Google leitet zu falschen Seiten weiter & Sicherheitscenter defekt!

#0
23.03.2011, 12:16
...neu hier

Beiträge: 1
#1 Hallo,

ich bin neu hier, hoffe jemand kann mir bei der Lösung meines Problems helfen. Hab seit gestern das Problem, dass ich, so vermute ich von einem Trojaner oder irgendwelcher Malware befallen bin. Ich habe folgende Symptome:

- Wenn ich ihn google etwas suche, findet es zwar richtige Ergebnisse, klicke ich auf den Link werder ich aber zu irgendwelchen anderen Seiten weitergeleitet. In der Adresszeile steht immer etwas von "goingonearth.com"
- Gleichzeitig erscheint mir in der Tasktleiste das Problem, dass das Sicherheitscenter von Windows 7 deaktiviert ist. Dieses kann ich - egal was ich probiere nicht wieder aktivieren.
Hab schon im Netz geforscht und auch schon einiges probiert, aber leider bisher noch ohne Erfolg. Ich hoffe, irgendwer von euch kann mir helfen.

Code

 OTL logfile created on: 23.03.2011 12:12:28 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Bendix\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 210,65 Gb Free Space | 86,32% Space Free | Partition Type: NTFS
Drive D: | 221,62 Gb Total Space | 211,24 Gb Free Space | 95,32% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 105,82 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive G: | 982,72 Mb Total Space | 977,67 Mb Free Space | 99,49% Space Free | Partition Type: FAT

Computer Name: BENDIX-PC | User Name: Bendix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Bendix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Bendix\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 EF 14 BE 47 E9 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.21 12:07:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\components [2011.03.22 17:46:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\plugins

