Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: whatever shit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.12.2010, 19:51   #1
paulo3d
 
whatever shit - Standard

whatever shit



ist hier noch was zu retten???
grüße paulOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.12.2010 19:20:14 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Vorstand\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 37,97 Gb Free Space | 32,30% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 104,55 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Drive F: | 6,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PRIVAT | User Name: Vorstand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.27 19:18:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Vorstand\Downloads\OTL.exe
PRC - [2010.12.17 17:22:52 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.12.17 17:22:52 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010.12.17 17:22:52 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.12.17 17:22:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.17 17:22:52 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.17 17:22:52 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.07.20 18:09:00 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.03.24 16:08:39 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 13:48:31 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2009.01.01 20:49:13 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008.10.31 22:42:46 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.09.10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.04.08 16:49:18 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2008.01.25 14:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.01.25 10:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe
PRC - [2008.01.22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008.01.22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 14:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007.12.29 09:06:02 | 000,430,080 | ---- | M] () -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007.12.25 13:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007.12.07 14:22:54 | 000,107,824 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
PRC - [2007.12.07 14:22:52 | 001,234,320 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
PRC - [2007.12.07 14:22:52 | 000,800,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007.07.26 15:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe
PRC - [2007.06.21 15:12:03 | 000,054,576 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\shellmon.exe
PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007.05.24 09:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007.01.29 17:40:44 | 000,179,016 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
PRC - [2006.11.14 14:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1225531359\ee\aolsoftware.exe
PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.14 00:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Programme\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [1997.10.17 23:00:00 | 000,111,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997.10.17 23:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.27 19:18:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Vorstand\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.12.17 17:22:52 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.12.17 17:22:52 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.12.17 17:22:52 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.17 17:22:52 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.20 18:09:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.01.01 20:49:13 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.09.10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.08.01 14:36:58 | 000,290,816 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007.01.29 17:40:44 | 000,179,016 | ---- | M] (T-Systems Enterprise Services GmbH) [Auto | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - [2010.12.17 17:22:52 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.17 17:22:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 12:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.18 18:53:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.02.01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.01.21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.12.06 10:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.11.29 17:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.11.01 00:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 00:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.11.01 00:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.09.26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.06.13 17:11:10 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007.01.29 17:40:14 | 000,014,536 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2007.01.29 16:51:44 | 000,022,856 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: toolbar_extras@de.yahoo.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.26 16:28:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.16 23:03:53 | 000,000,000 | ---D | M]
 
