| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2012, 21:40
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Das ist aber weder ein CustomScan, noch wurde da der Haken bei alle Benutzer gesetzt
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.06.2012, 11:32
| #17 |
 | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.15 02:27:57 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads\OTL(1).exe
PRC - [2012.06.15 01:18:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.03 20:49:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 20:49:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINXP\system32\LGScsiCommandService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.15 02:06:28 | 009,459,912 | ---- | M] () -- C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012.06.15 01:18:31 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.03 20:49:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2012.06.15 01:18:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINXP\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.03 20:49:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.03 20:49:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINXP\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.14 09:48:04 | 000,021,752 | R--- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.03.08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.03.21 22:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001.08.18 05:30:24 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001.08.07 16:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINXP\System32\drivers\Pclepci.sys -- (PCLEPCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKCU\..\SearchScopes\{4F460226-AC2D-4412-A3F5-A1E15F69BAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.15 01:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 14:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions
[2010.09.25 20:51:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\searchplugins\conduit.xml
[2011.11.24 23:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.15 13:08:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.06.15 01:18:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.16 17:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 01:18:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 01:18:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 01:18:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 01:18:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 01:18:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 01:18:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.04.22 01:49:13 | 000,432,883 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14896 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5973BCFD-3540-4587-BCB8-25B5E351E066}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\SYSTEM32\Userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.13 20:04:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\we\Recent
[2012.06.11 07:37:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Desktop\logfile
[2012.06.11 07:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.06.11 07:35:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.06.08 13:11:34 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.07 16:09:27 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.06 21:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 15:46:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
[2012.06.05 15:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.06.05 15:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.06.05 15:44:48 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbapifs.sys
[2012.06.05 15:44:46 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbaphd.sys
[2012.06.05 15:44:44 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbhips.sys
[2012.06.05 15:44:43 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbtis.sys
[2012.06.05 15:42:59 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFwIm.sys
[2012.06.05 15:42:58 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFw.sys
[2012.06.05 15:42:22 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\VDD
[2012.06.05 15:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.06.05 15:32:49 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vgx.dll
[2012.06.05 15:30:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 14:16:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012.06.05 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.05.19 01:00:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Eigene Dateien\5d news
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.15 02:06:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerApp.exe
[2012.06.15 02:06:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl
[2012.06.15 01:51:52 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.15 01:51:25 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.06.15 01:51:21 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 01:13:40 | 000,449,236 | ---- | M] () -- C:\WINXP\System32\perfh007.dat
[2012.06.15 01:13:40 | 000,432,928 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.06.15 01:13:40 | 000,080,544 | ---- | M] () -- C:\WINXP\System32\perfc007.dat
[2012.06.15 01:13:40 | 000,067,884 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.06.15 01:02:15 | 000,001,374 | ---- | M] () -- C:\WINXP\imsins.BAK
[2012.06.15 00:25:35 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.06.15 00:25:28 | 000,168,304 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.12 21:23:11 | 000,001,738 | ---- | M] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.12 20:28:36 | 000,002,473 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\Microsoft Word.lnk
[2012.06.10 20:29:11 | 000,001,190 | ---- | M] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.10 12:00:03 | 000,001,074 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.08 13:34:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.07 15:57:00 | 000,001,234 | ---- | M] () -- C:\WINXP\wininit.ini
[2012.06.05 18:37:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\crypt32.dll
[2012.05.30 21:05:34 | 746,308,460 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.05.16 06:37:23 | 000,376,321 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\CASHANTRAG_20120516_213507_0B4D4AB508899782621012271E3B6CD5cash_25652.pdf
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.15 00:25:28 | 000,168,304 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.13 23:05:20 | 000,001,374 | ---- | C] () -- C:\WINXP\imsins.BAK
[2012.06.12 21:23:11 | 000,001,738 | ---- | C] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | C] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.05 18:46:06 | 000,001,074 | ---- | C] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.05 15:44:57 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 20:56:41 | 746,308,460 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.05.16 06:37:23 | 000,376,321 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Desktop\CASHANTRAG_20120516_213507_0B4D4AB508899782621012271E3B6CD5cash_25652.pdf
[2012.02.16 06:09:41 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011.11.29 12:52:18 | 000,034,888 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011.11.09 22:45:09 | 000,000,062 | ---- | C] () -- C:\WINXP\GPlrLanc.dat
[2011.05.02 17:19:39 | 000,001,234 | ---- | C] () -- C:\WINXP\wininit.ini
[2011.04.20 15:21:44 | 000,000,064 | ---- | C] () -- C:\WINXP\System32\rp_stats.dat
[2011.04.20 15:21:44 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\rp_rules.dat
[2011.04.12 20:10:45 | 000,005,504 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.01.23 22:54:33 | 000,042,771 | ---- | C] () -- C:\WINXP\CSTBox.INI
[2011.01.05 15:33:32 | 000,210,944 | ---- | C] () -- C:\WINXP\System32\MSVCRT10.DLL
[2011.01.05 15:33:32 | 000,000,114 | ---- | C] () -- C:\WINXP\kpcms.ini
[2011.01.05 15:03:40 | 000,032,397 | ---- | C] () -- C:\WINXP\SGTBox.INI
[2010.12.18 18:33:59 | 000,000,190 | ---- | C] () -- C:\WINXP\QTW.INI
[2010.12.18 18:32:49 | 000,070,880 | ---- | C] () -- C:\WINXP\Unwise.exe
[2010.12.18 18:32:49 | 000,005,145 | ---- | C] () -- C:\WINXP\Unwise.ini
[2010.12.14 11:05:44 | 000,000,087 | ---- | C] () -- C:\WINXP\cdplayer.ini
[2010.11.22 15:57:32 | 000,762,232 | R--- | C] () -- C:\WINXP\System32\drivers\UDXTTM6010.sys
