Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Langsames System und AntiVir-Fund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.12.2011, 17:12   #1
Larifari
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Hallo liebes Forum,

schon länger wundere ich mich über meinen langsamen Laptop; insbesondere die Benutzeranmeldung dauert regelmäßig ewig. Gestern fand nun während des Thunderbird-Auto-Updates AntiVir einen Schädling in einer Thunderbird-Datei. Leider ist darüber kein Bericht oä mehr vorhanden, so dass ich den Namen nicht mehr weiß. Ein manueller Scan des TB-Ordners ergab auch nichts. Ich weiß auch nicht, ob die Update-Datei oder evtl. eine Mail befallen war.

Ich habe daraufhin jedenfalls Malwarebyte's Anti-Malware laufen lassen und zwei Schädlinge entfernt (Log anbei), bin mir aber jetzt unsicher, ob nicht noch was auf meinem System drauf ist. Da ich auch sicherheitsrelevante Tätigkeiten durchführe, wäre ich froh, wenn sich ein Experte das mal anschauen kann.

Beim defogger kam zwar keine Fehlermeldung, ich wurde aber auch nicht zum Neustart aufgefordert (habe dann selber neugestartet). Habe alle Programme vom Admin-Konto laufen lassen, obwohl ich sonst ein eingeschränktes Konto nutze, hoffe, das war richtig.

OTL:

Code:
ATTFilter
OTL logfile created on: 08.12.2011 12:46:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 60,87% Memory free
3,60 Gb Paging File | 2,92 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 231,87 Gb Total Space | 125,19 Gb Free Space | 53,99% Space Free | Partition Type: NTFS
Drive D: | 1,00 Gb Total Space | 1,00 Gb Free Space | 99,78% Space Free | Partition Type: FAT32
 