[2008.12.29 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Extensions
[2010.12.27 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions
[2009.07.07 16:33:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.01 09:30:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.06.17 10:27:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.29 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\toolbar_extras@de.yahoo.com
[2010.10.22 16:02:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.24 22:04:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 21:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:02:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.04.25 16:40:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2008.07.15 15:23:13 | 000,000,810 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1225531359\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cognac] C:\Users\Vorstand\AppData\Local\Temp\52.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunServices: [Win32Update] C:\Users\Vorstand\AppData\Local\Temp\wJQs.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.06 11:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.02.24 02:30:48 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.07.08 18:15:09 | 000,000,000 | R--D | M] - F:\AutorunData -- [ UDF ]
O33 - MountPoints2\{2579fc37-8ca3-11dd-90df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2579fc37-8ca3-11dd-90df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.03.06 11:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.)
O33 - MountPoints2\{5280ac26-a9a1-11dd-9217-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5280ac26-a9a1-11dd-9217-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EasySuite.exe -- File not found
O33 - MountPoints2\{d9b81c6a-a8dc-11dd-bf0f-001e68c802af}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
O33 - MountPoints2\{ee60c548-d8cf-11dd-b78a-001e68c802af}\Shell - "" = AutoRun
O33 - MountPoints2\{ee60c548-d8cf-11dd-b78a-001e68c802af}\Shell\AutoRun\command - "" = D:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.27 18:48:47 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.12.25 09:43:34 | 000,000,000 | ---D | C] -- C:\Users\Vorstand\Documents\My Games
[2010.12.25 09:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.12.23 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Vorstand\Documents\Meine Projekte
[2010.12.21 17:35:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.21 17:18:45 | 000,000,000 | ---D | C] -- C:\Programme\THQ
[2010.12.21 17:15:17 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.27 19:16:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 17:58:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:58:15 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:58:15 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:58:15 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.27 17:53:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.12.27 17:52:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 17:52:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.26 18:50:14 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | M] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:44 | 000,225,513 | ---- | M] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.25 10:39:56 | 000,068,608 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 09:43:49 | 000,000,680 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2010.12.23 11:45:12 | 000,000,484 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2010.12.21 18:09:40 | 262,068,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.17 17:22:52 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.17 17:22:52 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.17 11:39:58 | 000,322,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.03 12:12:06 | 003,882,262 | ---- | M] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.26 18:50:06 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | C] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:38 | 000,225,513 | ---- | C] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.21 17:34:57 | 262,068,595 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.03 12:11:12 | 003,882,262 | ---- | C] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[2010.10.22 15:47:38 | 000,000,009 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\mdb.bin
[2009.10.24 11:52:23 | 000,000,680 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2009.08.09 21:17:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.05.20 13:28:05 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.02.03 18:36:03 | 000,000,484 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2008.11.06 16:49:38 | 000,024,206 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\UserTile.png
[2008.10.24 09:06:23 | 000,000,010 | ---- | C] () -- C:\Windows\msoffice.ini
[2008.10.15 09:32:40 | 000,000,235 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\devices.xml
[2008.10.15 09:32:40 | 000,000,012 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\settings.xml
[2008.10.15 08:56:15 | 000,000,573 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.10.10 18:19:30 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.10.01 17:31:31 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.01 17:31:21 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.01 10:00:55 | 000,000,096 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\fusioncache.dat
[2008.09.29 18:32:09 | 000,068,608 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.26 14:48:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.15 18:02:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.15 17:55:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.15 17:55:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.15 17:55:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.15 17:55:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.15 17:55:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.15 17:55:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.15 17:36:06 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.02.15 17:36:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.02.15 17:36:06 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.02.15 17:36:06 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.02.15 17:29:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.15 17:22:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.02.15 16:52:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.02.15 16:52:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.01.28 17:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 17:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 16:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 16:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 16:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 16:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1997.10.17 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.17 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2010.05.31 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Canon
[2010.11.27 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\com.prezi.PreziDesktop
[2010.12.16 23:03:58 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Defense Center
[2009.04.06 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\DesktopSMS
[2009.12.07 23:19:49 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\LG Electronics
[2009.01.20 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\MAGIX
[2010.08.25 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\myphotobook
[2008.11.06 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\PeerNetworking
[2009.01.01 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\ProtectDisc
[2009.05.20 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Red Alert 3
[2008.10.01 09:56:44 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\T-Online
[2009.02.03 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Template
[2008.11.17 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\TOSHIBA
[2010.08.13 23:28:45 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Ulead Systems
[2008.10.03 15:43:12 | 000,000,016 | -H-- | M] () -- C:\Windows\Tasks\mxfilerelatedcache.mxc2
[2010.12.27 15:19:12 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 761 bytes -> C:\Users\Vorstand\Documents\Fw_Threeships.eml:OECustomProperty
 
