C:\Users\Peter\AppData\Local\Temp\2011-11-07-1200337309_04-RG.PDF --------- C:\Users\Peter\AppData\Local\Temp\2011-10-07-1189921280_04-RG.PDF --------- 12.05.2011 14:05 C:\Users\Peter\AppData\Local\Temp\bblvtg.exe --------- 61440 31.10.2010 20:26 C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 ---------------------------------------- C:\Program Files (x86) 23.11.2011 14:54 C:\Program Files (x86)\iTunes --------- 4096 C:\Program Files (x86)\iPod --------- 28.10.2011 22:18 C:\Program Files (x86)\Bonjour --------- 4096 13.10.2011 11:21 C:\Program Files (x86)\Internet Explorer --------- 4096 21.11.2011 15:35 C:\Program Files (x86)\Common Files --------- 8192 30.03.2011 19:50 C:\Program Files (x86)\NVIDIA Corporation --------- 0 30.06.2011 13:05 C:\Program Files (x86)\Windows Mail --------- 4096 30.06.2011 13:05 C:\Program Files (x86)\Windows Sidebar --------- 4096 C:\Program Files (x86)\DVD Maker --------- 30.06.2011 13:05 C:\Program Files (x86)\Windows Portable Devices --------- 0 30.06.2011 13:05 C:\Program Files (x86)\Windows Media Player --------- 4096 30.06.2011 13:05 C:\Program Files (x86)\Windows Photo Viewer --------- 4096 C:\Program Files (x86)\Windows Journal --------- 14.07.2009 18:58 C:\Program Files (x86)\Windows Defender --------- 4096 04.09.2010 14:03 C:\Program Files (x86)\DivX --------- 4096 C:\Program Files (x86)\FRITZDSL --------- C:\Program Files (x86)\DIFX --------- 15.10.2010 16:23 C:\Program Files (x86)\Java --------- 0 30.06.2011 12:51 C:\Program Files (x86)\Microsoft Office --------- 4096 24.07.2010 19:51 C:\Program Files (x86)\Epson Software --------- 0 21.06.2010 12:05 C:\Program Files (x86)\ATI Technologies --------- 0 21.06.2010 12:05 C:\Program Files (x86)\ATI --------- 0 14.07.2009 06:32 C:\Program Files (x86)\Windows NT --------- 4096 C:\Program Files (x86)\Gemeinsame Dateien --------- C:\Program Files (x86)\Realtek --------- 31.10.2010 20:30 C:\Program Files (x86)\Microsoft Games --------- 0 14.07.2009 06:32 C:\Program Files (x86)\Reference Assemblies --------- 0 14.07.2009 06:32 C:\Program Files (x86)\MSBuild --------- 0 14.07.2009 05:57 C:\Program Files (x86)\Uninstall Information --------- 0 14.07.2009 05:54 C:\Program Files (x86)\desktop.ini --------- 174 ---------------------------------------- C:\ProgramData\.. Peter DefaultAppPool Peter.V2 AppData Default Public All Users Default User desktop.ini ---------------------------------------- C:\Windows\system32\drivers\etc\hosts ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 6.952 K smss.exe 372 Services 0 1.296 K csrss.exe 456 Services 0 4.100 K wininit.exe 484 Services 0 4.852 K csrss.exe 508 Console 1 13.308 K services.exe 544 Services 0 7.784 K lsass.exe 560 Services 0 11.792 K lsm.exe 568 Services 0 4.560 K winlogon.exe 628 Console 1 6.208 K svchost.exe 716 Services 0 9.608 K svchost.exe 792 Services 0 7.240 K svchost.exe 920 Services 0 12.680 K svchost.exe 952 Services 0 16.692 K svchost.exe 1008 Services 0 10.504 K svchost.exe 360 Services 0 7.504 K svchost.exe 432 Services 0 16.096 K svchost.exe 732 Services 0 12.988 K explorer.exe 1344 Console 1 84.240 K ctfmon.exe 1408 Console 1 4.668 K avgnt.exe 1340 Console 1 4.148 K LogonUI.exe 1620 Console 1 18.272 K firefox.exe 1312 Console 1 160.668 K setup_9.0.0.722_27.11.201 1540 Console 1 207.916 K plugin-container.exe 896 Console 1 29.160 K WinRAR.exe 684 Console 1 14.720 K sargui.exe 1236 Console 1 11.200 K bblvtg.exe 660 Console 1 3.632 K cmd.exe 1808 Console 1 4.364 K conhost.exe 1108 Console 1 4.224 K tasklist.exe 1432 Console 1 5.592 K WmiPrvSE.exe 1260 Services 0 6.636 K ***** Ende des Scans 03.12.2011 um 14:28:05,02 ***
.
Zitat von pastix
