Weiterleitung auf falsche Seiten (Suchmaschinen)

Marina_2626 · 29.04.2012, 16:51

Hallo,

ich werde seit einigen Monaten schon, wenn ich bei Google oder anderen Suchmaschinen suche, bei klicken auf die angezeigten Links auf andere Seiten weitergeleitet.

Vielen Dank für Hilfe!

.DDS Logfile
DDS Logfile:
DDS Logfile:
DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_23
Run by *** at 14:00:49 on 2012-04-29
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2009.1089 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\CyberLink\YouCam\YouCamTray.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchospt.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\ICQ7.6\ICQ.exe
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programme\Netzmanager\netzmanager.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Programme\Cyberlink\Shared files\RichVideo.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\WINDOWS\system32\svchosptd.exe
C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.t-online.de
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programme\conduitengine\ConduitEngin0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Toolbar 3.0 der Telekom Browserhilfsobjekt: {c9603180-fa5c-4db0-a013-adc60309af82} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll
BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programme\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ICQ Sparberater: {fe163f11-1919-4257-a280-ff5af8daeecb} - c:\programme\icq\internet explorer\icq.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programme\windows live\toolbar\wltcore.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
TB: Toolbar 3.0 der Telekom: {2015c8d4-8534-48db-b5fb-5c76291f080c} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ICQ] "c:\programme\icq7.6\ICQ.exe" silent loginmode=4
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>] 
mRun: [YouCam Mirror Tray icon] "c:\programme\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [svchospt] c:\windows\system32\svchospt.exe
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "c:\programme\ask.com\updater\Updater.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\marina~1\startm~1\progra~1\autost~1\meined~1.lnk - c:\programme\telekom\meine dienste\StartMeineDienste.exe
StartupFolder: c:\dokume~1\marina~1\startm~1\progra~1\autost~1\netzma~1.lnk - c:\programme\netzmanager\netzmanager.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\mcafee~1.lnk - c:\programme\mcafee security scan\2.0.181\SSScheduler.exe
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\marina welsch\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm
IE: In Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\icq7.6\ICQ.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programme\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi69df~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi69df~1\office12\REFIEBAR.DLL
IE: {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll
LSP: c:\programme\avira\antivir desktop\avsda.dll
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E2C6327C-ACC1-4B9B-80A3-5C0F5B76D61C} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\marina welsch\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www3.k-tv.org/programm
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\dokumente und einstellungen\marina welsch\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko6.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko7.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko8.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko5.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko7.dll
FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko8.dll
FF - component: c:\programme\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\programme\microsoft\office live\npOLW.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\programme\homecinema\playmovie\000.fcl [2010-4-26 41456]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-2-27 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-2-27 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\avira\antivir desktop\avwebgrd.exe [2011-6-28 428200]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-18 54760]
R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2011-10-28 247872]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\netzmanager\nminfrais2\Netzmanager_Service.exe [2011-10-24 2565632]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\homecinema\tv enhance\kernel\tv\TVECapSvc.exe [2010-4-26 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\homecinema\tv enhance\kernel\tv\TVESched.exe [2010-4-26 114779]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 84240]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\programme\netzmanager\nminfrais2\driver\TelekomNM3.sys [2010-9-16 35040]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-4-29 129976]
S3 WisLMSvc;WisLMSvc;c:\programme\launch manager\WisLMSvc.exe [2010-2-27 118784]
.
=============== Created Last 30 ================
.
2012-04-04 05:53:56	182160	----a-w-	c:\programme\mozilla firefox\plugins\nppdf32.dll
2012-04-04 05:53:56	182160	----a-w-	c:\programme\internet explorer\plugins\nppdf32.dll
2012-04-03 11:40:00	--------	d-----w-	c:\windows\system32\Adobe
.
==================== Find3M  ====================
.
2012-03-01 11:51:13	457336	----a-w-	c:\windows\system32\MDS_Uninstall.exe
.
============= FINISH: 14:01:20,31 ===============

--- --- ---

--- --- ---

--- --- ---

--- --- ---

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27.02.2010 12:51:44
System Uptime: 27.04.2012 14:08:19 (48 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D48
Processor: Intel Pentium III Xeon-Prozessor | U2E1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 123,028 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 29.02.2012 05:28:34 - Systemprüfpunkt
RP44: 01.03.2012 08:49:00 - Systemprüfpunkt
RP45: 08.03.2012 10:43:21 - Systemprüfpunkt
RP46: 23.03.2012 13:35:30 - Systemprüfpunkt
RP47: 03.04.2012 19:55:02 - Systemprüfpunkt
RP48: 09.04.2012 21:12:55 - Systemprüfpunkt
RP49: 10.04.2012 21:56:28 - Systemprüfpunkt
RP50: 13.04.2012 09:05:37 - Systemprüfpunkt
RP51: 15.04.2012 11:06:23 - Systemprüfpunkt
RP52: 17.04.2012 06:52:54 - Systemprüfpunkt
RP53: 19.04.2012 15:12:44 - Systemprüfpunkt
RP54: 28.04.2012 13:46:09 - Systemprüfpunkt
.
==== Installed Programs ======================
.
Adobe Acrobat 7.0 Professional - English, Français, Deutsch
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
Alle meine Passworte 3.15
Amazon MP3-Downloader 1.0.9
AnyDVD
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Canon CanoScan Toolbox 4.9
Canon PIXMA iP4000
Canon PIXMA iP4000R
CCleaner
CDBurnerXP
CloneCD
CloneDVD2
CyberLink YouCam
DVDVideoSoftTB Toolbar
EssentialPIM
Free Audio CD Burner version 1.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hardlock Device Driver
High Definition Audio - KB888111
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
IBM ViaVoice Outloud Runtime - Deutsch
IBM ViaVoice Outloud Runtime - US English
ICQ Sparberater
ICQ Toolbar
ICQ7.6
ImagXpress
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
JMicron JMB38X Flash Media Controller
JPGCOMPRESS Version 1.0
Junk Mail filter update
Klebezettel NG (Version 2.9.5)
Launch Manager V1.4.9
MAGIX Slideshow Maker 1.0.1.3 (D)
MakeDisc
Manual CanoScan LiDE 500F
McAfee Security Scan Plus
MCE Software Encoder 1.1
MediaShow
Meine Dienste Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.53
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
neroxml
Netzmanager
OmniPage SE
PhotoNow! 1.0
PL-2303 USB-to-Serial
Play Movie
PowerDirector
PowerDVD
PowerProducer
ProcessStudio
PT-TMX Converter
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Skype Click to Call
Skype™ 5.5
softonic-de3 Toolbar
SQL Server System CLR Types
swMSM
Synaptics Pointing Device Driver
SystemDiagnostics
Toolbar 3.0 der Telekom
TV Enhance
UBitMenuDE
Uniblue RegistryBooster
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB978506)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows XP Service Pack 3
WinFACT 98
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-29 17:33:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC64G
Running: 8ojxje1e.exe; Driver: C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys

---- System - GMER 1.0.15 ----

SSDT BA6C25F6 ZwCreateKey
SSDT BA6C25EC ZwCreateThread
SSDT BA6C25FB ZwDeleteKey
SSDT BA6C2605 ZwDeleteValueKey
SSDT BA6C260A ZwLoadKey
SSDT BA6C25D8 ZwOpenProcess
SSDT BA6C25DD ZwOpenThread
SSDT BA6C2614 ZwReplaceKey
SSDT BA6C260F ZwRestoreKey
SSDT BA6C2600 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA71F8400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7282C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7282C20]
.protectÿÿÿÿhardlockunknown last code section [0xA7282A00, 0x50CA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA7282A00, 0x50CA, 0xE0000020]
C:\Programme\HomeCinema\PlayMovie\000.fcl entry point in "" section [0xA6EA3000]
.clc C:\Programme\HomeCinema\PlayMovie\000.fcl unknown last section [0xA6EA4000, 0x1000, 0x00000000]
C:\Programme\HomeCinema\PowerDVD\000.fcl entry point in "" section [0xA6EA3000]
.clc C:\Programme\HomeCinema\PowerDVD\000.fcl unknown last section [0xA6EA4000, 0x1000, 0x00000000]
? C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

cosinus · 30.04.2012, 18:54

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Marina_2626 · 01.05.2012, 06:04

Ganz herzlichen Dank!
Ich habe mal begonnen mit dem Vollscan mit malewarebytes (Rest folgt später):

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Code:

ATTFilter

Datenbank Version: v2012.04.30.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Marina Welsch :: MARINA_NB [Administrator]

30.04.2012 20:27:08
mbam-log-2012-04-30 (20-27-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 302761
Laufzeit: 2 Stunde(n), 36 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\WINDOWS\system32\svchosptd.exe (Trojan.Agent) -> 2380 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\WINDOWS\system32\svchosptd.exe (Trojan.Agent) -> Löschen bei Neustart.
C:\WINDOWS\system32\FM20ENUD.dll (Trojan.FakeMS.VxGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich führe egrade den ESET-Scan durch, aber möchte schonmal anmerken, dass das Problem bereits behoben scheint. Bei Google werden wieder die richtigen Seiten angezeigt...

Vielen Dank schonmal!!!

Hier das Ergebnis vom ESET-Scan.
Problem ist aber bereits behoben.
Eine Anmerkung noch: Im Ergebnis vom malewarebytes oben wird mein vollständiger Name angezeigt, was ich leider erst zu spät bemerkt habe. Wäre super, wenn Du den Nachnamen vielleicht unkenntlich machen könntest...? Vielen Dank!

Also:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fa8d7f3944651542946c5c5d6e744e4e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 07:47:21
# local_time=2012-05-01 09:47:21 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 94 2709 101333544 56311 0
# compatibility_mode=8192 67108863 100 0 337 337 0 0
# scanned=102389
# found=11
# cleaned=11
# scan_time=6694
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader37850.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader75706.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader84394.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_parents-friend.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_windows-live-movie-maker.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21655.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21698.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21699.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21700.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21701.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21706.exe	Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

cosinus · 01.05.2012, 15:21

Zitat:

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_windows-live-movie-maker.exe a variant of Win32/SoftonicDownloader.A application

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Zitat:

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21655.exe Win32/RegistryBooster application (cleaned by deleting - quarantined)

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Marina_2626 · 03.05.2012, 06:55

Hallo!

Also, nach meinem laienhaften Auge zufolge läuft alles normal.
Jetzt, wo ich schaue: Ja, bei "Alle Programme" sind leere Ordner:

Windows Press
Windows Visual Studio
PL-2303 USB-Serial Driver
Microsoft Web Publishing

Ach ja, seit gestern funktioniert mein W-Lan-Schalter nicht mehr (nachdem mein Notebook abgestürzt ist), irgendwann kam dann eine Meldung "Netzwerkhardware entfernt", aber der Netzwerkadapter wird jetzt wieder als erkannt angezeigt. Es wird aber kein Netzwerk gefunden, obwohl natürlich welche da sind. Und der W-Lan-Schalter leuchtet nicht mehr und geht auch mit der normalen Taste nicht mehr an...
Naja, vielleicht gehört das nicht in dieses Forum... ist zufälligerweise auch erst seit gestern.

Ich bin jetzt vorerst 7-10 Tage nicht da.

Grüße!