< End of report >
         
--- --- ---




















OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.12.2010 19:20:14 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Vorstand\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,54 Gb Total Space | 37,97 Gb Free Space | 32,30% Space Free | Partition Type: NTFS
Drive E: | 113,88 Gb Total Space | 104,55 Gb Free Space | 91,80% Space Free | Partition Type: NTFS
Drive F: | 6,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PRIVAT | User Name: Vorstand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.27 19:18:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Vorstand\Downloads\OTL.exe
PRC - [2010.12.17 17:22:52 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.12.17 17:22:52 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2010.12.17 17:22:52 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.12.17 17:22:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.17 17:22:52 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.17 17:22:52 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.07.20 18:09:00 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.03.24 16:08:39 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 13:48:31 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe
PRC - [2009.01.01 20:49:13 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2008.10.31 22:42:46 | 000,307,712 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2008.09.10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008.04.08 16:49:18 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2008.01.25 14:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008.01.25 10:22:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SmoothView\SmoothView.exe
PRC - [2008.01.22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008.01.22 10:00:30 | 004,624,384 | ---- | M] () -- C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 14:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007.12.29 09:06:02 | 000,430,080 | ---- | M] () -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007.12.25 13:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007.12.07 14:22:54 | 000,107,824 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
PRC - [2007.12.07 14:22:52 | 001,234,320 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
PRC - [2007.12.07 14:22:52 | 000,800,152 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe
PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.10.25 16:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Programme\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007.07.26 15:55:16 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe
PRC - [2007.06.21 15:12:03 | 000,054,576 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\shellmon.exe
PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007.05.24 09:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programme\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007.01.29 17:40:44 | 000,179,016 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
PRC - [2006.11.14 14:47:54 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1225531359\ee\aolsoftware.exe
PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.10.14 00:18:24 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Programme\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [1997.10.17 23:00:00 | 000,111,376 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\FINDFAST.EXE
PRC - [1997.10.17 23:00:00 | 000,051,984 | ---- | M] () -- C:\Programme\Microsoft Office\Office\OSA.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.27 19:18:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Vorstand\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010.12.17 17:22:52 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.12.17 17:22:52 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.12.17 17:22:52 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.17 17:22:52 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.20 18:09:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.01.01 20:49:13 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008.09.10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 13:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.08.01 14:36:58 | 000,290,816 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Program Files\T-Online\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2007.02.12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007.01.29 17:40:44 | 000,179,016 | ---- | M] (T-Systems Enterprise Services GmbH) [Auto | Running] -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - [2010.12.17 17:22:52 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.17 17:22:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 12:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.18 18:53:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.02.01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008.01.30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2008.01.21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.01.15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.12.17 10:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.12.06 10:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.11.29 17:58:56 | 000,196,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.11.01 00:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.11.01 00:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.11.01 00:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.09.26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.06.13 17:11:10 | 000,025,136 | ---- | M] (America Online) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atwpkt2.sys -- (ATWPKT2)
DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007.01.29 17:40:14 | 000,014,536 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2007.01.29 16:51:44 | 000,022,856 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.09 13:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: toolbar_extras@de.yahoo.com:1.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.26 16:28:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.16 23:03:53 | 000,000,000 | ---D | M]
 