[2010.11.11 22:28:23 | 000,000,069 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2010.11.09 08:49:15 | 000,138,752 | ---- | C] () -- C:\WINXP\System32\MASE32.DLL
[2010.11.09 08:49:15 | 000,136,192 | ---- | C] () -- C:\WINXP\System32\MAMC32.DLL
[2010.11.09 08:49:15 | 000,057,856 | ---- | C] () -- C:\WINXP\System32\MASD32.DLL
[2010.11.09 08:49:14 | 000,196,096 | ---- | C] () -- C:\WINXP\System32\MACD32.DLL
[2010.11.09 08:49:14 | 000,027,648 | ---- | C] () -- C:\WINXP\System32\MA32.DLL
[2010.10.15 13:11:07 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2010.10.15 12:43:07 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\WINXP\System32\StarOpen.sys
[2010.07.30 13:45:29 | 000,000,145 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT
[2010.07.23 21:35:45 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 20:52:31 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.21 20:44:50 | 000,354,816 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll
[2010.07.21 20:41:50 | 000,520,192 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2010.07.21 20:41:44 | 000,121,995 | R--- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2010.07.20 15:05:21 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2010.07.20 14:55:03 | 000,165,376 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2010.07.20 14:55:02 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini
[2010.07.20 14:54:58 | 000,790,528 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2010.07.20 14:54:58 | 000,134,144 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2010.07.20 14:54:55 | 000,108,032 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2010.07.20 14:11:16 | 000,000,169 | ---- | C] () -- C:\WINXP\RtlRack.ini
[2010.07.20 14:07:13 | 000,049,152 | R--- | C] () -- C:\WINXP\System32\ChCfg.exe
[2010.07.20 14:06:42 | 000,147,456 | R--- | C] () -- C:\WINXP\System32\RtlCPAPI.dll
[2010.07.20 14:06:31 | 000,000,164 | R--- | C] () -- C:\WINXP\avrack.ini
[2010.07.20 13:49:53 | 000,000,397 | ---- | C] () -- C:\WINXP\ODBC.INI
[2010.07.20 13:29:43 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2010.07.20 12:08:30 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2010.07.20 11:20:08 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2010.07.20 11:14:35 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
========== LOP Check ==========
[2012.06.05 15:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2010.11.11 22:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.04 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.12.28 14:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2010.12.29 06:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.04.13 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NeoEdge Networks
[2010.10.13 18:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.07.20 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.07.20 14:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.01.05 15:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.05.29 13:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.11.11 22:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.11.22 16:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2011.06.09 12:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.03.27 07:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.11.23 07:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.11.30 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.03.25 20:57:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.14 20:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2012.06.10 12:00:03 | 000,001,074 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Antivirus Scheduled Scan.job
========== Purity Check ==========
< End of report >
[/code] code]OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:Channel Editor -- (TerraTec Electronic GmbH)
"C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINXP\explorer.exe" = C:\WINXP\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E74138F2-5F04-4E4F-8389-419E012C9B4C}" = ATI Catalyst Control Center
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Stellarium Plugins Bundle_is1" = Stellarium Plugin Bundle 0.0.1
"Stellarium Satllites Plugin_is1" = Stellarium Satellites Plugin 0.1.2
"Stellarium_is1" = Stellarium 0.11.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2012 04:30:46 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 08.06.2012 05:18:14 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kss.exe, Version 12.0.1.117, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.06.2012 05:54:48 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.06.2012 21:23:52 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 09.06.2012 21:49:14 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 10.06.2012 05:27:11 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 13.06.2012 11:20:07 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.06.2012 19:54:12 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
[ System Events ]
Error - 13.06.2012 11:19:15 | Computer Name = WE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht ordnungsgemäß gestartet.
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.06.2012 12:03:15 | Computer Name = WE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AdobeFlashPlayerUpdateSvc.
Error - 13.06.2012 12:03:48 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.06.2012 16:52:35 | Computer Name = WE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 14.06.2012 18:27:33 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden
geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
funktionsfähig ist.
Error - 14.06.2012 18:33:49 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden
geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
funktionsfähig ist.
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
code]OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 02:31:16 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 387,99 Mb Available Physical Memory | 37,91% Memory free
4,73 Gb Paging File | 4,09 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 15,28 Gb Free Space | 18,87% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 68,02 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TerraTec Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\ChannelEditor\CinergyDvrChannelEditor.exe:*:Enabled:Channel Editor -- (TerraTec Electronic GmbH)
"C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINXP\explorer.exe" = C:\WINXP\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{E74138F2-5F04-4E4F-8389-419E012C9B4C}" = ATI Catalyst Control Center
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Stellarium Plugins Bundle_is1" = Stellarium Plugin Bundle 0.0.1
"Stellarium Satllites Plugin_is1" = Stellarium Satellites Plugin 0.1.2
"Stellarium_is1" = Stellarium 0.11.0
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.1.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2012 04:30:46 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 08.06.2012 05:18:14 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung kss.exe, Version 12.0.1.117, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.06.2012 05:54:48 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 09.06.2012 21:23:52 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 09.06.2012 21:49:14 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 10.06.2012 05:27:11 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 13.06.2012 11:20:07 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.06.2012 19:18:04 | Computer Name = WE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.60.0.80, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 14.06.2012 19:54:12 | Computer Name = WE | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
[ System Events ]
Error - 13.06.2012 11:19:15 | Computer Name = WE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht ordnungsgemäß gestartet.
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 13.06.2012 11:20:02 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.06.2012 12:03:15 | Computer Name = WE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AdobeFlashPlayerUpdateSvc.
Error - 13.06.2012 12:03:48 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.06.2012 16:52:35 | Computer Name = WE | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 14.06.2012 18:27:33 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden
geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
funktionsfähig ist.