[2011.02.19 10:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bendix\AppData\Roaming\mozilla\Extensions
[2011.03.22 19:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bendix\AppData\Roaming\mozilla\Firefox\Profiles\n72n0gp1.default\extensions
[2011.03.22 19:08:13 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Users\Bendix\AppData\Roaming\mozilla\Firefox\Profiles\n72n0gp1.default\extensions\ozymandias@securityheroes.com
[2011.02.19 17:51:44 | 000,001,897 | ---- | M] () -- C:\Users\Bendix\AppData\Roaming\Mozilla\Firefox\Profiles\n72n0gp1.default\searchplugins\wettforuminfo.xml
File not found (No name found) --
[2011.02.25 18:59:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 11\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BENDIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N72N0GP1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENDIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N72N0GP1.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [THGuard] C:\Program Files (x86)\TrojanHunter 5.3\THGuard.exe (Mischel Internet Security)
O4 - HKCU..\Run: [Google] C:\Users\Bendix\AppData\Roaming\GD1.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.03.23 12:12:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.03.23 11:54:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Bendix\Desktop\OTL.exe
[2011.03.23 11:32:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.03.23 10:02:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.03.23 10:02:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.03.23 10:01:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.23 10:00:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.03.23 08:24:11 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.03.23 08:24:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.03.23 08:24:08 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.03.23 08:22:23 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\Sunbelt Software
[2011.03.23 08:16:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011.03.23 08:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.03.23 08:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.03.23 08:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.03.23 08:07:37 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\ElevatedDiagnostics
[2011.03.23 08:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011.03.23 08:05:02 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\PackageAware
[2011.03.22 19:08:14 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\SecurityHeroes
[2011.03.22 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Avira
[2011.03.22 17:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.22 17:56:07 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.22 17:56:07 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.22 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.22 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.22 17:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.03.22 17:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.03.22 17:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.03.22 17:22:07 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\TrojanHunter
[2011.03.22 17:02:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.03.22 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Malwarebytes
[2011.03.22 16:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.22 16:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.22 16:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.22 16:19:47 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.22 16:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.22 16:16:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.22 16:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter
[2011.03.22 16:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
[2011.03.22 16:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3
[2011.03.22 15:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moleskinsoft Clone Remover 3.8
[2011.03.22 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moleskinsoft Clone Remover 3.8
[2011.03.22 15:27:19 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\Babylon
[2011.03.22 15:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.03.22 15:27:18 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Babylon
[2011.03.22 15:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2011.03.20 03:50:40 | 000,065,536 | ---- | C] (Google Inc.) -- C:\Users\Bendix\AppData\Roaming\GD1.exe
[2011.03.11 10:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.03.11 10:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.03.11 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\Google
[2011.03.10 10:33:02 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Desktop\Neuer Ordner (2)
[2011.03.09 22:47:29 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\HP
[2011.03.09 16:35:57 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Desktop\schandtaten
[2011.03.09 12:19:16 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 12:19:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 12:19:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 12:19:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 12:18:42 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 12:18:41 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 12:18:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 12:18:41 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 12:18:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 12:18:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 12:18:41 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 12:18:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 12:17:57 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 12:17:57 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 12:17:56 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 12:17:56 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.09 11:39:39 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Desktop\Neuer Ordner
[2011.03.03 14:52:14 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Canneverbe Limited
[2011.03.03 14:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.03.03 14:52:03 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2011.03.03 12:13:28 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\WinRAR
[2011.03.03 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.03 12:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.03 12:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011.03.03 11:19:47 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\Electronic Arts
[2011.03.03 11:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011.03.03 10:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.03.03 10:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.03.03 10:47:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011.03.03 10:47:34 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011.03.03 10:46:53 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\FUSSBALL MANAGER 11
[2011.03.03 10:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2011.02.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.02.28 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011.02.26 09:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur
[2011.02.26 09:16:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro
[2011.02.25 18:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.02.25 18:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.02.25 18:59:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.02.25 18:59:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.25 18:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.25 18:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.25 18:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.02.23 11:12:35 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Nachhilfe
[2011.02.23 11:01:06 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Haus in Spanien
[2011.02.23 11:00:31 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\wichtig
[2011.02.23 10:58:38 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Studium
[2011.02.23 08:59:06 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 08:59:06 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 08:59:05 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 08:59:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.23 08:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.02.23 08:58:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliPoint
[2011.02.22 21:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2011.02.22 21:57:35 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\MediaMonkey
[2011.02.22 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2011.02.22 21:00:18 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011.02.22 14:19:18 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Wireshark
[2011.02.22 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\gtk-2.0
[2011.02.22 13:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2011.02.22 12:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.02.22 11:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011.02.22 11:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011.02.21 16:15:16 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2011.02.21 16:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RTL Playtainment
[2011.02.21 14:26:37 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Schiri
[2011.02.21 14:26:03 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Ahnenforschung
[2011.02.21 13:52:53 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Miete
[2011.02.21 13:47:51 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Unsinn
[2011.02.21 13:47:34 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Briefe
[2011.02.21 13:33:27 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\Jugendarbeit
[2011.02.21 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Bendix\Documents\TVL
[2011.02.21 13:29:35 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Local\Adobe
[2011.02.21 13:25:19 | 000,000,000 | ---D | C] -- C:\Users\Bendix\AppData\Roaming\vlc
[2011.02.21 13:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.02.21 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.02.21 12:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.02.21 12:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.02.21 12:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.02.21 12:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.02.21 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft AutoRoute