Computer Name: PC129641272020 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.08 12:21:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.06.09 07:10:04 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008.06.02 09:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.30 08:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.14 10:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.05.14 10:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008.05.12 06:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2007.12.11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007.11.07 10:32:24 | 000,798,720 | ---- | M] (T-Mobile) -- C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
PRC - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe
PRC - [2007.05.15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.15 15:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.15 15:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.17 14:53:58 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.17 14:53:37 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.17 14:53:27 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011.10.17 14:53:16 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011.10.17 14:22:46 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.17 14:22:13 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.17 14:21:34 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.17 12:14:45 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.17 12:14:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.09.05 18:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2009.08.10 11:11:07 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009.08.10 11:11:06 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2009.08.10 11:11:02 | 000,281,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll
MOD - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009.03.24 14:01:51 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.24 14:01:49 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.24 14:01:47 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.24 14:01:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2008.08.29 13:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2008.07.19 00:33:12 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3057.37222__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.07.19 00:33:12 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3057.37273__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.07.19 00:33:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3057.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.07.19 00:33:11 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3057.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.07.19 00:33:11 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3057.37469__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.07.19 00:33:11 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3057.37441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.07.19 00:33:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3057.37407__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.07.19 00:33:11 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3057.37367__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.07.19 00:33:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3057.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:58 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3057.37476__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:58 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3057.37267__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:58 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3057.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:58 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3057.37266__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:57 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3057.37415__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:57 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3057.37482__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:57 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3057.37420__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.07.19 00:32:57 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3057.37414__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:57 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3057.37481__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3057.37375__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3057.37286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3057.37369__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3057.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3057.37433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.07.19 00:32:56 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3057.37401__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3057.37292__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.07.19 00:32:56 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3057.37280__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3057.37388__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.07.19 00:32:56 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3057.37374__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3057.37367__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3057.37291__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3057.37374__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3057.37387__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:56 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3057.37400__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.07.19 00:32:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.07.19 00:32:55 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.07.19 00:32:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.07.19 00:32:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.07.19 00:32:55 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.07.19 00:32:55 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.07.19 00:32:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.07.19 00:32:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.07.19 00:32:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.07.19 00:32:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.07.19 00:32:54 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2939.23766__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.07.19 00:32:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.07.19 00:32:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.07.19 00:32:54 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.07.19 00:32:53 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.07.19 00:32:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.07.19 00:32:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.07.19 00:32:48 | 001,511,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3057.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.07.19 00:32:48 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3057.37248__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.07.19 00:32:48 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3057.37461__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.07.19 00:32:48 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3057.37214__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.07.19 00:32:48 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3057.37215__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.07.19 00:32:48 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3057.37459__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.07.19 00:32:48 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.07.19 00:32:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.07.19 00:32:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.07.19 00:32:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3057.37487__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.07.19 00:32:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.07.19 00:32:48 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3057.37460__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.07.19 00:32:48 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.07.19 00:32:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.07.19 00:32:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.07.19 00:32:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.07.19 00:32:48 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.07.19 00:32:48 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3057.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.07.19 00:32:47 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3057.37213__90ba9c70f846762e\APM.Server.dll
MOD - [2008.07.19 00:32:47 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3057.37214__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.07.19 00:32:47 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.21 15:07:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.06.02 09:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.30 08:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 10:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.05.12 06:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Programme\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.03.24 07:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008.03.17 18:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007.12.11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.15 15:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Programme\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.10.27 10:56:03 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.27 05:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.05.30 08:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.30 08:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.30 08:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.30 08:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.05.27 14:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2008.05.23 14:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 14:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.05.16 01:33:44 | 002,881,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.14 09:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.05.14 09:08:16 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008.05.14 09:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.05.14 09:08:14 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.05.14 09:08:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.14 09:08:14 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.05.08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.04.28 14:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.04.03 22:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.03.28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008.03.21 19:35:14 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.03.12 16:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.14 17:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.07.09 13:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007.06.26 12:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.03.30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010.03.12 20:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.04 16:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.20 13:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.12.07 16:20:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.03.31 16:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2010.06.17 12:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.19 09:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\vgly7s9l.default\extensions