Error - 14.06.2012 18:33:49 | Computer Name = WE | Source = W32Time | ID = 39452706
Description = Der Zeitdienst hat festgestellt, dass die Systemzeit um +121016 Sekunden
geändert
werden muss. Die Systemzeit kann durch den Zeitdienst um maximal +54000 Sekunden
geändert werden. Stellen Sie sicher, dass die Uhrzeit und Zeitzone korrekt sind
und dass die Zeitquelle time.windows.com (ntp.m|0x1|192.168.178.23:123->65.55.21.15:123)
funktionsfähig ist.
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 14.06.2012 19:54:06 | Computer Name = WE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
[/code] |
|
17.06.2012, 19:24
| #18 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Hatte wohl falsch gepostet. Hier die ZIP-Dateien.
__________________ |
|
18.06.2012, 09:37
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Kannst du bitte mal meine Anleitung richtig umsetzen! Code:
ATTFilter Scan Mode: Current user
Und ein CustomScan war das auch wieder nicht! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2012, 14:41
| #20 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2012 14:52:41 - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 359,81 Mb Available Physical Memory | 35,16% Memory free
4,73 Gb Paging File | 4,07 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): C:\pagefile.sys 3920 4090 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 80,95 Gb Total Space | 17,14 Gb Free Space | 21,17% Space Free | Partition Type: NTFS
Drive S: | 68,09 Gb Total Space | 25,52 Gb Free Space | 37,48% Space Free | Partition Type: NTFS
Computer Name: WE | User Name: we | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.18 14:46:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\we\Eigene Dateien\Downloads\OTL(2).exe
PRC - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.03 20:49:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 20:49:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.05.03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Programme\Ad-Aware Antivirus\AdAware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011.10.21 11:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINXP\system32\LGScsiCommandService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.03 20:49:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012.02.05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINXP\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2012.06.15 01:18:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 20:49:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 20:49:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.09.06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.05 11:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINXP\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.03 20:49:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.03 20:49:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINXP\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011.12.19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011.12.19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011.11.29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011.11.29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINXP\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011.09.29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINXP\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.14 09:48:04 | 000,762,232 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\UDXTTM6010.sys -- (UDXTTM6010)
DRV - [2009.05.14 09:48:04 | 000,021,752 | R--- | M] (DTV-DVB) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.03.08 14:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006.03.21 22:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\mpe.sys -- (MPE)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\pfc.sys -- (pfc)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2001.08.18 05:30:24 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001.08.07 16:37:18 | 000,014,133 | ---- | M] (Pinnacle Systems GmbH) [Kernel | Auto | Running] -- C:\WINXP\System32\drivers\Pclepci.sys -- (PCLEPCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{4F460226-AC2D-4412-A3F5-A1E15F69BAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.web.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.15 01:18:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions
[2010.07.20 14:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.09 12:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions
[2010.09.25 20:51:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.07 23:17:30 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.24 13:03:00 | 000,000,923 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\searchplugins\conduit.xml
[2012.06.16 16:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.15 01:18:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.16 17:45:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 01:18:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 01:18:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 01:18:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 01:18:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 01:18:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 01:18:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.04.22 01:49:13 | 000,432,883 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14896 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O15 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5973BCFD-3540-4587-BCB8-25B5E351E066}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\SYSTEM32\Userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "UleadBurningHelper"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINXP\soundman.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Ad-Aware Service - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SBAMSvc - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
ActiveX: {9081C200-BB08-7627-0F48-6753DE30F9A6} - Outlook Express
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.ac3acm - C:\WINXP\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINXP\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINXP\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINXP\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINXP\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINXP\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINXP\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINXP\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINXP\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINXP\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINXP\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINXP\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINXP\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINXP\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINXP\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINXP\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINXP\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.17 10:52:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\we\Recent