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.03.23 12:06:19 | 000,000,000 | ---- | M] () -- C:\Users\Bendix\Documents\.1
[2011.03.23 11:54:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Bendix\Desktop\OTL.exe
[2011.03.23 11:19:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.23 10:50:19 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.23 10:50:19 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.23 10:50:19 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.23 10:50:19 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.23 10:50:19 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.23 10:19:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.23 09:42:18 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.03.23 09:17:51 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.23 09:17:51 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.23 09:12:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.23 09:12:38 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.23 09:03:40 | 000,625,664 | ---- | M] () -- C:\Users\Bendix\Desktop\dds.scr
[2011.03.23 08:43:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\.1
[2011.03.23 08:24:12 | 001,205,530 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.03.23 08:24:07 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.03.23 08:24:05 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011.03.23 08:23:56 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.03.23 08:16:33 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.03.22 17:56:15 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.22 17:46:02 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.22 17:43:51 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.22 17:24:32 | 000,012,414 | ---- | M] () -- C:\Users\Bendix\Documents\cc_20110322_172429.reg
[2011.03.22 16:19:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 16:16:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.22 16:16:05 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.03.22 16:16:05 | 000,001,009 | ---- | M] () -- C:\Users\Bendix\Desktop\TrojanHunter.lnk
[2011.03.22 15:36:58 | 000,108,544 | RHS- | M] () -- C:\Windows\SysWow64\cliconfgo.dll
[2011.03.22 15:34:39 | 000,001,079 | ---- | M] () -- C:\Users\Bendix\Desktop\Clone Remover 3.8.lnk
[2011.03.22 15:16:51 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2011.03.21 09:29:33 | 000,197,112 | ---- | M] () -- C:\Users\Bendix\Desktop\Tipico.jpg
[2011.03.20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Users\Bendix\Desktop\gmer.exe
[2011.03.20 03:50:40 | 000,065,536 | ---- | M] (Google Inc.) -- C:\Users\Bendix\AppData\Roaming\GD1.exe
[2011.03.11 10:15:12 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.03.11 09:24:59 | 000,605,046 | ---- | M] () -- C:\Users\Bendix\Documents\Aistes.jpg
[2011.03.06 11:03:08 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.03.04 19:38:31 | 000,003,008 | ---- | M] () -- C:\Users\Bendix\Documents\Oase CD.axp
[2011.03.03 12:22:58 | 031,931,275 | ---- | M] () -- C:\Users\Bendix\Documents\FM-Dataorg.dbs
[2011.02.28 21:10:51 | 002,277,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.28 13:53:27 | 000,171,425 | ---- | M] () -- C:\Users\Bendix\Desktop\tabellenrechner.jpg
[2011.02.28 11:33:22 | 000,264,287 | ---- | M] () -- C:\Users\Bendix\Desktop\GUA-TOOL.pdf
[2011.02.25 18:59:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.02.25 18:59:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.25 18:59:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.25 18:59:04 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.23 08:58:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011.02.23 08:58:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011.02.23 08:56:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.02.22 21:01:07 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.22 16:57:08 | 000,000,218 | ---- | M] () -- C:\Users\Bendix\.recently-used.xbel
[2011.02.22 13:41:51 | 000,001,776 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011.02.22 08:42:24 | 000,675,423 | ---- | M] () -- C:\Users\Bendix\Desktop\bookmarks.html
[2011.02.21 13:03:37 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.21 12:30:59 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.03.23 12:06:19 | 000,000,000 | ---- | C] () -- C:\Users\Bendix\Documents\.1
[2011.03.23 10:02:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.03.23 10:02:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.03.23 10:02:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.03.23 10:02:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.03.23 10:02:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.23 09:48:32 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011.03.23 09:17:50 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.03.23 09:14:55 | 000,625,664 | ---- | C] () -- C:\Users\Bendix\Desktop\dds.scr