[2008.12.29 13:50:31 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Extensions
[2010.12.27 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions
[2009.07.07 16:33:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.01 09:30:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.06.17 10:27:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.29 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\mozilla\Firefox\Profiles\b6xed38h.default\extensions\toolbar_extras@de.yahoo.com
[2010.10.22 16:02:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.24 22:04:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 21:40:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:02:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.04.25 16:40:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2008.07.15 15:23:13 | 000,000,810 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1225531359\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cognac] C:\Users\Vorstand\AppData\Local\Temp\52.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunServices: [Win32Update] C:\Users\Vorstand\AppData\Local\Temp\wJQs.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.03.06 11:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.02.24 02:30:48 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.07.08 18:15:09 | 000,000,000 | R--D | M] - F:\AutorunData -- [ UDF ]
O33 - MountPoints2\{2579fc37-8ca3-11dd-90df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2579fc37-8ca3-11dd-90df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.03.06 11:07:47 | 000,398,656 | R--- | M] (THQ Canada Inc.)
O33 - MountPoints2\{5280ac26-a9a1-11dd-9217-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5280ac26-a9a1-11dd-9217-806e6f6e6963}\Shell\AutoRun\command - "" = D:\EasySuite.exe -- File not found
O33 - MountPoints2\{d9b81c6a-a8dc-11dd-bf0f-001e68c802af}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found
O33 - MountPoints2\{ee60c548-d8cf-11dd-b78a-001e68c802af}\Shell - "" = AutoRun
O33 - MountPoints2\{ee60c548-d8cf-11dd-b78a-001e68c802af}\Shell\AutoRun\command - "" = D:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.27 18:48:47 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.12.25 09:43:34 | 000,000,000 | ---D | C] -- C:\Users\Vorstand\Documents\My Games
[2010.12.25 09:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.12.23 10:59:55 | 000,000,000 | ---D | C] -- C:\Users\Vorstand\Documents\Meine Projekte
[2010.12.21 17:35:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.21 17:18:45 | 000,000,000 | ---D | C] -- C:\Programme\THQ
[2010.12.21 17:15:17 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.27 19:16:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 17:58:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:58:15 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:58:15 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:58:15 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.27 17:53:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.12.27 17:52:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 17:52:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.26 18:50:14 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | M] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:44 | 000,225,513 | ---- | M] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.25 10:39:56 | 000,068,608 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 09:43:49 | 000,000,680 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2010.12.23 11:45:12 | 000,000,484 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2010.12.21 18:09:40 | 262,068,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.17 17:22:52 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.17 17:22:52 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.17 11:39:58 | 000,322,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.03 12:12:06 | 003,882,262 | ---- | M] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.26 18:50:06 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | C] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:38 | 000,225,513 | ---- | C] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.21 17:34:57 | 262,068,595 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.03 12:11:12 | 003,882,262 | ---- | C] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[2010.10.22 15:47:38 | 000,000,009 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\mdb.bin
[2009.10.24 11:52:23 | 000,000,680 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2009.08.09 21:17:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.05.20 13:28:05 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009.02.03 18:36:03 | 000,000,484 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2008.11.06 16:49:38 | 000,024,206 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\UserTile.png
[2008.10.24 09:06:23 | 000,000,010 | ---- | C] () -- C:\Windows\msoffice.ini
[2008.10.15 09:32:40 | 000,000,235 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\devices.xml
[2008.10.15 09:32:40 | 000,000,012 | ---- | C] () -- C:\Users\Vorstand\AppData\Roaming\settings.xml
[2008.10.15 08:56:15 | 000,000,573 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.10.10 18:19:30 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.10.01 17:31:31 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.01 17:31:21 | 000,000,016 | -H-- | C] () -- C:\Users\Vorstand\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.01 10:00:55 | 000,000,096 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\fusioncache.dat
[2008.09.29 18:32:09 | 000,068,608 | ---- | C] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.26 14:48:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.15 18:02:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.15 17:55:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.15 17:55:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.15 17:55:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.15 17:55:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.15 17:55:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.15 17:55:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.15 17:36:06 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.02.15 17:36:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.02.15 17:36:06 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.02.15 17:36:06 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.02.15 17:29:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.15 17:22:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.02.15 16:52:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008.02.15 16:52:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.01.28 17:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 17:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 16:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 16:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 16:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 16:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1997.10.17 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.17 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2010.05.31 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Canon
[2010.11.27 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\com.prezi.PreziDesktop
[2010.12.16 23:03:58 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Defense Center
[2009.04.06 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\DesktopSMS
[2009.12.07 23:19:49 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\LG Electronics
[2009.01.20 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\MAGIX
[2010.08.25 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\myphotobook
[2008.11.06 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\PeerNetworking
[2009.01.01 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\ProtectDisc
[2009.05.20 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Red Alert 3
[2008.10.01 09:56:44 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\T-Online
[2009.02.03 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Template
[2008.11.17 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\TOSHIBA
[2010.08.13 23:28:45 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Ulead Systems
[2008.10.03 15:43:12 | 000,000,016 | -H-- | M] () -- C:\Windows\Tasks\mxfilerelatedcache.mxc2
[2010.12.27 15:19:12 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 761 bytes -> C:\Users\Vorstand\Documents\Fw_Threeships.eml:OECustomProperty
 