[2012.06.11 07:37:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Desktop\logfile
[2012.06.11 07:35:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.06.11 07:35:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.06.06 21:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 15:46:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
[2012.06.05 15:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2012.06.05 15:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus
[2012.06.05 15:44:48 | 000,077,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbapifs.sys
[2012.06.05 15:44:46 | 000,021,240 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbaphd.sys
[2012.06.05 15:44:44 | 000,093,816 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbhips.sys
[2012.06.05 15:44:43 | 000,217,976 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\sbtis.sys
[2012.06.05 15:42:59 | 000,094,584 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFwIm.sys
[2012.06.05 15:42:58 | 000,335,224 | ---- | C] (GFI Software) -- C:\WINXP\System32\drivers\SbFw.sys
[2012.06.05 15:42:22 | 000,000,000 | ---D | C] -- C:\WINXP\System32\drivers\VDD
[2012.06.05 15:42:09 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus
[2012.06.05 15:30:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 14:16:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2012.06.05 14:16:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.18 14:31:38 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.18 14:23:21 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2012.06.18 14:23:19 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2012.06.18 14:23:14 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 14:23:14 | 000,168,304 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.16 19:49:31 | 000,000,000 | ---- | M] () -- C:\WINXP\System32\SBRC.dat
[2012.06.16 16:03:54 | 000,001,074 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.15 03:05:20 | 000,002,473 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Desktop\Microsoft Word.lnk
[2012.06.15 01:13:40 | 000,449,236 | ---- | M] () -- C:\WINXP\System32\perfh007.dat
[2012.06.15 01:13:40 | 000,432,928 | ---- | M] () -- C:\WINXP\System32\perfh009.dat
[2012.06.15 01:13:40 | 000,080,544 | ---- | M] () -- C:\WINXP\System32\perfc007.dat
[2012.06.15 01:13:40 | 000,067,884 | ---- | M] () -- C:\WINXP\System32\perfc009.dat
[2012.06.12 21:23:11 | 000,001,738 | ---- | M] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | M] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.07 15:57:00 | 000,001,234 | ---- | M] () -- C:\WINXP\wininit.ini
[2012.06.05 18:37:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 21:05:34 | 746,308,460 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[51 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
[5 C:\WINXP\*.tmp files -> C:\WINXP\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.18 14:23:14 | 000,168,304 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT
[2012.06.16 19:49:31 | 000,000,000 | ---- | C] () -- C:\WINXP\System32\SBRC.dat
[2012.06.12 21:23:11 | 000,001,738 | ---- | C] () -- C:\WINXP\System32\EmailAVConfig.xml
[2012.06.10 20:29:11 | 000,001,190 | ---- | C] () -- C:\WINXP\System32\ServiceConfig.xml
[2012.06.08 13:34:33 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\we\defogger_reenable
[2012.06.05 18:46:06 | 000,001,074 | ---- | C] () -- C:\WINXP\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.06.05 15:44:57 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk
[2012.06.05 14:16:21 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 20:56:41 | 746,308,460 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Eigene Dateien\01-AudioTrack 01.wav
[2012.02.16 06:09:41 | 000,003,072 | ---- | C] () -- C:\WINXP\System32\iacenc.dll
[2011.11.29 12:52:18 | 000,034,888 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2011.11.09 22:45:09 | 000,000,062 | ---- | C] () -- C:\WINXP\GPlrLanc.dat
[2011.05.02 17:19:39 | 000,001,234 | ---- | C] () -- C:\WINXP\wininit.ini
[2011.04.20 15:21:44 | 000,000,064 | ---- | C] () -- C:\WINXP\System32\rp_stats.dat
[2011.04.20 15:21:44 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\rp_rules.dat
[2011.04.12 20:10:45 | 000,005,504 | ---- | C] () -- C:\WINXP\System32\drivers\StarOpen.sys
[2011.01.23 22:54:33 | 000,042,771 | ---- | C] () -- C:\WINXP\CSTBox.INI
[2011.01.05 15:33:32 | 000,210,944 | ---- | C] () -- C:\WINXP\System32\MSVCRT10.DLL
[2011.01.05 15:33:32 | 000,000,114 | ---- | C] () -- C:\WINXP\kpcms.ini
[2011.01.05 15:03:40 | 000,032,397 | ---- | C] () -- C:\WINXP\SGTBox.INI
[2010.12.18 18:33:59 | 000,000,190 | ---- | C] () -- C:\WINXP\QTW.INI
[2010.12.18 18:32:49 | 000,070,880 | ---- | C] () -- C:\WINXP\Unwise.exe
[2010.12.18 18:32:49 | 000,005,145 | ---- | C] () -- C:\WINXP\Unwise.ini
[2010.12.14 11:05:44 | 000,000,087 | ---- | C] () -- C:\WINXP\cdplayer.ini
[2010.11.22 15:57:32 | 000,762,232 | R--- | C] () -- C:\WINXP\System32\drivers\UDXTTM6010.sys
[2010.11.11 22:28:23 | 000,000,069 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2010.11.09 08:49:15 | 000,138,752 | ---- | C] () -- C:\WINXP\System32\MASE32.DLL
[2010.11.09 08:49:15 | 000,136,192 | ---- | C] () -- C:\WINXP\System32\MAMC32.DLL
[2010.11.09 08:49:15 | 000,057,856 | ---- | C] () -- C:\WINXP\System32\MASD32.DLL
[2010.11.09 08:49:14 | 000,196,096 | ---- | C] () -- C:\WINXP\System32\MACD32.DLL
[2010.11.09 08:49:14 | 000,027,648 | ---- | C] () -- C:\WINXP\System32\MA32.DLL
[2010.10.15 13:11:07 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat
[2010.10.15 12:43:07 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\WINXP\System32\StarOpen.sys
[2010.07.30 13:45:29 | 000,000,145 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT
[2010.07.23 21:35:45 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 20:52:31 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\we\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.21 20:44:50 | 000,354,816 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll
[2010.07.21 20:41:50 | 000,520,192 | ---- | C] () -- C:\WINXP\System32\ati2sgag.exe
[2010.07.21 20:41:44 | 000,121,995 | R--- | C] () -- C:\WINXP\System32\atiicdxx.dat
[2010.07.20 15:05:21 | 000,116,224 | ---- | C] () -- C:\WINXP\System32\pdfcmnnt.dll
[2010.07.20 14:55:03 | 000,165,376 | ---- | C] () -- C:\WINXP\System32\unrar.dll
[2010.07.20 14:55:02 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini
[2010.07.20 14:54:58 | 000,790,528 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2010.07.20 14:54:58 | 000,134,144 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2010.07.20 14:54:55 | 000,108,032 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2010.07.20 14:11:16 | 000,000,169 | ---- | C] () -- C:\WINXP\RtlRack.ini