[2011.03.23 08:43:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\.1
[2011.03.23 08:16:33 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.03.22 17:56:15 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.22 17:46:02 | 000,001,238 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.22 17:46:02 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.22 17:44:46 | 001,205,530 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.03.22 17:24:31 | 000,012,414 | ---- | C] () -- C:\Users\Bendix\Documents\cc_20110322_172429.reg
[2011.03.22 16:19:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 16:16:54 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.22 16:16:05 | 000,001,009 | ---- | C] () -- C:\Users\Bendix\Desktop\TrojanHunter.lnk
[2011.03.22 16:16:00 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.03.22 15:36:58 | 000,108,544 | RHS- | C] () -- C:\Windows\SysWow64\cliconfgo.dll
[2011.03.22 15:34:39 | 000,001,079 | ---- | C] () -- C:\Users\Bendix\Desktop\Clone Remover 3.8.lnk
[2011.03.21 09:29:32 | 000,197,112 | ---- | C] () -- C:\Users\Bendix\Desktop\Tipico.jpg
[2011.03.20 17:07:56 | 000,301,568 | ---- | C] () -- C:\Users\Bendix\Desktop\gmer.exe
[2011.03.13 21:40:04 | 008,179,716 | ---- | C] () -- C:\Users\Bendix\Desktop\abgberlin.mpg
[2011.03.11 10:15:12 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.03.11 10:14:32 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.11 10:14:31 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.11 09:24:44 | 000,605,046 | ---- | C] () -- C:\Users\Bendix\Documents\Aistes.jpg
[2011.03.04 19:38:31 | 000,003,008 | ---- | C] () -- C:\Users\Bendix\Documents\Oase CD.axp
[2011.03.03 14:52:05 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.03.03 14:52:05 | 000,001,692 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.03.03 12:22:50 | 031,931,275 | ---- | C] () -- C:\Users\Bendix\Documents\FM-Dataorg.dbs
[2011.02.28 17:02:01 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011.02.28 16:59:02 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011.02.28 16:57:12 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011.02.28 16:56:50 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011.02.28 16:53:25 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011.02.28 13:53:27 | 000,171,425 | ---- | C] () -- C:\Users\Bendix\Desktop\tabellenrechner.jpg
[2011.02.28 11:32:35 | 000,264,287 | ---- | C] () -- C:\Users\Bendix\Desktop\GUA-TOOL.pdf
[2011.02.23 11:33:23 | 000,980,794 | ---- | C] () -- C:\Users\Bendix\Documents\Facharbeit Michi K..odt
[2011.02.23 11:33:23 | 000,337,565 | ---- | C] () -- C:\Users\Bendix\Documents\Facharbeit Matze K..odt
[2011.02.23 08:58:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2011.02.23 08:58:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2011.02.23 08:56:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.02.22 21:57:40 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2011.02.22 21:01:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.02.22 21:01:07 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.22 16:57:08 | 000,000,218 | ---- | C] () -- C:\Users\Bendix\.recently-used.xbel
[2011.02.22 13:41:51 | 000,001,776 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011.02.22 08:44:15 | 000,675,423 | ---- | C] () -- C:\Users\Bendix\Desktop\bookmarks.html
[2011.02.21 14:17:40 | 000,077,112 | ---- | C] () -- C:\Users\Bendix\Documents\Facharbeit Harald.odt
[2011.02.21 14:10:26 | 000,736,025 | ---- | C] () -- C:\Users\Bendix\Documents\Facharbeit Roman.odt
[2011.02.21 13:03:37 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.02.21 12:30:59 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.02.21 12:30:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.02.21 12:15:35 | 000,002,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft AutoRoute 2007.lnk
[2011.02.21 12:04:32 | 000,226,450 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.02.21 12:04:32 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011.03.23 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\.purple
[2011.03.22 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\Babylon
[2011.03.03 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\Canneverbe Limited
[2011.03.11 09:24:43 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\gtk-2.0
[2011.03.22 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\SecurityHeroes
[2011.03.22 17:22:07 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\TrojanHunter
[2011.02.22 14:19:18 | 000,000,000 | ---D | M] -- C:\Users\Bendix\AppData\Roaming\Wireshark
[2011.03.23 09:42:18 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 06:08:49 | 000,016,002 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Code