P.S. Ich weiß gar nicht, was ein "Registry Cleaner" ist

cosinus · 03.05.2012, 14:55

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Marina_2626 · 30.05.2012, 13:59

Code:

ATTFilter

OTL logfile created on: 30.05.2012 14:45:37 - Run 2
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 55,75% Memory free
3,25 Gb Paging File | 2,52 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 122,33 Gb Free Space | 82,08% Space Free | Partition Type: NTFS
Drive D: | 86,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARINA_NB | User Name: Marina *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.30 14:42:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2011.11.10 17:30:05 | 014,000,128 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2011.10.28 19:16:21 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.6\ICQ.exe
PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2011.06.28 20:11:11 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.06.28 20:11:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.09 14:48:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Programme\Cyberlink\YouCam\YouCamTray.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009.02.01 14:36:46 | 000,954,368 | -H-- | M] (FK2) -- C:\WINDOWS\system32\svchospt.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
MOD - [2010.10.19 09:31:39 | 000,159,744 | ---- | M] () -- C:\Programme\Netzmanager\NMInfraIS2\Driver\SoftPlugLib.dll
MOD - [2010.02.27 19:24:42 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2010.02.27 19:24:34 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
MOD - [2010.02.27 19:24:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2010.02.27 19:24:28 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
MOD - [2010.02.27 19:24:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
MOD - [2010.02.27 19:23:34 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
MOD - [2010.02.27 19:23:31 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2010.02.27 19:23:23 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
MOD - [2010.02.27 19:23:18 | 017,313,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
MOD - [2010.02.27 19:22:57 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
MOD - [2010.02.27 19:22:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
MOD - [2010.02.27 17:27:56 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010.02.27 17:27:47 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2010.02.27 17:27:32 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2010.02.27 17:27:20 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
MOD - [2010.02.27 17:27:15 | 002,294,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
MOD - [2010.02.27 17:27:08 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
MOD - [2010.02.27 17:27:06 | 014,320,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
MOD - [2010.02.27 17:26:50 | 012,213,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
MOD - [2010.02.27 17:26:38 | 003,311,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
MOD - [2010.02.27 17:26:32 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010.02.27 17:26:26 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010.02.27 17:24:54 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.27 17:24:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.02.27 17:24:53 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2010.02.27 17:24:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.02.27 17:21:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.02.27 17:21:54 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2010.02.27 17:21:52 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.01.28 12:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
MOD - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
MOD - [2007.10.15 21:57:56 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll
MOD - [2007.10.15 21:57:56 | 000,094,208 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll
MOD - [2007.10.15 21:57:36 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll
MOD - [2007.10.15 21:57:36 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll
MOD - [2007.10.15 21:57:36 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll
MOD - [2006.01.12 22:20:48 | 001,265,664 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\adistres.DEU
MOD - [2005.11.27 21:07:30 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\CoolXPCombo.ocx
MOD - [2005.11.27 21:07:12 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\CoolXPButton.ocx
MOD - [2005.11.27 21:06:54 | 000,360,448 | ---- | M] () -- C:\WINDOWS\system32\CoolXPLabel.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2011.06.28 20:11:11 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2011.06.28 20:11:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.09 14:48:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.27 18:10:28 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 04:22:32 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.06.28 20:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.04.28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010.04.05 11:25:03 | 000,019,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.12.17 07:10:54 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.12.17 07:10:52 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.27 16:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008.04.11 17:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.26 18:37:26 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.10.11 12:21:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007.10.09 16:14:56 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005.05.03 17:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.09.29 00:40:58 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004.08.04 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www3.k-tv.org/programm"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.9
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.667
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: totbff01@telekom.de:3.0.38
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.29 12:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.29 12:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2012.05.30 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins
 
[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Extensions
[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions
[2012.04.29 18:04:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.02 21:33:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 09:21:57 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.01.12 10:49:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com
[2012.03.21 09:42:34 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de
[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions
[2012.03.21 10:07:31 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml
[2011.02.11 20:11:22 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml
[2010.10.03 07:25:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml
[2012.03.21 10:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml
[2012.05.26 15:44:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml
[2011.11.24 08:46:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml
[2012.01.12 10:50:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml
[2012.03.21 10:54:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml
[2012.04.29 12:08:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml
[2011.11.15 02:26:15 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml
[2012.03.21 10:07:31 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\leo-franzsisch.xml
[2012.03.21 10:07:31 | 000,002,099 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\leo-spanisch.xml
[2012.03.21 10:07:38 | 000,001,207 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\t-onlinede-portalsuche.xml
[2012.03.21 10:07:38 | 000,001,810 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\t-onlinede-websuche.xml
[2012.04.29 12:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.02 14:32:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: ICQ Sparberater = C:\Dokumente und Einstellungen\Marina Welsch\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.667_0\
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svchospt] C:\WINDOWS\system32\svchospt.exe (FK2)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Programme\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-861567501-1757981266-839522115-1004..\Run: [ICQ] C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CFDFD7-37D7-4892-94D2-FEF25CB31700}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010.02.27 13:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell - "" = AutoRun
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "NMSAccessU"
MsConfig - Services: "Nero BackItUp Scheduler 4.0"
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\eigene Programme\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {76073383-6B8B-2C8F-D8EF-0D796F78F2A4} - Vektorgrafik-Rendering (VML)
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.30 13:33:12 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Sunbird
[2012.05.26 08:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Armut im Geiste
[2012.05.20 06:06:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.12 08:30:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Faustinum
[2012.05.01 07:50:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.30 20:23:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Malwarebytes
[2012.04.30 20:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.04.30 20:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.30 20:22:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.04.30 20:22:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.04.30 20:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software
[2012.04.30 20:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.04.30 20:03:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.04.30 20:03:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.30 13:37:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.05.30 13:33:19 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Sunbird.lnk
[2012.05.30 12:59:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.29 13:59:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.29 08:53:11 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\ammet.job
[2012.05.29 08:53:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.29 08:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.29 08:53:05 | 2106,466,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.26 13:04:06 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.05.20 11:11:52 | 000,001,739 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2012.05.16 14:30:34 | 000,063,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Infos_Klausurenk_2Ex.pdf
[2012.05.16 14:22:25 | 000,116,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\S+UAusschnitt_1112_2011.pdf
[2012.05.02 13:57:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.04.30 20:22:57 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.30 13:33:19 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Sunbird.lnk
[2012.05.16 14:30:34 | 000,063,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Infos_Klausurenk_2Ex.pdf
[2012.05.16 14:22:25 | 000,116,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\S+UAusschnitt_1112_2011.pdf
[2012.04.30 20:22:57 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.21 19:55:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.02.12 22:05:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PTSPEECH.INI
[2010.11.18 15:09:36 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.11.18 14:29:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010.08.14 16:19:34 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.12 21:44:30 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll
[2010.08.12 21:44:30 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll
[2010.07.04 07:08:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.06.30 20:04:09 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
 
========== LOP Check ==========
 
[2010.02.27 17:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.04.30 20:03:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.10.28 19:17:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.11.18 15:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2012.03.21 10:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2010.10.30 18:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.06.30 20:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2010.06.30 20:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard
[2010.02.28 06:13:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012.04.30 20:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.05.02 20:45:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
[2012.04.30 20:03:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.11.18 15:05:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}
[2012.03.21 09:40:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2010.08.01 16:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Amazon
[2011.11.17 09:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar
[2010.02.27 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canneverbe Limited
[2010.06.30 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canon
[2010.07.01 16:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.08.26 07:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\EssentialPIM
[2010.11.18 15:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\GetRightToGo
[2011.12.01 08:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ICQ
[2010.08.01 22:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\IrfanView
[2010.11.18 15:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\MAGIX
[2010.11.12 08:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong
[2010.06.30 20:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ScanSoft
[2012.04.30 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software
[2011.03.25 20:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu
[2010.11.18 15:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Uniblue
[2010.11.18 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Windows Live Writer
[2012.05.29 08:53:11 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\ammet.job
[2012.05.30 13:37:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.22 06:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Adobe
[2010.02.27 18:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AdobeUM
[2010.08.01 16:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Amazon
[2010.08.14 16:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Apple Computer
[2010.08.08 13:28:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ArcSoft
[2011.11.17 09:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar
[2011.02.11 19:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Avira
[2010.02.27 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canneverbe Limited
[2010.06.30 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canon
[2010.04.26 16:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\CyberLink
[2010.07.01 16:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.08.26 07:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\EssentialPIM
[2010.11.18 15:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\GetRightToGo
[2010.02.27 17:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Google
[2010.05.01 11:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Help
[2011.12.01 08:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ICQ
[2012.03.22 12:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Identities
[2010.02.27 14:06:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\InstallShield
[2010.08.01 22:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\IrfanView
[2010.02.27 17:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Macromedia
[2010.11.18 15:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\MAGIX
[2012.04.30 20:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Malwarebytes
[2011.10.06 05:06:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft
[2012.05.30 13:33:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla
[2010.02.27 16:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Nero
[2010.11.12 08:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong
[2010.06.30 20:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ScanSoft
[2012.04.28 09:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Skype
[2010.07.04 07:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Sun
[2012.04.30 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software
[2010.05.15 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3
[2011.03.25 20:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu
[2010.11.18 15:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Uniblue
[2010.11.18 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012.03.21 09:41:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.04.05 11:47:06 | 000,007,168 | R--- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft\Installer\{F53BC604-907D-11D4-8247-00C04F26F310}\IconF53BC604.exe
[2012.01.12 07:22:13 | 003,904,680 | ---- | M] (Ask) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2008.08.26 18:49:54 | 000,110,592 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\cleanup.exe
[2008.08.26 18:37:56 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\Launchpad Removal.exe
[2009.01.14 12:13:30 | 004,636,672 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\Launchpad.exe
[2008.08.26 19:10:04 | 000,054,584 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\U3AccessGrant.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\temp\cleanup.exe
[2008.08.26 18:37:56 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\temp\Launchpad Removal.exe
[2011.03.25 20:40:38 | 000,696,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu\unins000.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.02.27 15:40:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.02.27 15:40:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.02.27 15:40:59 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
 
<  >
 
<     Schliesse bitte nun alle Programme. (Wicht >

< End of report >

--- --- ---

cosinus · 30.05.2012, 14:30

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
MOD - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}: "URL" = http://dict.leo.org/frde?lp=frde&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}: "URL" = http://dict.leo.org/esde?lp=esde&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}: "URL" = http://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}: "URL" = http://dict.leo.org/ende?lp=ende&search={searchTerms}
IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}: "URL" = http://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q="
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.667
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
[2012.04.29 18:04:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.02 21:33:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.21 09:21:57 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012.01.12 10:49:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com
[2012.03.21 09:42:34 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de
[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions
[2012.03.21 10:07:31 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml
[2011.02.11 20:11:22 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml
[2010.10.03 07:25:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml
[2012.03.21 10:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml
[2012.05.26 15:44:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml
[2011.11.24 08:46:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml
[2012.01.12 10:50:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml
[2012.03.21 10:54:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml
[2012.04.29 12:08:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml
[2011.11.15 02:26:15 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [svchospt] C:\WINDOWS\system32\svchospt.exe (FK2)
O32 - AutoRun File - [2010.02.27 13:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell - "" = AutoRun
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe
:Files
C:\WINDOWS\tasks\ammet.job
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong
C:\WINDOWS\system32\svchospt.exe
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\Softonic*.*
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004
C:\Programme\Ask.com
C:\Programme\ICQ6Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Marina_2626 · 30.05.2012, 15:55