< End of report >
         
--- --- ---
[2010.12.27 19:23:47 | 002,883,584 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat
[2010.12.27 19:23:47 | 000,262,144 | -H-- | M] () -- C:\Users\Vorstand\ntuser.dat.LOG1
[2010.12.27 19:23:32 | 000,000,000 | R--D | M] -- C:\Users\Vorstand\Downloads
[2010.12.27 19:22:12 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Local\Temp
[2010.12.27 19:16:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 19:10:03 | 000,000,000 | R--D | M] -- C:\Users\Vorstand\Desktop
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 17:58:15 | 001,568,228 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.27 17:58:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:58:15 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:58:15 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:58:15 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.27 17:53:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.12.27 17:52:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.27 17:52:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.27 17:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 15:19:10 | 000,524,288 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat{fc6e9761-0904-11e0-b0d2-ee7324ffcfc3}.TMContainer00000000000000000001.regtrans-ms
[2010.12.27 15:19:10 | 000,065,536 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat{fc6e9761-0904-11e0-b0d2-ee7324ffcfc3}.TM.blf
[2010.12.27 15:19:02 | 002,912,637 | -H-- | M] () -- C:\Users\Vorstand\AppData\Local\IconCache.db
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.26 18:50:14 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | M] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:44 | 000,225,513 | ---- | M] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.25 11:10:38 | 000,000,000 | R--D | M] -- C:\Users\Vorstand\Documents
[2010.12.25 10:39:56 | 000,068,608 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 09:43:49 | 000,000,680 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2010.12.25 09:43:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Media Center Programs
[2010.12.23 11:45:12 | 000,000,484 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2010.12.22 15:42:07 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\2009-04-27, Montag
[2010.12.22 14:51:30 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJ
[2010.12.22 14:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJPLM
[2010.12.21 18:28:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2010.12.21 18:27:37 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2010.12.21 18:09:40 | 262,068,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.21 17:18:45 | 000,000,000 | ---D | M] -- C:\Programme\THQ
[2010.12.17 11:39:58 | 000,322,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.17 11:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.12.17 11:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2010.12.17 11:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2010.12.17 11:37:22 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2010.12.17 11:17:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2010.12.17 11:10:49 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2010.12.16 23:04:03 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\Services
[2010.12.16 23:03:59 | 000,000,000 | R--D | M] -- C:\Users\Vorstand\Links
[2010.12.16 23:03:58 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Defense Center
[2010.12.16 23:03:56 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEGV
[2010.12.16 23:03:56 | 000,000,000 | ---D | M] -- C:\Programme\Top50 V4
[2010.12.16 23:03:55 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2010.12.16 23:03:41 | 000,000,000 | ---D | M] -- C:\Programme\AOL 9.0 VRa
[2010.12.16 23:03:41 | 000,000,000 | ---D | M] -- C:\Programme\AOL 9.0 VR
[2010.12.16 23:03:41 | 000,000,000 | ---D | M] -- C:\Programme\5_Field_Kuno
[2010.12.16 23:03:13 | 000,000,000 | ---D | M] -- C:\Programme\Common Files\Java
[2010.12.16 23:00:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2010.12.16 16:43:59 | 000,524,288 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat{fc6e9761-0904-11e0-b0d2-ee7324ffcfc3}.TMContainer00000000000000000002.regtrans-ms
[2010.12.16 13:46:42 | 000,524,288 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat{69ff2200-c688-11df-b572-95313e9566ce}.TMContainer00000000000000000001.regtrans-ms
[2010.12.16 13:46:42 | 000,065,536 | -HS- | M] () -- C:\Users\Vorstand\ntuser.dat{69ff2200-c688-11df-b572-95313e9566ce}.TM.blf
[2010.12.03 12:12:06 | 003,882,262 | ---- | M] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[2010.12.02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010.10.22 15:47:38 | 000,000,009 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\mdb.bin
[2010.05.01 10:30:55 | 000,000,573 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010.02.26 16:36:19 | 000,083,672 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.11.08 18:00:23 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini
[2008.11.06 16:49:38 | 000,024,206 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\UserTile.png
[2008.10.20 16:59:38 | 000,000,235 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\devices.xml
[2008.10.20 16:59:38 | 000,000,012 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\settings.xml
[2008.10.10 18:19:30 | 000,000,016 | -H-- | M] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2008.10.01 17:31:31 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.10.01 17:31:31 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\AppData\Local\mxfilerelatedcache.mxc2
[2008.10.01 10:00:55 | 000,000,096 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\fusioncache.dat
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.27 19:16:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 17:58:15 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.27 17:58:15 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.27 17:58:15 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.27 17:58:15 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.27 17:53:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.12.27 17:52:37 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 17:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 17:52:08 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.26 18:50:14 | 000,000,016 | -H-- | M] () -- C:\Users\Vorstand\Desktop\mxfilerelatedcache.mxc2
[2010.12.26 10:43:46 | 000,000,201 | ---- | M] () -- C:\Users\Vorstand\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.12.25 11:10:44 | 000,225,513 | ---- | M] () -- C:\Users\Vorstand\Documents\SchlittenfahrtimWald.jpg
[2010.12.25 10:39:56 | 000,068,608 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 09:43:49 | 000,000,680 | ---- | M] () -- C:\Users\Vorstand\AppData\Local\d3d9caps.dat
[2010.12.23 11:45:12 | 000,000,484 | ---- | M] () -- C:\Users\Vorstand\AppData\Roaming\wklnhst.dat
[2010.12.21 18:09:40 | 262,068,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.17 17:22:52 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.17 17:22:52 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.17 11:39:58 | 000,322,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.03 12:12:06 | 003,882,262 | ---- | M] () -- C:\Users\Vorstand\Documents\dsc07054.jpg
[2010.12.02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== LOP Check ==========