 OTL Extras logfile created on: 23.03.2011 12:12:28 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Bendix\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 210,65 Gb Free Space | 86,32% Space Free | Partition Type: NTFS
Drive D: | 221,62 Gb Total Space | 211,24 Gb Free Space | 95,32% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 105,82 Gb Free Space | 22,72% Space Free | Partition Type: NTFS
Drive G: | 982,72 Mb Total Space | 977,67 Mb Free Space | 99,49% Space Free | Partition Type: FAT

Computer Name: BENDIX-PC | User Name: Bendix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{39C0C939-75C5-416B-9E73-24B5BFDEADBD}" = Microsoft IntelliType Pro 8.0
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EA Installer.1334073302" = EA Installer
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"Moleskinsoft Clone Remover 3.8_is1" = Moleskinsoft Clone Remover 3.8
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Pidgin" = Pidgin
"Ski Alpin Racing 2007_0001" = Ski Alpin Racing 2007
"TrojanHunter_is1" = TrojanHunter 5.3
"VLC media player" = VLC media player 1.1.7
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.4.3

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 22.03.2011 08:04:47 | Computer Name = Bendix-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 22.03.2011 08:04:47 | Computer Name = Bendix-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 22.03.2011 10:40:12 | Computer Name = Bendix-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: 98c    Startzeit: 01cbe89ef2b24fc0    Endzeit: 11    Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: 3c75b3e1-5492-11e0-88c0-0030678c3443


Error - 22.03.2011 12:06:49 | Computer Name = Bendix-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.0.4094 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 468    Startzeit:
01cbe8aabc5e4490    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox
4.0 Beta 11\firefox.exe    Berichts-ID: 532645d1-549e-11e0-b292-0030678c3443  

Error - 22.03.2011 12:38:14 | Computer Name = Bendix-PC | Source = ESENT | ID = 490
Description = Windows (1496) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 22.03.2011 12:38:14 | Computer Name = Bendix-PC | Source = ESENT | ID = 439
Description = Windows (1496) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.

Error - 22.03.2011 12:38:24 | Computer Name = Bendix-PC | Source = ESENT | ID = 490
Description = Windows (1496) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 22.03.2011 12:38:24 | Computer Name = Bendix-PC | Source = ESENT | ID = 439
Description = Windows (1496) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.

Error - 22.03.2011 12:38:34 | Computer Name = Bendix-PC | Source = ESENT | ID = 490
Description = Windows (1496) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 22.03.2011 12:38:34 | Computer Name = Bendix-PC | Source = ESENT | ID = 439
Description = Windows (1496) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.

[ OSession Events ]
Error - 22.03.2011 14:23:32 | Computer Name = Bendix-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5732
seconds with 60 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 16.03.2011 07:51:56 | Computer Name = Bendix-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.

Error - 16.03.2011 07:53:13 | Computer Name = Bendix-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 16.03.2011 10:06:29 | Computer Name = Bendix-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.

Error - 18.03.2011 07:31:01 | Computer Name = Bendix-PC | Source = DCOM | ID = 10010
Description =

Error - 18.03.2011 07:33:02 | Computer Name = Bendix-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error - 22.03.2011 10:37:34 | Computer Name = Bendix-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error - 22.03.2011 12:02:33 | Computer Name = Bendix-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2011 um 17:00:39 unerwartet heruntergefahren.

Error - 22.03.2011 12:02:37 | Computer Name = Bendix-PC | Source = BugCheck | ID = 1001
Description =

Error - 22.03.2011 12:14:05 | Computer Name = Bendix-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 22.03.2011 12:56:28 | Computer Name = Bendix-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen:   %%5


< End of report >
Seitenanfang Seitenende
25.03.2011, 12:24
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter:

Malwarebytes


* Anwendbar auf Windows 2000, XP, Vista und Windows 7.
* Installiere das Programm in den vorgegebenen Pfad.
* Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
* Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
* Aktiviere "Komplett Scan durchführen" => Scan.
* Wähle alle verfügbaren Laufwerke aus und starte den Scan.
* Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
* Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
* Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
* Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
* Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
* Berichte, wie der Rechner nun läuft.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Seitenanfang Seitenende