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\tbDVD2.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsof2.dll moved successfully.
HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06F97638-1C31-4EEA-9892-73E17BA30056}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51516FF5-06A7-4D28-B82F-57803649C00E}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598E4024-5543-461D-BC59-0C3808C792F8}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA694659-F67F-4581-929D-D7DD791673FE}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q=" removed from browser.search.defaulturl
Prefs.js: ciuvo-extension@icq.de:1.3.667 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.14.1.100010 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\Plugins folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Nov-2011-19-42-45-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-28-Feb-2012-18-51-17-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-17-Nov-2011-06-42-19-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-12-Jan-2012-08-49-08-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-08-Jan-2012-10-18-31-GMT folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\res folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\modules folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngin0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9603180-FA5C-4DB0-A013-ADC60309AF82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9603180-FA5C-4DB0-A013-ADC60309AF82}\ deleted successfully.
C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsof2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.
C:\Programme\icq\Internet Explorer\icq.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2015C8D4-8534-48DB-B5FB-5C76291F080C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2015C8D4-8534-48DB-B5FB-5C76291F080C}\ deleted successfully.
File C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsof2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2015C8D4-8534-48DB-B5FB-5C76291F080C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2015C8D4-8534-48DB-B5FB-5C76291F080C}\ not found.
File C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.
C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsof2.dll not found.
Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchospt deleted successfully.
C:\WINDOWS\system32\svchospt.exe moved successfully.
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e35dc53f-241f-11df-bc43-701a049e000a}\ not found.
File Programs\nu2menu\nu2menu.exe not found.
========== FILES ==========
C:\WINDOWS\tasks\ammet.job moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong folder moved successfully.
File\Folder C:\WINDOWS\system32\svchospt.exe not found.
C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\softonic-Deutsch.exe moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22714 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22691\Chris de Burgh folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22691 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22613 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22609 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22402 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22292 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22290 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22289 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22278 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22277 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22276 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22218 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22059 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21712 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21649 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21638 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21609 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21565 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21560 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21559 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21551 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21514 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480\Zitate folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480\Kapitel folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21442 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21414 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21353 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21351 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21346 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21338 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21326 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21325 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21322 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21287\German folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21287 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21282 folder moved successfully.
C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004 folder moved successfully.
C:\Programme\Ask.com\Updater folder moved successfully.
C:\Programme\Ask.com\assets\oobe folder moved successfully.
C:\Programme\Ask.com\assets folder moved successfully.
C:\Programme\Ask.com folder moved successfully.
C:\Programme\ICQ6Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2574933 bytes
 
User: Marina ***
->Temp folder emptied: 14871586 bytes
->Temporary Internet Files folder emptied: 630677049 bytes
->Java cache emptied: 6778399 bytes
->FireFox cache emptied: 118055032 bytes
->Google Chrome cache emptied: 102986479 bytes
->Flash cache emptied: 74392 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Wolfgang
 
%systemdrive% .tmp files removed: 280119882 bytes
%systemroot% .tmp files removed: 2134333 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16864 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.105,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: Marina ***
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: Wolfgang
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.1 log created on 05302012_164216

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 30.05.2012, 15:56

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Marina_2626 · 30.05.2012, 17:04

Code:

ATTFilter

17:52:41.0968 1692	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
17:52:42.0078 1692	============================================================
17:52:42.0078 1692	Current date / time: 2012/05/30 17:52:42.0078
17:52:42.0078 1692	SystemInfo:
17:52:42.0078 1692	
17:52:42.0078 1692	OS Version: 5.1.2600 ServicePack: 3.0
17:52:42.0078 1692	Product type: Workstation
17:52:42.0078 1692	ComputerName: MARINA_NB
17:52:42.0078 1692	UserName: Marina ***
17:52:42.0078 1692	Windows directory: C:\WINDOWS
17:52:42.0078 1692	System windows directory: C:\WINDOWS
17:52:42.0078 1692	Processor architecture: Intel x86
17:52:42.0078 1692	Number of processors: 1
17:52:42.0078 1692	Page size: 0x1000
17:52:42.0078 1692	Boot type: Normal boot
17:52:42.0078 1692	============================================================
17:52:44.0234 1692	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:52:44.0234 1692	============================================================
17:52:44.0234 1692	\Device\Harddisk0\DR0:
17:52:44.0234 1692	MBR partitions:
17:52:44.0234 1692	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:52:44.0234 1692	============================================================
17:52:44.0265 1692	C: <-> \Device\Harddisk0\DR0\Partition0
17:52:44.0265 1692	============================================================
17:52:44.0265 1692	Initialize success
17:52:44.0265 1692	============================================================
17:55:23.0093 0264	============================================================
17:55:23.0093 0264	Scan started
17:55:23.0093 0264	Mode: Manual; SigCheck; TDLFS; 
17:55:23.0093 0264	============================================================
17:55:23.0640 0264	Abiosdsk - ok
17:55:23.0640 0264	abp480n5 - ok
17:55:23.0765 0264	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:55:27.0531 0264	ACPI - ok
17:55:27.0578 0264	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:55:27.0671 0264	ACPIEC - ok
17:55:28.0015 0264	Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:55:28.0078 0264	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:55:28.0078 0264	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:55:28.0078 0264	adpu160m - ok
17:55:28.0156 0264	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:55:28.0296 0264	aec - ok
17:55:28.0390 0264	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:55:28.0484 0264	AFD - ok
17:55:28.0484 0264	Aha154x - ok
17:55:28.0484 0264	aic78u2 - ok
17:55:28.0500 0264	aic78xx - ok
17:55:28.0625 0264	akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
17:55:28.0750 0264	akshasp - ok
17:55:28.0796 0264	aksusb          (b06b591532bd85b1ba68f40e2f1af8ab) C:\WINDOWS\system32\DRIVERS\aksusb.sys
17:55:28.0843 0264	aksusb - ok
17:55:28.0890 0264	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:55:29.0000 0264	Alerter - ok
17:55:29.0046 0264	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:55:29.0140 0264	ALG - ok
17:55:29.0140 0264	AliIde - ok
17:55:29.0140 0264	amsint - ok
17:55:29.0265 0264	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:55:29.0265 0264	AntiVirSchedulerService - ok
17:55:29.0390 0264	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:55:29.0390 0264	AntiVirService - ok
17:55:29.0562 0264	AntiVirWebService (3f5f6d24836e9fc4f0bf2d72d2b9c036) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:55:29.0671 0264	AntiVirWebService - ok
17:55:29.0718 0264	AnyDVD          (4d8f9534183b823d1d84a22fb18f3473) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:55:29.0734 0264	AnyDVD ( UnsignedFile.Multi.Generic ) - warning
17:55:29.0734 0264	AnyDVD - detected UnsignedFile.Multi.Generic (1)
17:55:29.0750 0264	AppMgmt - ok
17:55:30.0343 0264	AR5416          (1ba565f1e58e271c6ad6b21a4f181ca4) C:\WINDOWS\system32\DRIVERS\athw.sys
17:55:31.0328 0264	AR5416 - ok
17:55:31.0390 0264	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:55:31.0500 0264	Arp1394 - ok
17:55:31.0500 0264	asc - ok
17:55:31.0515 0264	asc3350p - ok
17:55:31.0515 0264	asc3550 - ok
17:55:31.0640 0264	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:55:31.0687 0264	aspnet_state - ok
17:55:31.0703 0264	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:55:31.0781 0264	AsyncMac - ok
17:55:31.0843 0264	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:55:31.0968 0264	atapi - ok
17:55:31.0968 0264	Atdisk - ok
17:55:32.0031 0264	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:55:32.0140 0264	Atmarpc - ok
17:55:32.0203 0264	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:55:32.0296 0264	AudioSrv - ok
17:55:32.0343 0264	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:55:32.0437 0264	audstub - ok
17:55:32.0515 0264	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:55:32.0546 0264	avipbb - ok
17:55:32.0578 0264	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:55:32.0687 0264	Beep - ok
17:55:32.0953 0264	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
17:55:33.0296 0264	BITS - ok
17:55:33.0359 0264	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:55:33.0468 0264	Browser - ok
17:55:33.0500 0264	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:55:33.0593 0264	cbidf2k - ok
17:55:33.0640 0264	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:55:33.0734 0264	CCDECODE - ok
17:55:33.0734 0264	cd20xrnt - ok
17:55:33.0781 0264	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:55:33.0875 0264	Cdaudio - ok
17:55:33.0921 0264	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:55:34.0031 0264	Cdfs - ok
17:55:34.0078 0264	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:55:34.0218 0264	Cdrom - ok
17:55:34.0218 0264	Changer - ok
17:55:34.0250 0264	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:55:34.0328 0264	CiSvc - ok
17:55:34.0375 0264	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:55:34.0484 0264	ClipSrv - ok
17:55:34.0546 0264	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:34.0609 0264	clr_optimization_v2.0.50727_32 - ok
17:55:34.0640 0264	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:55:34.0734 0264	CmBatt - ok
17:55:34.0734 0264	CmdIde - ok
17:55:34.0765 0264	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:55:34.0859 0264	Compbatt - ok
17:55:34.0875 0264	COMSysApp - ok
17:55:34.0875 0264	Cpqarray - ok
17:55:34.0937 0264	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:55:35.0031 0264	CryptSvc - ok
17:55:35.0046 0264	dac2w2k - ok
17:55:35.0046 0264	dac960nt - ok
17:55:35.0281 0264	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:55:35.0578 0264	DcomLaunch - ok
17:55:35.0656 0264	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:55:35.0796 0264	Dhcp - ok
17:55:35.0843 0264	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:55:35.0953 0264	Disk - ok
17:55:35.0953 0264	dmadmin - ok
17:55:36.0296 0264	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:55:36.0937 0264	dmboot - ok
17:55:37.0015 0264	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:55:37.0156 0264	dmio - ok
17:55:37.0187 0264	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:55:37.0265 0264	dmload - ok
17:55:37.0312 0264	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:55:37.0406 0264	dmserver - ok
17:55:37.0437 0264	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:55:37.0562 0264	DMusic - ok
17:55:37.0609 0264	Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
17:55:37.0937 0264	Dnscache - ok
17:55:38.0015 0264	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:55:38.0156 0264	Dot3svc - ok
17:55:38.0156 0264	dpti2o - ok
17:55:38.0171 0264	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:55:38.0265 0264	drmkaud - ok
17:55:38.0312 0264	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:55:38.0406 0264	EapHost - ok
17:55:38.0453 0264	ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
17:55:38.0468 0264	ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
17:55:38.0468 0264	ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
17:55:38.0484 0264	ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:55:38.0484 0264	ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
17:55:38.0484 0264	ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
17:55:38.0500 0264	ElbyDelay       (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
17:55:38.0500 0264	ElbyDelay ( UnsignedFile.Multi.Generic ) - warning
17:55:38.0500 0264	ElbyDelay - detected UnsignedFile.Multi.Generic (1)
17:55:38.0546 0264	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:55:38.0640 0264	ERSvc - ok
17:55:38.0734 0264	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:55:38.0750 0264	Eventlog - ok
17:55:38.0859 0264	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
17:55:38.0984 0264	EventSystem - ok
17:55:39.0046 0264	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:55:39.0187 0264	Fastfat - ok
17:55:39.0281 0264	FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:55:39.0437 0264	FastUserSwitchingCompatibility - ok
17:55:39.0484 0264	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:55:39.0562 0264	Fdc - ok
17:55:39.0593 0264	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:55:39.0671 0264	Fips - ok
17:55:39.0687 0264	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:55:39.0781 0264	Flpydisk - ok
17:55:39.0859 0264	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:55:39.0984 0264	FltMgr - ok
17:55:40.0078 0264	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:55:40.0093 0264	FontCache3.0.0.0 - ok
17:55:40.0140 0264	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:55:40.0156 0264	fssfltr - ok
17:55:40.0640 0264	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
17:55:41.0140 0264	fsssvc - ok
17:55:41.0171 0264	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:55:41.0265 0264	Fs_Rec - ok
17:55:41.0343 0264	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:55:41.0468 0264	Ftdisk - ok
17:55:41.0531 0264	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:55:41.0625 0264	Gpc - ok
17:55:41.0734 0264	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
17:55:41.0734 0264	gupdate - ok
17:55:41.0734 0264	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
17:55:41.0750 0264	gupdatem - ok
17:55:41.0828 0264	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:55:41.0906 0264	gusvc - ok
17:55:42.0171 0264	hardlock        (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
17:55:42.0531 0264	hardlock - ok
17:55:42.0609 0264	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:55:42.0703 0264	HDAudBus - ok
17:55:42.0796 0264	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:55:42.0921 0264	helpsvc - ok
17:55:42.0921 0264	HidServ - ok
17:55:42.0968 0264	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:55:43.0062 0264	hidusb - ok
17:55:43.0109 0264	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:55:43.0203 0264	hkmsvc - ok
17:55:43.0250 0264	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
17:55:43.0281 0264	Hotkey ( UnsignedFile.Multi.Generic ) - warning
17:55:43.0281 0264	Hotkey - detected UnsignedFile.Multi.Generic (1)
17:55:43.0281 0264	hpn - ok
17:55:43.0390 0264	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:55:43.0578 0264	HTTP - ok
17:55:43.0609 0264	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:55:43.0687 0264	HTTPFilter - ok
17:55:43.0687 0264	i2omgmt - ok
17:55:43.0703 0264	i2omp - ok
17:55:43.0750 0264	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:55:43.0875 0264	i8042prt - ok
17:55:46.0421 0264	ialm            (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:55:51.0390 0264	ialm - ok
17:55:51.0437 0264	ICQ Service - ok
17:55:51.0906 0264	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:55:52.0578 0264	idsvc - ok
17:55:52.0843 0264	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:55:52.0953 0264	Imapi - ok
17:55:53.0046 0264	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
17:55:53.0140 0264	ImapiService - ok
17:55:53.0156 0264	ini910u - ok
17:55:55.0234 0264	IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:55:57.0218 0264	IntcAzAudAddService - ok
17:55:57.0500 0264	IntelIde - ok
17:55:57.0531 0264	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:55:57.0625 0264	intelppm - ok
17:55:57.0671 0264	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:55:57.0765 0264	Ip6Fw - ok
17:55:57.0812 0264	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:55:57.0953 0264	IpFilterDriver - ok
17:55:57.0984 0264	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:55:58.0078 0264	IpInIp - ok
17:55:58.0156 0264	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:55:58.0296 0264	IpNat - ok
17:55:58.0343 0264	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:55:58.0468 0264	IPSec - ok
17:55:58.0484 0264	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:55:58.0578 0264	IRENUM - ok
17:55:58.0609 0264	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:55:58.0687 0264	isapnp - ok
17:55:58.0890 0264	JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Programme\Java\jre6\bin\jqs.exe
17:55:58.0890 0264	JavaQuickStarterService - ok
17:55:58.0984 0264	JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys
17:55:59.0078 0264	JMCR - ok
17:55:59.0093 0264	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:55:59.0187 0264	Kbdclass - ok
17:55:59.0281 0264	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:55:59.0437 0264	kmixer - ok
17:55:59.0500 0264	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:55:59.0593 0264	KSecDD - ok
17:55:59.0671 0264	lanmanserver    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
17:55:59.0796 0264	lanmanserver - ok
17:55:59.0906 0264	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:56:00.0000 0264	lanmanworkstation - ok
17:56:00.0000 0264	lbrtfdc - ok
17:56:00.0031 0264	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:56:00.0093 0264	LmHosts - ok
17:56:00.0109 0264	MBAMSwissArmy - ok
17:56:00.0265 0264	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
17:56:00.0390 0264	McComponentHostService - ok
17:56:00.0578 0264	MDM             (81eb1700d75f1ce13d4dba0133222072) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
17:56:00.0609 0264	MDM ( UnsignedFile.Multi.Generic ) - warning
17:56:00.0609 0264	MDM - detected UnsignedFile.Multi.Generic (1)
17:56:00.0656 0264	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:56:00.0750 0264	Messenger - ok
17:56:00.0796 0264	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:56:00.0906 0264	mnmdd - ok
17:56:00.0953 0264	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:56:01.0046 0264	mnmsrvc - ok
17:56:01.0093 0264	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:56:01.0187 0264	Modem - ok
17:56:01.0218 0264	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:56:01.0312 0264	Mouclass - ok
17:56:01.0359 0264	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:56:01.0468 0264	mouhid - ok
17:56:01.0500 0264	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:56:01.0593 0264	MountMgr - ok
17:56:01.0671 0264	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:56:01.0734 0264	MozillaMaintenance - ok
17:56:01.0734 0264	mraid35x - ok
17:56:01.0828 0264	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:56:01.0984 0264	MRxDAV - ok
17:56:02.0171 0264	MRxSmb          (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:56:02.0484 0264	MRxSmb - ok
17:56:02.0515 0264	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:56:02.0593 0264	MSDTC - ok
17:56:02.0625 0264	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:56:02.0718 0264	Msfs - ok
17:56:02.0734 0264	MSIServer - ok
17:56:02.0781 0264	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:56:02.0843 0264	MSKSSRV - ok
17:56:02.0875 0264	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:56:02.0968 0264	MSPCLOCK - ok
17:56:03.0000 0264	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:56:03.0093 0264	MSPQM - ok
17:56:03.0109 0264	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:56:03.0187 0264	mssmbios - ok
17:56:03.0218 0264	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:56:03.0312 0264	MSTEE - ok
17:56:03.0375 0264	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:56:03.0484 0264	Mup - ok
17:56:03.0531 0264	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:56:03.0656 0264	NABTSFEC - ok
17:56:03.0781 0264	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:56:04.0000 0264	napagent - ok
17:56:04.0078 0264	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:56:04.0234 0264	NDIS - ok
17:56:04.0265 0264	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:56:04.0359 0264	NdisIP - ok
17:56:04.0375 0264	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:56:04.0468 0264	NdisTapi - ok
17:56:04.0500 0264	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:56:04.0578 0264	Ndisuio - ok
17:56:04.0625 0264	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:56:04.0734 0264	NdisWan - ok
17:56:04.0765 0264	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:56:04.0890 0264	NDProxy - ok
17:56:04.0984 0264	Nero BackItUp Scheduler 4.0 - ok
17:56:05.0015 0264	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:56:05.0109 0264	NetBIOS - ok
17:56:05.0203 0264	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:56:05.0406 0264	NetBT - ok
17:56:05.0468 0264	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:56:05.0593 0264	NetDDE - ok
17:56:05.0593 0264	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:56:05.0671 0264	NetDDEdsdm - ok
17:56:05.0703 0264	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:56:05.0781 0264	Netlogon - ok
17:56:05.0953 0264	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:56:06.0125 0264	Netman - ok
17:56:06.0265 0264	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:56:06.0312 0264	NetTcpPortSharing - ok
17:56:07.0406 0264	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
17:56:09.0421 0264	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
17:56:09.0421 0264	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
17:56:09.0765 0264	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:56:09.0906 0264	NIC1394 - ok
17:56:10.0046 0264	Nla             (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll
17:56:10.0171 0264	Nla - ok
17:56:10.0312 0264	NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe
17:56:10.0343 0264	NMSAccessU - ok
17:56:10.0390 0264	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:56:10.0515 0264	Npfs - ok
17:56:10.0750 0264	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:56:11.0171 0264	Ntfs - ok
17:56:11.0218 0264	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:56:11.0296 0264	NtLmSsp - ok
17:56:11.0484 0264	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:56:11.0843 0264	NtmsSvc - ok
17:56:11.0968 0264	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:56:12.0062 0264	Null - ok
17:56:12.0109 0264	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:56:12.0218 0264	NwlnkFlt - ok
17:56:12.0234 0264	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:56:12.0312 0264	NwlnkFwd - ok
17:56:12.0609 0264	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:56:12.0890 0264	odserv - ok
17:56:12.0953 0264	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:56:13.0062 0264	ohci1394 - ok
17:56:13.0156 0264	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:56:13.0218 0264	ose - ok
17:56:13.0265 0264	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:56:13.0375 0264	Parport - ok
17:56:13.0390 0264	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:56:13.0468 0264	PartMgr - ok
17:56:13.0500 0264	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:56:13.0593 0264	ParVdm - ok
17:56:13.0671 0264	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:56:13.0781 0264	PCI - ok
17:56:13.0781 0264	PCIDump - ok
17:56:13.0812 0264	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:56:13.0906 0264	PCIIde - ok
17:56:13.0968 0264	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:56:14.0078 0264	Pcmcia - ok
17:56:14.0093 0264	PDCOMP - ok
17:56:14.0093 0264	PDFRAME - ok
17:56:14.0093 0264	PDRELI - ok
17:56:14.0109 0264	PDRFRAME - ok
17:56:14.0109 0264	perc2 - ok
17:56:14.0109 0264	perc2hib - ok
17:56:14.0203 0264	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:56:14.0218 0264	PlugPlay - ok
17:56:14.0234 0264	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:56:14.0312 0264	PolicyAgent - ok
17:56:14.0359 0264	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:56:14.0468 0264	PptpMiniport - ok
17:56:14.0468 0264	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:56:14.0531 0264	ProtectedStorage - ok
17:56:14.0562 0264	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:56:14.0671 0264	PSched - ok
17:56:14.0703 0264	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:56:14.0796 0264	Ptilink - ok
17:56:14.0796 0264	ql1080 - ok
17:56:14.0812 0264	Ql10wnt - ok
17:56:14.0812 0264	ql12160 - ok
17:56:14.0812 0264	ql1240 - ok
17:56:14.0828 0264	ql1280 - ok
17:56:14.0859 0264	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:56:14.0937 0264	RasAcd - ok
17:56:15.0000 0264	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:56:15.0125 0264	RasAuto - ok
17:56:15.0156 0264	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:56:15.0250 0264	Rasl2tp - ok
17:56:15.0359 0264	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:56:15.0562 0264	RasMan - ok