[2010.07.20 14:07:13 | 000,049,152 | R--- | C] () -- C:\WINXP\System32\ChCfg.exe
[2010.07.20 14:06:42 | 000,147,456 | R--- | C] () -- C:\WINXP\System32\RtlCPAPI.dll
[2010.07.20 14:06:31 | 000,000,164 | R--- | C] () -- C:\WINXP\avrack.ini
[2010.07.20 13:49:53 | 000,000,397 | ---- | C] () -- C:\WINXP\ODBC.INI
[2010.07.20 13:29:43 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat
[2010.07.20 12:08:30 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI
[2010.07.20 11:20:08 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat
[2010.07.20 11:14:35 | 000,021,740 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat
========== LOP Check ==========
[2012.06.05 15:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
[2010.11.11 22:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.01.04 22:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.12.28 14:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2010.12.29 06:45:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2011.04.13 21:39:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NeoEdge Networks
[2010.10.13 18:01:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.07.20 14:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.07.20 14:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.01.05 15:00:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011.05.29 13:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.11.11 22:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2010.11.22 16:10:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2011.06.09 12:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011.03.27 07:45:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.11.23 07:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.11.30 00:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011.03.25 20:57:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.14 20:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.06.06 21:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.05 18:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2012.06.16 16:03:54 | 000,001,074 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Antivirus Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.01.15 04:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\AccurateRip
[2012.06.13 18:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
[2011.01.23 22:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Adobe
[2012.03.24 14:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Apple Computer
[2011.04.12 20:00:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ashampoo
[2010.07.21 20:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\ATI
[2011.10.16 12:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Avira
[2010.11.11 22:56:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canneverbe Limited
[2011.08.04 19:08:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Canon
[2010.11.11 22:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Cyberlink
[2011.08.04 13:43:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\dvdcss
[2011.07.25 11:43:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoft
[2011.07.25 11:35:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.15 04:12:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\EAC
[2011.01.03 15:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\GetRightToGo
[2011.01.05 15:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Help
[2010.07.20 11:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Identities
[2011.11.07 22:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\InstallShield
[2010.07.20 13:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Macromedia
[2011.01.16 13:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Malwarebytes
[2011.07.08 19:57:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Microsoft
[2010.07.20 13:46:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Microsoft Web Folders
[2010.07.20 13:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Mozilla
[2011.07.16 09:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MSNInstaller
[2011.03.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\MumboJumbo
[2011.03.23 21:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Oberon Media
[2010.10.13 17:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PC Suite
[2011.01.31 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PhotoScape
[2011.01.03 17:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\PriceGong
[2012.06.07 23:18:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\QuickScan
[2011.11.07 22:38:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Real
[2011.06.14 21:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Skype
[2010.10.24 20:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\skypePM
[2010.10.17 21:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\smc
[2011.10.30 11:45:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium
[2010.07.20 12:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Sun
[2010.11.23 09:49:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TerraTec
[2012.05.14 23:34:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Thunderbird
[2011.06.09 12:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TomTom
[2011.03.25 20:59:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\TuneUp Software
[2010.11.12 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Ulead Systems
[2011.09.15 09:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\vlc
[2011.01.04 16:42:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2011.10.31 17:25:50 | 000,721,689 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium\modules\unins000.exe
[2011.10.31 17:26:25 | 000,721,689 | ---- | M] () -- C:\Dokumente und Einstellungen\we\Anwendungsdaten\Stellarium\modules\Satellites\unins000.exe
< %SYSTEMDRIVE%\*.exe >
[2012.04.26 09:02:32 | 089,166,136 | ---- | M] (LG Electronics) -- C:\LGPCSuiteIV_Setup.exe
[2010.11.22 14:12:28 | 013,120,008 | ---- | M] (Microsoft Corporation) -- C:\mssefullinstall-x86fre-de-de-xp.exe
< MD5 for: AGP440.SYS >
[2007.10.09 20:15:40 | 016,734,399 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINXP\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINXP\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2007.10.09 20:15:40 | 016,734,399 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINXP\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINXP\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINXP\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINXP\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINXP\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2007.10.09 20:06:46 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINXP\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\ServicePackFiles\i386\userinit.exe