[2011.06.12 18:04:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\vgly7s9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.12 18:04:27 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\vgly7s9l.default\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.10.19 10:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.08.10 11:11:21 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.10.19 09:31:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.07.10 18:25:38 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.08 06:04:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.08 06:04:02 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.08 06:04:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.08 06:04:02 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.07.08 06:04:02 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.10 12:22:07 | 000,437,076 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	spiele.t-online.de
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 15042 more lines...
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] c:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Programme\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\web'n'walk Manager.lnk = C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O8 - Extra context menu item: &Citavi Picker... - C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249653724156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F509BC-9083-4258-BC38-B092C9C5291B}: DhcpNameServer = 193.254.160.1 10.74.83.22
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) -C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (c:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (c:\Programme\ActivIdentity\ActivClient\acunlock.dll) - c:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\OneCard: DllName - (c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3C8EFD82-F69E-4091-35B8-C5B7DC437BB6} - NetShow
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.08 12:20:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2011.12.08 11:44:15 | 003,470,688 | ---- | C] (TrueCrypt Foundation) -- C:\Dokumente und Einstellungen\All Users\Dokumente\TrueCrypt Setup 7.1.exe
[2011.12.07 18:58:56 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.12.07 18:58:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\HiJackThis
[2011.12.07 18:55:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2011.12.07 18:53:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011.12.07 18:53:28 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.12.07 17:32:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011.12.07 17:14:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2011.12.07 16:41:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2011.12.07 16:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.07 16:41:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.07 16:41:21 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.07 16:41:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.04 12:44:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2010.03.14 15:30:50 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe35.dll
[2009.03.23 16:47:00 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007.07.05 09:28:52 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.08 12:42:20 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.08 12:42:19 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3258187865-2297053778-3210038982-1005.job
[2011.12.08 12:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.08 12:42:02 | 1875,759,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.08 12:40:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.08 12:39:03 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2011.12.08 12:21:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2011.12.08 12:17:19 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2011.12.08 11:44:31 | 003,470,688 | ---- | M] (TrueCrypt Foundation) -- C:\Dokumente und Einstellungen\All Users\Dokumente\TrueCrypt Setup 7.1.exe
[2011.12.07 18:57:24 | 000,260,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\cc_20111207_185710.reg
[2011.12.07 12:20:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.04 18:02:33 | 175,097,712 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SSEStandard_17.02.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.08 12:39:03 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2011.12.08 12:17:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2011.12.07 18:57:15 | 000,260,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\cc_20111207_185710.reg
[2011.12.04 17:50:25 | 175,097,712 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SSEStandard_17.02.exe
[2011.08.10 18:56:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\rx_image32.Cache
[2011.05.11 22:06:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.11 22:06:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.12.28 15:15:21 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.11.03 12:25:30 | 000,000,319 | ---- | C] () -- C:\WINDOWS\Tiger5.INI
[2009.12.25 21:33:52 | 000,084,140 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.12.12 19:51:41 | 000,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.11.28 14:14:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.06.30 23:54:20 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009.05.11 23:18:47 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.21 09:49:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009.03.27 05:47:56 | 000,027,184 | ---- | C] () -- C:\WINDOWS\snuvcdsm.exe
[2009.03.24 14:45:29 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat
[2009.03.23 21:54:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.03.23 21:54:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.03.23 21:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.03.23 21:54:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.03.23 21:54:35 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.03.23 21:54:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.03.23 19:21:33 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.03.23 16:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008.08.29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.07.19 08:48:17 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.07.19 08:48:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.07.19 08:48:16 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.07.19 08:48:16 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.07.19 00:49:31 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.07.18 23:54:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.05.30 08:36:58 | 000,108,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2008.05.26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.05.12 14:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.04.10 18:27:34 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007.05.10 07:16:40 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006.05.20 03:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004.08.07 07:08:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004.08.07 07:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 07:04:28 | 000,602,340 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.07 07:04:28 | 000,543,032 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.07 07:04:28 | 000,134,224 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.07 07:04:28 | 000,102,098 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.07 07:02:10 | 000,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.07 06:57:28 | 001,846,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004.08.07 06:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.07 06:49:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 09:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 09:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.05.28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.05.28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2010.04.08 19:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\.kde
[2010.07.23 11:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Academic Software Zurich
[2009.03.24 23:50:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Ahnenblatt
[2011.11.12 18:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2010.10.27 11:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software
[2010.10.28 15:04:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gnupg
[2009.03.23 23:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo
[2010.04.08 19:36:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\KDE
[2010.10.28 15:04:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LibreOffice
[2009.04.21 09:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mobipocket
[2011.03.17 16:10:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller
[2010.03.14 16:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2010.03.14 16:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
[2011.03.10 16:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\RssBandit
[2010.12.21 23:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Swiss Academic Software
[2010.06.17 12:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird
[2010.10.28 14:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TrueCrypt
[2009.04.21 09:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search
[2009.04.21 10:41:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search
[2011.12.07 17:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2010.04.06 20:51:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2011.12.07 17:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.11.10 18:01:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011.01.11 15:56:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GameHouse
[2010.10.26 23:02:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2010.10.22 14:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011.02.09 17:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2010.10.26 22:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2009.12.17 23:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt
[2009.03.23 22:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2011.02.09 11:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2009.07.11 12:04:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.11.02 12:12:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.07.19 00:57:47 | 000,000,000 | ---D | M] -- C:\a10c92b4df8445bb2742
[2009.04.21 10:56:26 | 000,000,000 | ---D | M] -- C:\Cambridge
[2011.12.07 19:29:28 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.03.24 13:56:01 | 000,000,000 | ---D | M] -- C:\d0d5c55838394cfa97
[2011.07.11 08:37:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.07.19 00:55:30 | 000,000,000 | -H-D | M] -- C:\hp
[2008.07.19 08:52:07 | 000,000,000 | ---D | M] -- C:\i386
[2008.07.19 00:49:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.10 16:42:34 | 000,000,000 | ---D | M] -- C:\PCWELT
[2010.11.13 22:36:00 | 000,000,000 | ---D | M] -- C:\Program Files
[2009.03.23 16:48:47 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.12.07 18:58:56 | 000,000,000 | R--D | M] -- C:\Programme
[2011.12.07 18:25:41 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.03.23 16:48:58 | 000,000,000 | ---D | M] -- C:\SwSetup
[2011.12.07 16:54:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.03.23 16:48:58 | 000,000,000 | -H-D | M] -- C:\System.sav
[2011.12.04 16:44:14 | 000,000,000 | ---D | M] -- C:\temp
[2009.03.23 16:48:47 | 000,000,000 | ---D | M] -- C:\Users
[2011.12.07 19:29:47 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004.08.04 09:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 09:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 09:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\i386\REGEDIT.EXE
[2004.08.04 09:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2011.05.11 22:07:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-13 18:23:14