17:56:15.0578 0264	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:56:15.0687 0264	RasPppoe - ok
17:56:15.0703 0264	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:56:15.0781 0264	Raspti - ok
17:56:15.0875 0264	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:56:16.0031 0264	Rdbss - ok
17:56:16.0062 0264	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:56:16.0171 0264	RDPCDD - ok
17:56:16.0250 0264	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:56:16.0375 0264	RDPWD - ok
17:56:16.0453 0264	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:56:16.0593 0264	RDSessMgr - ok
17:56:16.0640 0264	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:56:16.0750 0264	redbook - ok
17:56:16.0812 0264	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:56:16.0953 0264	RemoteAccess - ok
17:56:17.0140 0264	RichVideo       (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Programme\Cyberlink\Shared files\RichVideo.exe
17:56:17.0156 0264	RichVideo - ok
17:56:17.0218 0264	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
17:56:17.0328 0264	RpcLocator - ok
17:56:17.0515 0264	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:56:17.0656 0264	RpcSs - ok
17:56:17.0734 0264	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
17:56:18.0078 0264	RSVP - ok
17:56:18.0156 0264	RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:56:18.0265 0264	RTLE8023xp - ok
17:56:18.0296 0264	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:56:18.0359 0264	SamSs - ok
17:56:18.0453 0264	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:56:18.0578 0264	SCardSvr - ok
17:56:18.0671 0264	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:56:18.0828 0264	Schedule - ok
17:56:18.0890 0264	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:56:19.0000 0264	sdbus - ok
17:56:19.0187 0264	SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:56:19.0203 0264	SeaPort - ok
17:56:19.0234 0264	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:56:19.0312 0264	Secdrv - ok
17:56:19.0343 0264	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:56:19.0421 0264	seclogon - ok
17:56:19.0437 0264	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:56:19.0531 0264	SENS - ok
17:56:19.0578 0264	Ser2pl          (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
17:56:19.0640 0264	Ser2pl - ok
17:56:19.0671 0264	Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:56:19.0750 0264	Serenum - ok
17:56:19.0796 0264	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:56:19.0937 0264	Serial - ok
17:56:19.0968 0264	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:56:20.0062 0264	Sfloppy - ok
17:56:20.0234 0264	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:56:20.0562 0264	SharedAccess - ok
17:56:20.0640 0264	ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:56:20.0718 0264	ShellHWDetection - ok
17:56:20.0734 0264	Simbad - ok
17:56:20.0765 0264	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:56:20.0843 0264	SLIP - ok
17:56:20.0859 0264	Sparrow - ok
17:56:20.0890 0264	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:56:21.0000 0264	splitter - ok
17:56:21.0031 0264	Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
17:56:21.0109 0264	Spooler - ok
17:56:21.0156 0264	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:56:21.0250 0264	sr - ok
17:56:21.0343 0264	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
17:56:21.0500 0264	srservice - ok
17:56:21.0656 0264	Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:56:21.0953 0264	Srv - ok
17:56:22.0015 0264	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:56:22.0109 0264	SSDPSRV - ok
17:56:22.0156 0264	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:56:22.0171 0264	ssmdrv - ok
17:56:22.0203 0264	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
17:56:22.0218 0264	StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:56:22.0218 0264	StarOpen - detected UnsignedFile.Multi.Generic (1)
17:56:22.0390 0264	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:56:22.0703 0264	stisvc - ok
17:56:22.0750 0264	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:56:22.0843 0264	streamip - ok
17:56:22.0875 0264	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:56:22.0968 0264	swenum - ok
17:56:23.0015 0264	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:56:23.0125 0264	swmidi - ok
17:56:23.0125 0264	SwPrv - ok
17:56:23.0140 0264	symc810 - ok
17:56:23.0140 0264	symc8xx - ok
17:56:23.0140 0264	sym_hi - ok
17:56:23.0156 0264	sym_u3 - ok
17:56:23.0281 0264	SynTP           (86692a9116559222bd2d62633ddc352d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:56:23.0406 0264	SynTP - ok
17:56:23.0453 0264	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:56:23.0546 0264	sysaudio - ok
17:56:23.0625 0264	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:56:23.0734 0264	SysmonLog - ok
17:56:23.0859 0264	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:56:24.0031 0264	TapiSrv - ok
17:56:24.0218 0264	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:56:24.0468 0264	Tcpip - ok
17:56:24.0500 0264	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:56:24.0593 0264	TDPIPE - ok
17:56:24.0625 0264	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:56:24.0718 0264	TDTCP - ok
17:56:24.0859 0264	TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
17:56:24.0859 0264	TelekomNM3 - ok
17:56:24.0906 0264	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:56:25.0000 0264	TermDD - ok
17:56:25.0156 0264	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:56:25.0359 0264	TermService - ok
17:56:25.0593 0264	TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
17:56:25.0703 0264	TestHandler - ok
17:56:25.0781 0264	Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:56:25.0859 0264	Themes - ok
17:56:25.0937 0264	TosIde - ok
17:56:26.0031 0264	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:56:26.0171 0264	TrkWks - ok
17:56:26.0421 0264	TVECapSvc       (dec8acebd9cd1f3dd6f4f3a6308d8b94) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
17:56:26.0453 0264	TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
17:56:26.0453 0264	TVECapSvc - detected UnsignedFile.Multi.Generic (1)
17:56:26.0500 0264	TVESched        (7a5a6987397f78b1606bdb5c407d3574) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
17:56:26.0515 0264	TVESched ( UnsignedFile.Multi.Generic ) - warning
17:56:26.0515 0264	TVESched - detected UnsignedFile.Multi.Generic (1)
17:56:26.0562 0264	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:56:26.0640 0264	Udfs - ok
17:56:26.0656 0264	ultra - ok
17:56:26.0828 0264	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:56:27.0187 0264	Update - ok
17:56:27.0281 0264	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:56:27.0421 0264	upnphost - ok
17:56:27.0437 0264	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:56:27.0515 0264	UPS - ok
17:56:27.0578 0264	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:56:27.0671 0264	usbccgp - ok
17:56:27.0703 0264	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:56:27.0796 0264	usbehci - ok
17:56:27.0828 0264	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:56:28.0187 0264	usbhub - ok
17:56:28.0218 0264	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:56:28.0312 0264	usbprint - ok
17:56:28.0343 0264	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:56:28.0437 0264	usbscan - ok
17:56:28.0468 0264	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:56:28.0546 0264	USBSTOR - ok
17:56:28.0578 0264	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:56:28.0687 0264	usbuhci - ok
17:56:28.0765 0264	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:56:28.0937 0264	usbvideo - ok
17:56:28.0984 0264	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:56:29.0062 0264	VgaSave - ok
17:56:29.0062 0264	ViaIde - ok
17:56:29.0109 0264	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:56:29.0203 0264	VolSnap - ok
17:56:29.0328 0264	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:56:29.0515 0264	VSS - ok
17:56:29.0625 0264	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:56:29.0781 0264	W32Time - ok
17:56:29.0812 0264	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:56:29.0953 0264	Wanarp - ok
17:56:29.0953 0264	WDICA - ok
17:56:30.0015 0264	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:56:30.0125 0264	wdmaud - ok
17:56:30.0187 0264	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:56:30.0312 0264	WebClient - ok
17:56:30.0453 0264	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:56:30.0609 0264	winmgmt - ok
17:56:30.0750 0264	WisLMSvc        (b0e6faa0f0ead4772c545a3737efb47f) C:\Programme\Launch Manager\WisLMSvc.exe
17:56:30.0796 0264	WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
17:56:30.0796 0264	WisLMSvc - detected UnsignedFile.Multi.Generic (1)
17:56:30.0859 0264	WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
17:56:30.0984 0264	WmdmPmSN - ok
17:56:31.0031 0264	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:56:31.0109 0264	WmiAcpi - ok
17:56:31.0187 0264	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:56:31.0265 0264	WmiApSrv - ok
17:56:31.0296 0264	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:56:31.0390 0264	WS2IFSL - ok
17:56:31.0453 0264	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:56:31.0562 0264	wscsvc - ok
17:56:31.0593 0264	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:56:31.0671 0264	WSTCODEC - ok
17:56:31.0703 0264	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:56:31.0796 0264	wuauserv - ok
17:56:32.0062 0264	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:56:32.0437 0264	WZCSVC - ok
17:56:32.0546 0264	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:56:32.0671 0264	xmlprov - ok
17:56:32.0812 0264	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PlayMovie\000.fcl
17:56:32.0828 0264	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:56:32.0921 0264	{95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PowerDVD\000.fcl
17:56:32.0921 0264	{95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
17:56:32.0968 0264	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:56:33.0500 0264	\Device\Harddisk0\DR0 - ok
17:56:33.0500 0264	Boot (0x1200)   (1ffc0a734d9502c406ab4afba1c2a60e) \Device\Harddisk0\DR0\Partition0
17:56:33.0500 0264	\Device\Harddisk0\DR0\Partition0 - ok
17:56:33.0500 0264	============================================================
17:56:33.0500 0264	Scan finished
17:56:33.0500 0264	============================================================
17:56:33.0609 3120	Detected object count: 12
17:56:33.0609 3120	Actual detected object count: 12
17:58:01.0718 3120	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	ElbyDelay ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0718 3120	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0718 3120	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0734 3120	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0734 3120	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0734 3120	TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0734 3120	TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0734 3120	TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0734 3120	TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:01.0734 3120	WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:58:01.0734 3120	WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:58:14.0078 3528	============================================================
17:58:14.0078 3528	Scan started
17:58:14.0078 3528	Mode: Manual; SigCheck; TDLFS; 
17:58:14.0078 3528	============================================================
17:58:14.0312 3528	Abiosdsk - ok
17:58:14.0312 3528	abp480n5 - ok
17:58:14.0421 3528	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:58:14.0531 3528	ACPI - ok
17:58:14.0562 3528	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:58:14.0640 3528	ACPIEC - ok
17:58:14.0734 3528	Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
17:58:14.0765 3528	Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
17:58:14.0765 3528	Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
17:58:14.0765 3528	adpu160m - ok
17:58:14.0843 3528	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:58:14.0921 3528	aec - ok
17:58:15.0015 3528	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:58:15.0046 3528	AFD - ok
17:58:15.0046 3528	Aha154x - ok
17:58:15.0062 3528	aic78u2 - ok
17:58:15.0062 3528	aic78xx - ok
17:58:15.0203 3528	akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
17:58:15.0218 3528	akshasp - ok
17:58:15.0250 3528	aksusb          (b06b591532bd85b1ba68f40e2f1af8ab) C:\WINDOWS\system32\DRIVERS\aksusb.sys
17:58:15.0265 3528	aksusb - ok
17:58:15.0296 3528	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:58:15.0375 3528	Alerter - ok
17:58:15.0406 3528	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:58:15.0500 3528	ALG - ok
17:58:15.0500 3528	AliIde - ok
17:58:15.0500 3528	amsint - ok
17:58:15.0625 3528	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:58:15.0640 3528	AntiVirSchedulerService - ok
17:58:15.0765 3528	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:58:15.0765 3528	AntiVirService - ok
17:58:16.0015 3528	AntiVirWebService (3f5f6d24836e9fc4f0bf2d72d2b9c036) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:58:16.0125 3528	AntiVirWebService - ok
17:58:16.0187 3528	AnyDVD          (4d8f9534183b823d1d84a22fb18f3473) C:\WINDOWS\system32\Drivers\AnyDVD.sys
17:58:16.0218 3528	AnyDVD ( UnsignedFile.Multi.Generic ) - warning
17:58:16.0218 3528	AnyDVD - detected UnsignedFile.Multi.Generic (1)
17:58:16.0218 3528	AppMgmt - ok
17:58:16.0781 3528	AR5416          (1ba565f1e58e271c6ad6b21a4f181ca4) C:\WINDOWS\system32\DRIVERS\athw.sys
17:58:17.0250 3528	AR5416 - ok
17:58:17.0296 3528	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:58:17.0390 3528	Arp1394 - ok
17:58:17.0390 3528	asc - ok
17:58:17.0390 3528	asc3350p - ok
17:58:17.0406 3528	asc3550 - ok
17:58:17.0515 3528	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:58:17.0531 3528	aspnet_state - ok
17:58:17.0562 3528	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:58:17.0625 3528	AsyncMac - ok
17:58:17.0687 3528	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:58:17.0765 3528	atapi - ok
17:58:17.0765 3528	Atdisk - ok
17:58:17.0828 3528	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:58:17.0921 3528	Atmarpc - ok
17:58:18.0218 3528	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:58:18.0312 3528	AudioSrv - ok
17:58:18.0343 3528	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:58:18.0437 3528	audstub - ok
17:58:18.0531 3528	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:58:18.0546 3528	avipbb - ok
17:58:18.0578 3528	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:58:18.0671 3528	Beep - ok
17:58:18.0875 3528	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
17:58:19.0062 3528	BITS - ok
17:58:19.0140 3528	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:58:19.0234 3528	Browser - ok
17:58:19.0265 3528	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:58:19.0359 3528	cbidf2k - ok
17:58:19.0390 3528	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:58:19.0484 3528	CCDECODE - ok
17:58:19.0484 3528	cd20xrnt - ok
17:58:19.0515 3528	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:58:19.0593 3528	Cdaudio - ok
17:58:19.0640 3528	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:58:19.0718 3528	Cdfs - ok
17:58:19.0765 3528	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:58:19.0859 3528	Cdrom - ok
17:58:19.0875 3528	Changer - ok
17:58:19.0906 3528	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:58:19.0984 3528	CiSvc - ok
17:58:20.0015 3528	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:58:20.0078 3528	ClipSrv - ok
17:58:20.0187 3528	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:58:20.0187 3528	clr_optimization_v2.0.50727_32 - ok
17:58:20.0234 3528	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:58:20.0312 3528	CmBatt - ok
17:58:20.0312 3528	CmdIde - ok
17:58:20.0343 3528	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:58:20.0406 3528	Compbatt - ok
17:58:20.0421 3528	COMSysApp - ok
17:58:20.0421 3528	Cpqarray - ok
17:58:20.0468 3528	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:58:20.0546 3528	CryptSvc - ok
17:58:20.0562 3528	dac2w2k - ok
17:58:20.0562 3528	dac960nt - ok
17:58:20.0765 3528	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:58:20.0890 3528	DcomLaunch - ok
17:58:20.0984 3528	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:58:21.0078 3528	Dhcp - ok
17:58:21.0093 3528	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:58:21.0187 3528	Disk - ok
17:58:21.0187 3528	dmadmin - ok
17:58:21.0531 3528	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:58:21.0843 3528	dmboot - ok
17:58:21.0921 3528	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:58:22.0000 3528	dmio - ok
17:58:22.0031 3528	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:58:22.0109 3528	dmload - ok
17:58:22.0171 3528	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:58:22.0265 3528	dmserver - ok
17:58:22.0296 3528	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:58:22.0390 3528	DMusic - ok
17:58:22.0437 3528	Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
17:58:22.0500 3528	Dnscache - ok
17:58:22.0593 3528	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:58:22.0656 3528	Dot3svc - ok
17:58:22.0656 3528	dpti2o - ok
17:58:22.0687 3528	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:58:22.0750 3528	drmkaud - ok
17:58:22.0796 3528	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:58:22.0875 3528	EapHost - ok
17:58:22.0937 3528	ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
17:58:22.0953 3528	ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
17:58:22.0953 3528	ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
17:58:22.0984 3528	ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:58:22.0984 3528	ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning
17:58:22.0984 3528	ElbyCDIO - detected UnsignedFile.Multi.Generic (1)
17:58:22.0984 3528	ElbyDelay       (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
17:58:23.0015 3528	ElbyDelay ( UnsignedFile.Multi.Generic ) - warning
17:58:23.0015 3528	ElbyDelay - detected UnsignedFile.Multi.Generic (1)
17:58:23.0062 3528	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:58:23.0156 3528	ERSvc - ok
17:58:23.0234 3528	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:58:23.0234 3528	Eventlog - ok
17:58:23.0343 3528	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
17:58:23.0359 3528	EventSystem - ok
17:58:23.0437 3528	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:58:23.0500 3528	Fastfat - ok
17:58:23.0593 3528	FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:58:23.0671 3528	FastUserSwitchingCompatibility - ok
17:58:23.0718 3528	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:58:23.0781 3528	Fdc - ok
17:58:23.0812 3528	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:58:23.0906 3528	Fips - ok
17:58:23.0921 3528	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:58:24.0000 3528	Flpydisk - ok
17:58:24.0062 3528	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:58:24.0156 3528	FltMgr - ok
17:58:24.0265 3528	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:58:24.0281 3528	FontCache3.0.0.0 - ok
17:58:24.0359 3528	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:58:24.0359 3528	fssfltr - ok
17:58:24.0796 3528	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
17:58:25.0031 3528	fsssvc - ok
17:58:25.0062 3528	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:58:25.0156 3528	Fs_Rec - ok
17:58:25.0234 3528	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:58:25.0312 3528	Ftdisk - ok
17:58:25.0359 3528	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:58:25.0421 3528	Gpc - ok
17:58:25.0531 3528	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
17:58:25.0531 3528	gupdate - ok
17:58:25.0531 3528	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
17:58:25.0546 3528	gupdatem - ok
17:58:25.0625 3528	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:58:25.0640 3528	gusvc - ok
17:58:25.0921 3528	hardlock        (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
17:58:26.0109 3528	hardlock - ok
17:58:26.0218 3528	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:58:26.0296 3528	HDAudBus - ok
17:58:26.0390 3528	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:58:26.0468 3528	helpsvc - ok
17:58:26.0468 3528	HidServ - ok
17:58:26.0515 3528	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:58:26.0625 3528	hidusb - ok
17:58:26.0687 3528	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:58:26.0750 3528	hkmsvc - ok
17:58:26.0796 3528	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
17:58:26.0812 3528	Hotkey ( UnsignedFile.Multi.Generic ) - warning
17:58:26.0812 3528	Hotkey - detected UnsignedFile.Multi.Generic (1)
17:58:26.0828 3528	hpn - ok
17:58:26.0953 3528	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:58:27.0046 3528	HTTP - ok
17:58:27.0062 3528	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:58:27.0156 3528	HTTPFilter - ok
17:58:27.0156 3528	i2omgmt - ok
17:58:27.0156 3528	i2omp - ok