[2010.05.31 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Canon
[2010.11.27 16:50:43 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\com.prezi.PreziDesktop
[2010.12.16 23:03:58 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Defense Center
[2009.04.06 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\DesktopSMS
[2009.12.07 23:19:49 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\LG Electronics
[2009.01.20 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\MAGIX
[2010.08.25 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\myphotobook
[2008.11.06 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\PeerNetworking
[2009.01.01 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\ProtectDisc
[2009.05.20 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Red Alert 3
[2008.10.01 09:56:44 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\T-Online
[2009.02.03 18:36:46 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Template
[2008.11.17 16:25:42 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\TOSHIBA
[2010.08.13 23:28:45 | 000,000,000 | ---D | M] -- C:\Users\Vorstand\AppData\Roaming\Ulead Systems
[2008.10.03 15:43:12 | 000,000,016 | -H-- | M] () -- C:\Windows\Tasks\mxfilerelatedcache.mxc2
[2010.12.27 15:19:12 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.27 13:27:36 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59A3F890-AC58-4510-ABC9-99777FA99D1B}.job
[2010.12.27 19:00:01 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2010.12.27 19:00:03 | 000,000,296 | -H-- | M] () -- C:\Windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 761 bytes -> C:\Users\Vorstand\Documents\Fw_Threeships.eml:OECustomProperty

< End of report >

Alt 27.12.2010, 20:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
whatever shit - Standard

whatever shit



Zitat:
whatever shit
ist hier noch was zu retten???
Unter eine detailierte Fehlerbeschreibung stell ich mir aber was anderes vor
__________________

__________________

Alt 27.12.2010, 21:46   #3
paulo3d
 
whatever shit - Standard

whatever shit



andauernd spring avira auf und sagt, dass es TR/Crypt.XPACK.Gen3' auf dem rechner gibt.
kann man den wieder los werden????
__________________

Alt 27.12.2010, 22:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
whatever shit - Standard

whatever shit



Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.12.2010, 17:06   #5
paulo3d
 
whatever shit - Standard

whatever shit



ok hier ist die exakte meldung von avira

Die Datei 'C:\Windows\PRAGMAtmidnueixc\PRAGMAc.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.


Alt 28.12.2010, 19:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
whatever shit - Standard

whatever shit



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
--> whatever shit

Antwort

Themen zu whatever shit
ad-aware, adblock, adobe, alert, alternate, antivir, autorun, avg, avgntflt.sys, avira, becker, bho, canon, corp./icp, defender, desktop, disabletaskmgr, error, excel.exe, explorer, firefox, format, google, home, home premium, iastor.sys, intranet, location, logfile, media center, mozilla, nvstor.sys, oldtimer, plug-in, port, programdata, registry, saver, scan, searchplugins, senden, software, temp, uleadburninghelper, vista, wallpapers




Zum Thema whatever shit - ist hier noch was zu retten??? grüße paulOTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 27.12.2010 19:20:14 - Run 1 OTL by OldTimer - Version 3.2.18.0 Folder - whatever shit...
Archiv
Du betrachtest: whatever shit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.