< End of report >
         
Vielen Dank schonmal vorab!

Alt 08.12.2011, 21:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 09.12.2011, 07:04   #3
Larifari
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Nein, weitere Logs sind nicht vorhanden.
__________________

Alt 09.12.2011, 12:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2011, 16:51   #5
Larifari
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Hier der Inhalt des ESET-logs. Ich möchte aber noch hinzufügen, dass ich nicht sicher bin, ob die externe Festplatte mitgescannt wurde. Es ist nämlich so, dass meine Datensicherung dort in einem TrueCrypt-Container liegt und der als Wechseldatenträger eingebunden wird. Das habe ich vor des Scans auch gemacht, irgendwann währenddessen wurde TrueCrypt aber beendet (warum ist unklar) und der Container dementsprechend wieder ausgehängt.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=48b613d2aced24498754e3bdf8906653
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-09 03:45:23
# local_time=2011-12-09 04:45:23 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777191 100 0 4486758 4486758 0 0
# compatibility_mode=8192 67108863 100 0 3877 3877 0 0
# scanned=164815
# found=0
# cleaned=0
# scan_time=7387
         


Alt 09.12.2011, 20:13   #6
Larifari
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Habe inzwischen doch noch den Avira-Bericht ausfindig gemacht, der alles ins Laufen gebracht hat:

In der Datei 'C:\Programme\Mozilla Thunderbird\thunderbird.exe.moz-callback'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Sollte da tatsächlich die Thunderbird-Datei infiziert sein? Kann doch kaum sein, das Update stammt doch von der Original-Quelle!

EDIT: Lt. Avira-Forum (https://forum.avira.com/wbb/index.php?page=Thread&threadID=138603) scheint es sich hierbei um einen Fehlalarm zu handeln...

Geändert von Larifari (09.12.2011 um 20:27 Uhr)

Alt 10.12.2011, 01:08   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Ja, das sieht mir auch nach einem Fehlalarm aus...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2011, 11:49   #8
Larifari
 
Langsames System und AntiVir-Fund - Standard

Langsames System und AntiVir-Fund



Und was ist mit den Funden von MBAM? Muss ich mir da Sorgen machen?

Antwort

Themen zu Langsames System und AntiVir-Fund
0x00000001, ad-aware, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, downloader, einstellungen, error, fehlermeldung, firefox, focus, format, google earth, helper, hijack, homepage, logfile, mozilla thunderbird, registry, required, rundll, safer networking, scan, schädling, security, security update, senden, software, system, t-mobile, usb, version=1.0, win32k.sys



Ähnliche Themen: Langsames System und AntiVir-Fund


  1. Samsung Series5 Win 8.1: Umleitung auf Werbung, langsames Internet und System, Popups.
    Log-Analyse und Auswertung - 30.06.2015 (40)
  2. Windows 7: Langsames System, 100% Auslastung durch Leerlaufprozess
    Log-Analyse und Auswertung - 19.04.2015 (11)
  3. Windows 7 / langsames System / Abstürze ohne Fehlermeldungen
    Log-Analyse und Auswertung - 08.03.2015 (19)
  4. Whilokii Virus+vielleicht auch andere, langsames System,
    Log-Analyse und Auswertung - 24.10.2013 (5)
  5. Antivir Fund gefährlich ? Lohnt eine Suche oder eher das System neu aufspielen ?
    Log-Analyse und Auswertung - 09.04.2012 (32)
  6. Langsames internet und ein trojana fund.
    Log-Analyse und Auswertung - 16.02.2012 (11)
  7. langsames System mit HTML/Rce.Gen-Fund
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (5)
  8. Langsames Hochfahren. Ziemlich langsamer AntiVir Guard Start.
    Log-Analyse und Auswertung - 10.11.2011 (22)
  9. Nichts geht mehr - AntiVir Rescue System zeigt 1 Fund und 317 Warnungen an
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (19)
  10. teils langsames Internet & Antivir-Meldung
    Plagegeister aller Art und deren Bekämpfung - 26.01.2010 (10)
  11. Langsames System, Internet trennt sich permanet (seit heute)
    Log-Analyse und Auswertung - 30.01.2009 (0)
  12. Prozesswillkür und zeitweise langsames Antivir
    Log-Analyse und Auswertung - 24.09.2008 (1)
  13. Sehr langsames System (HiJackThis Log-File)
    Log-Analyse und Auswertung - 27.12.2007 (5)
  14. Merkwürdige Dateien, leere Fenster und langsames System
    Log-Analyse und Auswertung - 14.07.2007 (9)
  15. Rätselhaft langsames System / Hijack -LOG
    Log-Analyse und Auswertung - 22.05.2007 (2)
  16. Langsames System nach Trojaner
    Log-Analyse und Auswertung - 28.01.2007 (6)
  17. Bitte um Logfileauswertung - Spyware + langsames System
    Log-Analyse und Auswertung - 05.09.2004 (1)

Zum Thema Langsames System und AntiVir-Fund - Hallo liebes Forum, schon länger wundere ich mich über meinen langsamen Laptop; insbesondere die Benutzeranmeldung dauert regelmäßig ewig. Gestern fand nun während des Thunderbird-Auto-Updates AntiVir einen Schädling in einer Thunderbird-Datei. - Langsames System und AntiVir-Fund...
Archiv
Du betrachtest: Langsames System und AntiVir-Fund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.