17:58:27.0203 3528	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:58:27.0312 3528	i8042prt - ok
17:58:30.0093 3528	ialm            (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:58:32.0515 3528	ialm - ok
17:58:32.0578 3528	ICQ Service - ok
17:58:33.0046 3528	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:58:33.0375 3528	idsvc - ok
17:58:33.0656 3528	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:58:33.0750 3528	Imapi - ok
17:58:33.0843 3528	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
17:58:33.0921 3528	ImapiService - ok
17:58:33.0921 3528	ini910u - ok
17:58:35.0937 3528	IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:58:37.0843 3528	IntcAzAudAddService - ok
17:58:38.0343 3528	IntelIde - ok
17:58:38.0375 3528	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:58:38.0468 3528	intelppm - ok
17:58:38.0500 3528	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:58:38.0578 3528	Ip6Fw - ok
17:58:38.0625 3528	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:58:38.0718 3528	IpFilterDriver - ok
17:58:38.0765 3528	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:58:38.0859 3528	IpInIp - ok
17:58:38.0937 3528	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:58:39.0031 3528	IpNat - ok
17:58:39.0078 3528	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:58:39.0187 3528	IPSec - ok
17:58:39.0203 3528	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:58:39.0296 3528	IRENUM - ok
17:58:39.0343 3528	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:58:39.0406 3528	isapnp - ok
17:58:39.0593 3528	JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Programme\Java\jre6\bin\jqs.exe
17:58:39.0593 3528	JavaQuickStarterService - ok
17:58:39.0671 3528	JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys
17:58:39.0703 3528	JMCR - ok
17:58:39.0718 3528	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:58:39.0796 3528	Kbdclass - ok
17:58:39.0890 3528	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:58:39.0968 3528	kmixer - ok
17:58:40.0046 3528	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:58:40.0062 3528	KSecDD - ok
17:58:40.0140 3528	lanmanserver    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
17:58:40.0218 3528	lanmanserver - ok
17:58:40.0296 3528	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:58:40.0296 3528	lanmanworkstation - ok
17:58:40.0312 3528	lbrtfdc - ok
17:58:40.0328 3528	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:58:40.0390 3528	LmHosts - ok
17:58:40.0390 3528	MBAMSwissArmy - ok
17:58:40.0562 3528	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
17:58:40.0578 3528	McComponentHostService - ok
17:58:40.0781 3528	MDM             (81eb1700d75f1ce13d4dba0133222072) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
17:58:40.0796 3528	MDM ( UnsignedFile.Multi.Generic ) - warning
17:58:40.0796 3528	MDM - detected UnsignedFile.Multi.Generic (1)
17:58:40.0843 3528	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:58:40.0921 3528	Messenger - ok
17:58:40.0953 3528	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:58:41.0031 3528	mnmdd - ok
17:58:41.0078 3528	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:58:41.0203 3528	mnmsrvc - ok
17:58:41.0234 3528	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:58:41.0328 3528	Modem - ok
17:58:41.0343 3528	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:58:41.0421 3528	Mouclass - ok
17:58:41.0500 3528	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:58:41.0593 3528	mouhid - ok
17:58:41.0625 3528	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:58:41.0687 3528	MountMgr - ok
17:58:41.0781 3528	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:58:41.0781 3528	MozillaMaintenance - ok
17:58:41.0796 3528	mraid35x - ok
17:58:41.0890 3528	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:58:41.0953 3528	MRxDAV - ok
17:58:42.0171 3528	MRxSmb          (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:58:42.0296 3528	MRxSmb - ok
17:58:42.0343 3528	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:58:42.0421 3528	MSDTC - ok
17:58:42.0453 3528	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:58:42.0531 3528	Msfs - ok
17:58:42.0546 3528	MSIServer - ok
17:58:42.0578 3528	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:58:42.0640 3528	MSKSSRV - ok
17:58:42.0656 3528	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:58:42.0750 3528	MSPCLOCK - ok
17:58:42.0781 3528	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:58:42.0890 3528	MSPQM - ok
17:58:42.0937 3528	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:58:43.0015 3528	mssmbios - ok
17:58:43.0031 3528	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:58:43.0109 3528	MSTEE - ok
17:58:43.0171 3528	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:58:43.0250 3528	Mup - ok
17:58:43.0296 3528	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:58:43.0390 3528	NABTSFEC - ok
17:58:43.0531 3528	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:58:43.0609 3528	napagent - ok
17:58:43.0703 3528	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:58:43.0796 3528	NDIS - ok
17:58:43.0828 3528	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:58:43.0906 3528	NdisIP - ok
17:58:43.0937 3528	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:58:44.0015 3528	NdisTapi - ok
17:58:44.0046 3528	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:58:44.0156 3528	Ndisuio - ok
17:58:44.0187 3528	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:58:44.0265 3528	NdisWan - ok
17:58:44.0296 3528	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:58:44.0390 3528	NDProxy - ok
17:58:44.0468 3528	Nero BackItUp Scheduler 4.0 - ok
17:58:44.0500 3528	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:58:44.0593 3528	NetBIOS - ok
17:58:44.0687 3528	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:58:44.0781 3528	NetBT - ok
17:58:44.0859 3528	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:58:44.0953 3528	NetDDE - ok
17:58:44.0953 3528	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:58:45.0031 3528	NetDDEdsdm - ok
17:58:45.0093 3528	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:58:45.0218 3528	Netlogon - ok
17:58:45.0312 3528	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:58:45.0406 3528	Netman - ok
17:58:45.0546 3528	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:58:45.0562 3528	NetTcpPortSharing - ok
17:58:46.0687 3528	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
17:58:47.0656 3528	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
17:58:47.0656 3528	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
17:58:48.0203 3528	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:58:48.0281 3528	NIC1394 - ok
17:58:48.0406 3528	Nla             (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll
17:58:48.0437 3528	Nla - ok
17:58:48.0578 3528	NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe
17:58:48.0578 3528	NMSAccessU - ok
17:58:48.0625 3528	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:58:48.0718 3528	Npfs - ok
17:58:48.0953 3528	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:58:49.0187 3528	Ntfs - ok
17:58:49.0218 3528	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:58:49.0281 3528	NtLmSsp - ok
17:58:49.0484 3528	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:58:49.0687 3528	NtmsSvc - ok
17:58:49.0718 3528	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:58:49.0796 3528	Null - ok
17:58:49.0843 3528	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:58:49.0937 3528	NwlnkFlt - ok
17:58:49.0953 3528	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:58:50.0031 3528	NwlnkFwd - ok
17:58:50.0359 3528	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:58:50.0468 3528	odserv - ok
17:58:50.0531 3528	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:58:50.0593 3528	ohci1394 - ok
17:58:50.0687 3528	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:58:50.0703 3528	ose - ok
17:58:50.0750 3528	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:58:50.0843 3528	Parport - ok
17:58:50.0859 3528	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:58:50.0953 3528	PartMgr - ok
17:58:50.0984 3528	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:58:51.0062 3528	ParVdm - ok
17:58:51.0125 3528	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:58:51.0250 3528	PCI - ok
17:58:51.0265 3528	PCIDump - ok
17:58:51.0281 3528	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:58:51.0359 3528	PCIIde - ok
17:58:51.0421 3528	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:58:51.0500 3528	Pcmcia - ok
17:58:51.0515 3528	PDCOMP - ok
17:58:51.0515 3528	PDFRAME - ok
17:58:51.0515 3528	PDRELI - ok
17:58:51.0531 3528	PDRFRAME - ok
17:58:51.0531 3528	perc2 - ok
17:58:51.0531 3528	perc2hib - ok
17:58:51.0625 3528	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:58:51.0625 3528	PlugPlay - ok
17:58:51.0656 3528	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:58:51.0734 3528	PolicyAgent - ok
17:58:51.0765 3528	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:58:51.0859 3528	PptpMiniport - ok
17:58:51.0859 3528	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:58:51.0937 3528	ProtectedStorage - ok
17:58:52.0031 3528	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:58:52.0109 3528	PSched - ok
17:58:52.0140 3528	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:58:52.0234 3528	Ptilink - ok
17:58:52.0234 3528	ql1080 - ok
17:58:52.0234 3528	Ql10wnt - ok
17:58:52.0250 3528	ql12160 - ok
17:58:52.0250 3528	ql1240 - ok
17:58:52.0250 3528	ql1280 - ok
17:58:52.0281 3528	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:58:52.0343 3528	RasAcd - ok
17:58:52.0406 3528	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:58:52.0468 3528	RasAuto - ok
17:58:52.0515 3528	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:58:52.0593 3528	Rasl2tp - ok
17:58:52.0703 3528	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:58:52.0796 3528	RasMan - ok
17:58:52.0812 3528	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:58:52.0906 3528	RasPppoe - ok
17:58:52.0906 3528	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:58:53.0000 3528	Raspti - ok
17:58:53.0078 3528	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:58:53.0203 3528	Rdbss - ok
17:58:53.0234 3528	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:58:53.0328 3528	RDPCDD - ok
17:58:53.0406 3528	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:58:53.0484 3528	RDPWD - ok
17:58:53.0578 3528	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:58:53.0656 3528	RDSessMgr - ok
17:58:53.0718 3528	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:58:53.0796 3528	redbook - ok
17:58:53.0843 3528	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:58:53.0937 3528	RemoteAccess - ok
17:58:54.0140 3528	RichVideo       (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Programme\Cyberlink\Shared files\RichVideo.exe
17:58:54.0156 3528	RichVideo - ok
17:58:54.0218 3528	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
17:58:54.0296 3528	RpcLocator - ok
17:58:54.0500 3528	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:58:54.0609 3528	RpcSs - ok
17:58:54.0687 3528	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
17:58:54.0781 3528	RSVP - ok
17:58:54.0859 3528	RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:58:54.0875 3528	RTLE8023xp - ok
17:58:54.0921 3528	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:58:54.0984 3528	SamSs - ok
17:58:55.0062 3528	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:58:55.0187 3528	SCardSvr - ok
17:58:55.0281 3528	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:58:55.0375 3528	Schedule - ok
17:58:55.0421 3528	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:58:55.0500 3528	sdbus - ok
17:58:55.0703 3528	SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:58:55.0703 3528	SeaPort - ok
17:58:55.0750 3528	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:58:55.0828 3528	Secdrv - ok
17:58:55.0859 3528	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:58:55.0953 3528	seclogon - ok
17:58:55.0984 3528	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:58:56.0062 3528	SENS - ok
17:58:56.0109 3528	Ser2pl          (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
17:58:56.0156 3528	Ser2pl - ok
17:58:56.0250 3528	Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:58:56.0343 3528	Serenum - ok
17:58:56.0390 3528	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:58:56.0468 3528	Serial - ok
17:58:56.0500 3528	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:58:56.0593 3528	Sfloppy - ok
17:58:56.0765 3528	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:58:56.0953 3528	SharedAccess - ok
17:58:57.0031 3528	ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:58:57.0109 3528	ShellHWDetection - ok
17:58:57.0109 3528	Simbad - ok
17:58:57.0156 3528	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:58:57.0234 3528	SLIP - ok
17:58:57.0234 3528	Sparrow - ok
17:58:57.0250 3528	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:58:57.0343 3528	splitter - ok
17:58:57.0390 3528	Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
17:58:57.0468 3528	Spooler - ok
17:58:57.0515 3528	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:58:57.0578 3528	sr - ok
17:58:57.0656 3528	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
17:58:57.0750 3528	srservice - ok
17:58:57.0906 3528	Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:58:58.0265 3528	Srv - ok
17:58:58.0328 3528	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:58:58.0390 3528	SSDPSRV - ok
17:58:58.0437 3528	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:58:58.0437 3528	ssmdrv - ok
17:58:58.0484 3528	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
17:58:58.0500 3528	StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:58:58.0500 3528	StarOpen - detected UnsignedFile.Multi.Generic (1)
17:58:58.0656 3528	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:58:58.0843 3528	stisvc - ok
17:58:58.0890 3528	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:58:58.0968 3528	streamip - ok
17:58:59.0000 3528	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:58:59.0078 3528	swenum - ok
17:58:59.0140 3528	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:58:59.0218 3528	swmidi - ok
17:58:59.0218 3528	SwPrv - ok
17:58:59.0234 3528	symc810 - ok
17:58:59.0234 3528	symc8xx - ok
17:58:59.0250 3528	sym_hi - ok
17:58:59.0250 3528	sym_u3 - ok
17:58:59.0375 3528	SynTP           (86692a9116559222bd2d62633ddc352d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:58:59.0406 3528	SynTP - ok
17:58:59.0437 3528	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:58:59.0515 3528	sysaudio - ok
17:58:59.0578 3528	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:58:59.0671 3528	SysmonLog - ok
17:58:59.0796 3528	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:58:59.0890 3528	TapiSrv - ok
17:59:00.0078 3528	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:59:00.0234 3528	Tcpip - ok
17:59:00.0296 3528	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:59:00.0390 3528	TDPIPE - ok
17:59:00.0406 3528	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:59:00.0500 3528	TDTCP - ok
17:59:00.0750 3528	TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
17:59:00.0750 3528	TelekomNM3 - ok
17:59:00.0843 3528	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:59:00.0968 3528	TermDD - ok
17:59:01.0187 3528	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:59:01.0312 3528	TermService - ok
17:59:01.0515 3528	TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
17:59:01.0656 3528	TestHandler - ok
17:59:01.0734 3528	Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
17:59:01.0812 3528	Themes - ok
17:59:01.0812 3528	TosIde - ok
17:59:01.0875 3528	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:59:01.0953 3528	TrkWks - ok
17:59:02.0203 3528	TVECapSvc       (dec8acebd9cd1f3dd6f4f3a6308d8b94) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
17:59:02.0218 3528	TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
17:59:02.0218 3528	TVECapSvc - detected UnsignedFile.Multi.Generic (1)
17:59:02.0281 3528	TVESched        (7a5a6987397f78b1606bdb5c407d3574) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
17:59:02.0296 3528	TVESched ( UnsignedFile.Multi.Generic ) - warning
17:59:02.0296 3528	TVESched - detected UnsignedFile.Multi.Generic (1)
17:59:02.0343 3528	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:59:02.0421 3528	Udfs - ok
17:59:02.0421 3528	ultra - ok
17:59:02.0609 3528	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:59:02.0812 3528	Update - ok
17:59:02.0906 3528	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:59:02.0984 3528	upnphost - ok
17:59:03.0000 3528	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:59:03.0093 3528	UPS - ok
17:59:03.0234 3528	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:59:03.0359 3528	usbccgp - ok
17:59:03.0390 3528	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:59:03.0468 3528	usbehci - ok
17:59:03.0515 3528	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:59:03.0609 3528	usbhub - ok
17:59:03.0656 3528	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:59:03.0734 3528	usbprint - ok
17:59:03.0765 3528	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:59:03.0859 3528	usbscan - ok
17:59:03.0906 3528	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:59:03.0968 3528	USBSTOR - ok
17:59:04.0000 3528	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:59:04.0093 3528	usbuhci - ok
17:59:04.0187 3528	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:59:04.0281 3528	usbvideo - ok
17:59:04.0312 3528	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:59:04.0390 3528	VgaSave - ok
17:59:04.0390 3528	ViaIde - ok
17:59:04.0421 3528	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:59:04.0515 3528	VolSnap - ok
17:59:04.0656 3528	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:59:04.0718 3528	VSS - ok
17:59:04.0828 3528	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:59:04.0921 3528	W32Time - ok
17:59:04.0953 3528	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:59:05.0031 3528	Wanarp - ok
17:59:05.0031 3528	WDICA - ok
17:59:05.0078 3528	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:59:05.0203 3528	wdmaud - ok
17:59:05.0265 3528	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:59:05.0375 3528	WebClient - ok
17:59:05.0515 3528	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:59:05.0609 3528	winmgmt - ok
17:59:05.0750 3528	WisLMSvc        (b0e6faa0f0ead4772c545a3737efb47f) C:\Programme\Launch Manager\WisLMSvc.exe
17:59:05.0750 3528	WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
17:59:05.0750 3528	WisLMSvc - detected UnsignedFile.Multi.Generic (1)
17:59:05.0812 3528	WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
17:59:05.0890 3528	WmdmPmSN - ok
17:59:05.0921 3528	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:59:06.0015 3528	WmiAcpi - ok
17:59:06.0109 3528	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:59:06.0328 3528	WmiApSrv - ok
17:59:06.0406 3528	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:59:06.0500 3528	WS2IFSL - ok
17:59:06.0734 3528	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:59:06.0828 3528	wscsvc - ok
17:59:06.0843 3528	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:59:06.0921 3528	WSTCODEC - ok
17:59:06.0953 3528	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:59:07.0031 3528	wuauserv - ok
17:59:07.0265 3528	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:59:07.0468 3528	WZCSVC - ok
17:59:07.0562 3528	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:59:07.0656 3528	xmlprov - ok
17:59:07.0796 3528	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PlayMovie\000.fcl
17:59:07.0796 3528	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:59:07.0875 3528	{95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PowerDVD\000.fcl
17:59:07.0875 3528	{95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
17:59:07.0906 3528	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:59:08.0609 3528	\Device\Harddisk0\DR0 - ok
17:59:08.0625 3528	Boot (0x1200)   (1ffc0a734d9502c406ab4afba1c2a60e) \Device\Harddisk0\DR0\Partition0
17:59:08.0625 3528	\Device\Harddisk0\DR0\Partition0 - ok
17:59:08.0625 3528	============================================================
17:59:08.0625 3528	Scan finished
17:59:08.0625 3528	============================================================
17:59:08.0625 3388	Detected object count: 12
17:59:08.0625 3388	Actual detected object count: 12
17:59:50.0734 3388	Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	ElbyDelay ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0765 3388	Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0765 3388	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0812 3388	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0812 3388	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0812 3388	TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0812 3388	TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:59:50.0812 3388	WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:59:50.0812 3388	WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 30.05.2012, 20:42