[2011.04.20 16:20:17 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINXP\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINXP\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.07.20 13:06:27 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2010.07.20 13:06:27 | 000,663,552 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2010.07.20 13:06:27 | 000,417,792 | ---- | M] () -- C:\WINXP\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[51 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ]
< End of report >
|
|
18.06.2012, 15:28
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-299502267-1647877149-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
[2010.07.20 14:57:22 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.20 11:18:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) |
|
19.06.2012, 21:16
| #22 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2)Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-299502267-1647877149-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p=" removed from keyword.URL
File C:\Programme\mozilla firefox\searchplugins\babylon.xml not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-299502267-1647877149-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31effb26-8f6d-11e1-bcd6-0060974b6c0e}\ not found.
File F:\LGAutoRun.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: we
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33099 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: we
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINXP\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.49.0 log created on 06192012_220806
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
20.06.2012, 11:06
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 16:24
| #24 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2)Code:
ATTFilter 17:16:34.0437 3700 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:16:34.0515 3700 ============================================================
17:16:34.0515 3700 Current date / time: 2012/06/20 17:16:34.0515
17:16:34.0515 3700 SystemInfo:
17:16:34.0515 3700
17:16:34.0515 3700 OS Version: 5.1.2600 ServicePack: 3.0
17:16:34.0515 3700 Product type: Workstation
17:16:34.0515 3700 ComputerName: WE
17:16:34.0515 3700 UserName: we
17:16:34.0515 3700 Windows directory: C:\WINXP
17:16:34.0515 3700 System windows directory: C:\WINXP
17:16:34.0515 3700 Processor architecture: Intel x86
17:16:34.0515 3700 Number of processors: 1
17:16:34.0515 3700 Page size: 0x1000
17:16:34.0515 3700 Boot type: Normal boot
17:16:34.0515 3700 ============================================================
17:16:36.0828 3700 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:16:36.0828 3700 ============================================================
17:16:36.0828 3700 \Device\Harddisk0\DR0:
17:16:36.0828 3700 MBR partitions:
17:16:36.0828 3700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA1E8F09
17:16:36.0859 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA1E8F87, BlocksNum 0x882FB3A
17:16:36.0859 3700 ============================================================
17:16:36.0984 3700 C: <-> \Device\Harddisk0\DR0\Partition0
17:16:37.0015 3700 S: <-> \Device\Harddisk0\DR0\Partition1
17:16:37.0015 3700 ============================================================
17:16:37.0015 3700 Initialize success
17:16:37.0015 3700 ============================================================
17:18:23.0250 3900 ============================================================
17:18:23.0250 3900 Scan started
17:18:23.0250 3900 Mode: Manual; SigCheck; TDLFS;
17:18:23.0250 3900 ============================================================
17:18:23.0687 3900 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINXP\system32\DRIVERS\61883.sys
17:18:25.0515 3900 61883 - ok
17:18:25.0531 3900 Abiosdsk - ok
17:18:25.0546 3900 abp480n5 - ok
17:18:25.0609 3900 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINXP\system32\DRIVERS\ACPI.sys
17:18:25.0890 3900 ACPI - ok
17:18:25.0937 3900 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINXP\system32\drivers\ACPIEC.sys
17:18:26.0203 3900 ACPIEC - ok
17:18:26.0312 3900 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
17:18:26.0343 3900 AdobeActiveFileMonitor9.0 - ok
17:18:26.0375 3900 adpu160m - ok
17:18:26.0437 3900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINXP\system32\drivers\aec.sys
17:18:26.0734 3900 aec - ok
17:18:26.0796 3900 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINXP\System32\drivers\afd.sys
17:18:26.0875 3900 AFD - ok
17:18:26.0890 3900 Aha154x - ok
17:18:26.0906 3900 aic78u2 - ok
17:18:26.0937 3900 aic78xx - ok
17:18:27.0281 3900 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINXP\system32\drivers\ALCXWDM.SYS
17:18:27.0703 3900 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
17:18:27.0703 3900 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
17:18:27.0843 3900 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINXP\system32\alrsvc.dll
17:18:28.0187 3900 Alerter - ok
17:18:28.0218 3900 ALG (190cd73d4984f94d823f9444980513e5) C:\WINXP\System32\alg.exe
17:18:28.0328 3900 ALG - ok
17:18:28.0359 3900 AliIde - ok
17:18:28.0421 3900 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\WINXP\system32\DRIVERS\amdk7.sys
17:18:28.0750 3900 AmdK7 - ok
17:18:28.0765 3900 amsint - ok
17:18:28.0859 3900 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:18:28.0890 3900 AntiVirSchedulerService - ok
17:18:28.0968 3900 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:18:28.0984 3900 AntiVirService - ok
17:18:29.0062 3900 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:18:29.0093 3900 Apple Mobile Device - ok
17:18:29.0156 3900 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINXP\System32\appmgmts.dll
17:18:29.0281 3900 AppMgmt - ok
17:18:29.0328 3900 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINXP\system32\DRIVERS\arp1394.sys
17:18:29.0640 3900 Arp1394 - ok
17:18:29.0656 3900 asc - ok
17:18:29.0671 3900 asc3350p - ok
17:18:29.0687 3900 asc3550 - ok
17:18:29.0765 3900 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINXP\System32\DRIVERS\ASPI32.sys
17:18:29.0781 3900 ASPI ( UnsignedFile.Multi.Generic ) - warning
17:18:29.0781 3900 ASPI - detected UnsignedFile.Multi.Generic (1)
17:18:29.0875 3900 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:18:29.0921 3900 aspnet_state - ok
17:18:29.0937 3900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINXP\system32\DRIVERS\asyncmac.sys
17:18:30.0250 3900 AsyncMac - ok
17:18:30.0296 3900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINXP\system32\DRIVERS\atapi.sys
17:18:30.0625 3900 atapi - ok
17:18:30.0640 3900 Atdisk - ok
17:18:30.0703 3900 Ati HotKey Poller (c4b5144443a368741e6427faa44c5491) C:\WINXP\system32\Ati2evxx.exe
17:18:30.0843 3900 Ati HotKey Poller - ok
17:18:30.0921 3900 ATI Smart (48b441dc9ce7ca32152aedbd2243fcd9) C:\WINXP\system32\ati2sgag.exe