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Marina_2626 · 31.05.2012, 06:59

Diesmal hab ich einen Fehler gemacht. Ich hatte AntiVir nicht aus... Vom Internet war ich zwar die meiste Zeit getrennt (ich kam nicht mehr rein, aber gegen Ende des Scans wurde ich wieder automatisch verbunden), aber weiß nicht, ob das einen Unterschied macht. Die Maus hab ich auch mal bewegt... Sry, mein Fehler, falls da jetzt was schief gegangen ist.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-30.04 - Marina *** 31.05.2012   7:44.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2009.1265 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\dokumente und einstellungen\Marina ***\WINDOWS
c:\windows\AutoRun.ini
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\ijl11.dll
c:\windows\system32\Temp
c:\windows\system32\Temp\zup\Comct332.ocx
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-30 14:42 . 2012-05-30 14:42	--------	d-----w-	C:\_OTL
2012-05-30 11:33 . 2012-05-30 11:36	--------	d-----w-	c:\programme\Mozilla Sunbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2012-04-30 18:22	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-21 01:18 . 2012-04-29 10:07	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-27 39408]
"ICQ"="c:\programme\ICQ7.6\ICQ.exe" [2011-10-28 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"YouCam Mirror Tray icon"="c:\programme\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Marina ***\Startmenü\Programme\Autostart\
Meine Dienste.lnk - c:\programme\Telekom\Meine Dienste\StartMeineDienste.exe [2012-3-21 269944]
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2011-11-10 14000128]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
Meine Dienste.lnk - c:\programme\Telekom\Meine Dienste\StartMeineDienste.exe [2012-3-21 269944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2005-05-19 13:47	57344	----a-w-	c:\eigene programme\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMSAccessU"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\eigene Programme\\Klebezettel NG\\klebez.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ7.6\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\programme\HomeCinema\PlayMovie\000.fcl [26.04.2010 16:07 41456]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.02.2010 16:14 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [28.06.2011 20:11 428200]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [24.10.2011 09:53 2565632]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [26.04.2010 16:09 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [26.04.2010 16:09 114779]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11.04.2008 17:55 84240]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [16.09.2010 17:02 35040]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [27.02.2010 16:21 135664]
S2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [27.02.2010 16:21 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [29.04.2012 12:07 129976]
S3 WisLMSvc;WisLMSvc;c:\programme\Launch Manager\WisLMSvc.exe [27.02.2010 14:08 118784]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 21530952
*NewlyCreated* - 35220302
*Deregistered* - 21530952
*Deregistered* - 35220302
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-27 14:21]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-27 14:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ7.6\ICQ.exe
IE: {{A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www3.k-tv.org/programm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-VV_Outloud_Gr_GR - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-31 07:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\programme\HomeCinema\PlayMovie\000.fcl"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\programme\HomeCinema\PowerDVD\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(896)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-05-31  07:54:06
ComboFix-quarantined-files.txt  2012-05-31 05:53
.
Vor Suchlauf: 12 Verzeichnis(se), 132.138.188.800 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 132.084.162.560 Bytes frei
.
- - End Of File - - 120DF6D6459D598889CBBDD163FAAB08

--- --- ---

cosinus · 31.05.2012, 10:10

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Marina_2626 · 31.05.2012, 11:27

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-31 12:24:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC64G
Running: snk8w2rs.exe; Driver: C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT                                                                                                                                  BA6F3E2E                                            ZwCreateKey
SSDT                                                                                                                                  BA6F3E24                                            ZwCreateThread
SSDT                                                                                                                                  BA6F3E33                                            ZwDeleteKey
SSDT                                                                                                                                  BA6F3E3D                                            ZwDeleteValueKey
SSDT                                                                                                                                  BA6F3E42                                            ZwLoadKey
SSDT                                                                                                                                  BA6F3E10                                            ZwOpenProcess
SSDT                                                                                                                                  BA6F3E15                                            ZwOpenThread
SSDT                                                                                                                                  BA6F3E4C                                            ZwReplaceKey
SSDT                                                                                                                                  BA6F3E47                                            ZwRestoreKey
SSDT                                                                                                                                  BA6F3E38                                            ZwSetValueKey
 
Code                                                                                                                                  \??\C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys  pIofCallDriver
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys            section is writeable [0xA4FC1400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA504BC20]  C:\WINDOWS\system32\drivers\hardlock.sys            entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA504BC20]
.protectÿÿÿÿhardlockunknown last code section [0xA504BA00, 0x50CA, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys            unknown last code section [0xA504BA00, 0x50CA, 0xE0000020]
                                                                                                                                      C:\Programme\HomeCinema\PlayMovie\000.fcl           entry point in "" section [0xA4D14000]
.clc                                                                                                                                  C:\Programme\HomeCinema\PlayMovie\000.fcl           unknown last section [0xA4D15000, 0x1000, 0x00000000]
                                                                                                                                      C:\Programme\HomeCinema\PowerDVD\000.fcl            entry point in "" section [0xA4D14000]
.clc                                                                                                                                  C:\Programme\HomeCinema\PowerDVD\000.fcl            unknown last section [0xA4D15000, 0x1000, 0x00000000]
?                                                                                                                                     C:\WINDOWS\system32\Drivers\PROCEXP113.SYS          Das System kann die angegebene Datei nicht finden. !
?                                                                                                                                     C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass1             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Tcp                           fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----

--- --- ---

---------------------------

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:26:08 on 31.05.2012
 
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
 
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
 
 
[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"awlyrpod" (awlyrpod) - ? - C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"Hotkey" (Hotkey) - ? - C:\WINDOWS\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Programme\HomeCinema\PlayMovie\000.fcl
"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\HomeCinema\PowerDVD\000.fcl
 
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
"ICQ7.6" - "ICQ, LLC." - C:\Programme\ICQ7.6\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{2015C8D4-8534-48DB-B5FB-5C76291F080C} "Toolbar 3.0 der Telekom" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll  (File not found)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
 
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\desktop.ini
"Meine Dienste.lnk" - "Deutsche Telekom AG" - C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe  (Shortcut exists | File exists)
"Netzmanager.lnk" - "Deutsche Telekom AG" - C:\Programme\Netzmanager\netzmanager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Advanced System Protector" - "Systweak" - "C:\Programme\Advanced System Protector\advancedsystemprotector.exe" autolaunch
"ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.6\ICQ.exe" silent loginmode=4
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SystweakASP" - ? - "C:\Programme\RegClean Pro\SystweakASP.exe" /verysilent  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Advanced System Protector" - "Systweak" - "C:\Programme\Advanced System Protector\advancedsystemprotector.exe" autolaunch
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "c:\Programme\CyberLink\YouCam\YouCamTray.exe" /s
 
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
 
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared files\RichVideo.exe
"Fujitsu Diagnostic Testhandler" (TestHandler) - "Fujitsu Technology Solutions" - C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Programme\Launch Manager\WisLMSvc.exe
 
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 
===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Code:

ATTFilter

 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 13:30:54
-----------------------------
13:30:54.203    OS Version: Windows 5.1.2600 Service Pack 3
13:30:54.203    Number of processors: 1 586 0x170A
13:30:54.203    ComputerName: MARINA_NB  UserName: 
13:31:00.421    Initialize success
13:34:48.609    AVAST engine defs: 12053100
13:35:21.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:35:21.171    Disk 0 Vendor: Hitachi_HTS545016B9A300 PBBOC64G Size: 152627MB BusType: 3
13:35:21.296    Disk 0 MBR read successfully
13:35:21.296    Disk 0 MBR scan
13:35:21.437    Disk 0 Windows XP default MBR code
13:35:21.437    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63
13:35:21.453    Disk 0 scanning sectors +312560640
13:35:21.921    Disk 0 scanning C:\WINDOWS\system32\drivers
13:35:57.640    Service scanning
13:36:40.453    Modules scanning
13:37:07.046    Disk 0 trace - called modules:
13:37:07.093    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
13:37:07.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d7cab8]
13:37:07.593    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d6ab00]
13:37:10.015    AVAST engine scan C:\WINDOWS
13:37:43.765    AVAST engine scan C:\WINDOWS\system32
13:50:18.203    AVAST engine scan C:\WINDOWS\system32\drivers
13:51:40.546    AVAST engine scan C:\Dokumente und Einstellungen\Marina ***
13:52:14.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Marina ***\Desktop\MBR.dat"
13:52:14.859    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Marina ***\Desktop\aswMBR.txt"

Weiterleitung auf falsche Seiten (Suchmaschinen)

Log-Analyse und Auswertung: Weiterleitung auf falsche Seiten (Suchmaschinen)