17:18:31.0000 3900 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:18:31.0000 3900 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:18:31.0140 3900 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINXP\system32\DRIVERS\ati2mtag.sys
17:18:31.0343 3900 ati2mtag - ok
17:18:31.0453 3900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINXP\system32\DRIVERS\atmarpc.sys
17:18:31.0765 3900 Atmarpc - ok
17:18:31.0812 3900 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINXP\System32\audiosrv.dll
17:18:32.0125 3900 AudioSrv - ok
17:18:32.0171 3900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINXP\system32\DRIVERS\audstub.sys
17:18:32.0500 3900 audstub - ok
17:18:32.0546 3900 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINXP\system32\DRIVERS\avc.sys
17:18:32.0859 3900 Avc - ok
17:18:32.0906 3900 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINXP\system32\DRIVERS\avgntflt.sys
17:18:32.0984 3900 avgntflt - ok
17:18:33.0046 3900 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINXP\system32\DRIVERS\avipbb.sys
17:18:33.0078 3900 avipbb - ok
17:18:33.0140 3900 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINXP\system32\DRIVERS\avkmgr.sys
17:18:33.0156 3900 avkmgr - ok
17:18:33.0234 3900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINXP\system32\drivers\Beep.sys
17:18:33.0531 3900 Beep - ok
17:18:33.0593 3900 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINXP\system32\qmgr.dll
17:18:33.0937 3900 BITS - ok
17:18:34.0031 3900 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
17:18:34.0078 3900 Bonjour Service - ok
17:18:34.0125 3900 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINXP\System32\browser.dll
17:18:34.0421 3900 Browser - ok
17:18:34.0468 3900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINXP\system32\drivers\cbidf2k.sys
17:18:34.0765 3900 cbidf2k - ok
17:18:34.0796 3900 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINXP\system32\DRIVERS\CCDECODE.sys
17:18:34.0843 3900 CCDECODE - ok
17:18:34.0859 3900 cd20xrnt - ok
17:18:34.0906 3900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINXP\system32\drivers\Cdaudio.sys
17:18:35.0187 3900 Cdaudio - ok
17:18:35.0234 3900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINXP\system32\drivers\Cdfs.sys
17:18:35.0546 3900 Cdfs - ok
17:18:35.0593 3900 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINXP\system32\DRIVERS\cdrom.sys
17:18:35.0890 3900 Cdrom - ok
17:18:35.0906 3900 Changer - ok
17:18:35.0937 3900 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINXP\system32\cisvc.exe
17:18:36.0234 3900 CiSvc - ok
17:18:36.0250 3900 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINXP\system32\clipsrv.exe
17:18:36.0562 3900 ClipSrv - ok
17:18:36.0656 3900 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:18:36.0734 3900 clr_optimization_v2.0.50727_32 - ok
17:18:36.0750 3900 CmdIde - ok
17:18:36.0781 3900 COMSysApp - ok
17:18:36.0828 3900 Cpqarray - ok
17:18:36.0875 3900 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINXP\System32\cryptsvc.dll
17:18:37.0140 3900 CryptSvc - ok
17:18:37.0156 3900 dac2w2k - ok
17:18:37.0187 3900 dac960nt - ok
17:18:37.0265 3900 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINXP\system32\rpcss.dll
17:18:37.0343 3900 DcomLaunch - ok
17:18:37.0406 3900 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINXP\System32\dhcpcsvc.dll
17:18:37.0687 3900 Dhcp - ok
17:18:37.0734 3900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINXP\system32\DRIVERS\disk.sys
17:18:38.0046 3900 Disk - ok
17:18:38.0062 3900 dmadmin - ok
17:18:38.0171 3900 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINXP\system32\drivers\dmboot.sys
17:18:38.0562 3900 dmboot - ok
17:18:38.0593 3900 dmio (53720ab12b48719d00e327da470a619a) C:\WINXP\system32\drivers\dmio.sys
17:18:38.0875 3900 dmio - ok
17:18:38.0906 3900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINXP\system32\drivers\dmload.sys
17:18:39.0187 3900 dmload - ok
17:18:39.0250 3900 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINXP\System32\dmserver.dll
17:18:39.0578 3900 dmserver - ok
17:18:39.0625 3900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINXP\system32\drivers\DMusic.sys
17:18:39.0890 3900 DMusic - ok
17:18:39.0937 3900 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINXP\System32\dnsrslvr.dll
17:18:40.0015 3900 Dnscache - ok
17:18:40.0062 3900 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINXP\System32\dot3svc.dll
17:18:40.0359 3900 Dot3svc - ok
17:18:40.0375 3900 dpti2o - ok
17:18:40.0406 3900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINXP\system32\drivers\drmkaud.sys
17:18:40.0703 3900 drmkaud - ok
17:18:40.0734 3900 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINXP\System32\eapsvc.dll
17:18:41.0031 3900 EapHost - ok
17:18:41.0093 3900 EL90X (be492ac87790457ecdacecc967f38c55) C:\WINXP\system32\DRIVERS\el90xnd5.sys
17:18:41.0375 3900 EL90X - ok
17:18:41.0406 3900 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINXP\System32\ersvc.dll
17:18:41.0718 3900 ERSvc - ok
17:18:41.0781 3900 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINXP\system32\services.exe
17:18:41.0843 3900 Eventlog - ok
17:18:41.0906 3900 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINXP\system32\es.dll
17:18:41.0968 3900 EventSystem - ok
17:18:42.0031 3900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINXP\system32\drivers\Fastfat.sys
17:18:42.0296 3900 Fastfat - ok
17:18:42.0359 3900 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:18:42.0453 3900 FastUserSwitchingCompatibility - ok
17:18:42.0484 3900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINXP\system32\DRIVERS\fdc.sys
17:18:42.0750 3900 Fdc - ok
17:18:42.0781 3900 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINXP\system32\drivers\Fips.sys
17:18:43.0062 3900 Fips - ok
17:18:43.0109 3900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINXP\system32\drivers\Flpydisk.sys
17:18:43.0375 3900 Flpydisk - ok
17:18:43.0406 3900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINXP\system32\drivers\fltmgr.sys
17:18:43.0703 3900 FltMgr - ok
17:18:43.0812 3900 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:18:43.0828 3900 FontCache3.0.0.0 - ok
17:18:43.0859 3900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINXP\system32\drivers\Fs_Rec.sys
17:18:44.0125 3900 Fs_Rec - ok
17:18:44.0156 3900 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINXP\system32\DRIVERS\ftdisk.sys
17:18:44.0453 3900 Ftdisk - ok
17:18:44.0500 3900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
17:18:44.0531 3900 GEARAspiWDM - ok
17:18:44.0562 3900 getPlusHelper - ok
17:18:44.0625 3900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINXP\system32\DRIVERS\msgpc.sys
17:18:44.0906 3900 Gpc - ok
17:18:44.0984 3900 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:18:45.0296 3900 helpsvc - ok
17:18:45.0343 3900 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINXP\System32\hidserv.dll
17:18:45.0609 3900 HidServ - ok
17:18:45.0625 3900 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINXP\system32\DRIVERS\hidusb.sys
17:18:45.0937 3900 hidusb - ok
17:18:46.0000 3900 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINXP\System32\kmsvc.dll
17:18:46.0281 3900 hkmsvc - ok
17:18:46.0312 3900 hpn - ok
17:18:46.0390 3900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINXP\system32\Drivers\HTTP.sys
17:18:46.0453 3900 HTTP - ok
17:18:46.0484 3900 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINXP\System32\w3ssl.dll
17:18:46.0781 3900 HTTPFilter - ok
17:18:46.0812 3900 i2omgmt - ok
17:18:46.0828 3900 i2omp - ok
17:18:46.0875 3900 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINXP\system32\DRIVERS\i8042prt.sys
17:18:47.0171 3900 i8042prt - ok
17:18:47.0312 3900 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:18:47.0437 3900 idsvc - ok
17:18:47.0484 3900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINXP\system32\DRIVERS\imapi.sys
17:18:47.0796 3900 Imapi - ok
17:18:47.0875 3900 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINXP\system32\imapi.exe
17:18:48.0156 3900 ImapiService - ok
17:18:48.0187 3900 ini910u - ok
17:18:48.0218 3900 IntelIde - ok
17:18:48.0265 3900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINXP\system32\drivers\ip6fw.sys
17:18:48.0578 3900 Ip6Fw - ok
17:18:48.0609 3900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINXP\system32\DRIVERS\ipfltdrv.sys
17:18:48.0906 3900 IpFilterDriver - ok
17:18:48.0953 3900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINXP\system32\DRIVERS\ipinip.sys
17:18:49.0281 3900 IpInIp - ok
17:18:49.0312 3900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINXP\system32\DRIVERS\ipnat.sys
17:18:49.0609 3900 IpNat - ok
17:18:49.0734 3900 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Programme\iPod\bin\iPodService.exe
17:18:49.0875 3900 iPod Service - ok
17:18:49.0937 3900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINXP\system32\DRIVERS\ipsec.sys
17:18:50.0250 3900 IPSec - ok
17:18:50.0265 3900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINXP\system32\DRIVERS\irenum.sys
17:18:50.0406 3900 IRENUM - ok
17:18:50.0453 3900 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINXP\system32\DRIVERS\isapnp.sys
17:18:50.0718 3900 isapnp - ok
17:18:50.0796 3900 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programme\Java\jre6\bin\jqs.exe
17:18:50.0843 3900 JavaQuickStarterService - ok
17:18:50.0875 3900 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINXP\system32\DRIVERS\kbdclass.sys
17:18:51.0171 3900 Kbdclass - ok
17:18:51.0218 3900 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINXP\system32\DRIVERS\kbdhid.sys
17:18:51.0500 3900 kbdhid - ok
17:18:51.0562 3900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINXP\system32\drivers\kmixer.sys
17:18:51.0859 3900 kmixer - ok
17:18:51.0906 3900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINXP\system32\drivers\KSecDD.sys
17:18:52.0000 3900 KSecDD - ok
17:18:52.0062 3900 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINXP\System32\srvsvc.dll
17:18:52.0125 3900 lanmanserver - ok
17:18:52.0171 3900 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINXP\System32\wkssvc.dll
17:18:52.0234 3900 lanmanworkstation - ok
17:18:52.0250 3900 lbrtfdc - ok
17:18:52.0281 3900 LgBttPort - ok
17:18:52.0312 3900 lgbusenum - ok
17:18:52.0343 3900 LGScsiCommandService (2bf9d85fe233d1d7a0174d1df5f468b2) C:\WINXP\system32\LGScsiCommandService.exe
17:18:52.0375 3900 LGScsiCommandService ( UnsignedFile.Multi.Generic ) - warning
17:18:52.0375 3900 LGScsiCommandService - detected UnsignedFile.Multi.Generic (1)
17:18:52.0390 3900 LGVMODEM - ok
17:18:52.0453 3900 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINXP\System32\lmhsvc.dll
17:18:52.0734 3900 LmHosts - ok
17:18:52.0796 3900 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINXP\System32\msgsvc.dll
17:18:53.0109 3900 Messenger - ok
17:18:53.0171 3900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINXP\system32\drivers\mnmdd.sys
17:18:53.0437 3900 mnmdd - ok
17:18:53.0468 3900 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINXP\system32\mnmsrvc.exe
17:18:53.0796 3900 mnmsrvc - ok
17:18:53.0843 3900 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINXP\system32\drivers\Modem.sys
17:18:54.0109 3900 Modem - ok
17:18:54.0140 3900 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINXP\system32\DRIVERS\mouclass.sys
17:18:54.0421 3900 Mouclass - ok
17:18:54.0453 3900 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINXP\system32\DRIVERS\mouhid.sys
17:18:54.0734 3900 mouhid - ok
17:18:54.0765 3900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINXP\system32\drivers\MountMgr.sys
17:18:55.0093 3900 MountMgr - ok
17:18:55.0156 3900 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:18:55.0187 3900 MozillaMaintenance - ok
17:18:55.0234 3900 MPE (83eff7b976ae24f1a496ca94a8a19919) C:\WINXP\system32\DRIVERS\MPE.sys
17:18:55.0250 3900 MPE - ok
17:18:55.0265 3900 mraid35x - ok
17:18:55.0312 3900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINXP\system32\DRIVERS\mrxdav.sys
17:18:55.0593 3900 MRxDAV - ok
17:18:55.0671 3900 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINXP\system32\DRIVERS\mrxsmb.sys
17:18:55.0750 3900 MRxSmb - ok
17:18:55.0796 3900 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINXP\system32\msdtc.exe
17:18:56.0093 3900 MSDTC - ok
17:18:56.0156 3900 MSDV (8575d788395c4d6378d98d1ed7cdadb9) C:\WINXP\system32\DRIVERS\msdv.sys
17:18:56.0203 3900 MSDV - ok
17:18:56.0250 3900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINXP\system32\drivers\Msfs.sys
17:18:56.0515 3900 Msfs - ok
17:18:56.0531 3900 MSIServer - ok
17:18:56.0562 3900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINXP\system32\drivers\MSKSSRV.sys
17:18:56.0859 3900 MSKSSRV - ok
17:18:56.0890 3900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINXP\system32\drivers\MSPCLOCK.sys
17:18:57.0140 3900 MSPCLOCK - ok
17:18:57.0156 3900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINXP\system32\drivers\MSPQM.sys
17:18:57.0437 3900 MSPQM - ok
17:18:57.0468 3900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINXP\system32\DRIVERS\mssmbios.sys
17:18:57.0734 3900 mssmbios - ok
17:18:57.0765 3900 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINXP\system32\drivers\MSTEE.sys
17:18:57.0875 3900 MSTEE - ok
17:18:57.0921 3900 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINXP\system32\drivers\Mup.sys
17:18:57.0968 3900 Mup - ok
17:18:58.0000 3900 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINXP\system32\DRIVERS\NABTSFEC.sys
17:18:58.0015 3900 NABTSFEC - ok
17:18:58.0093 3900 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINXP\System32\qagentrt.dll
17:18:58.0390 3900 napagent - ok
17:18:58.0453 3900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINXP\system32\drivers\NDIS.sys
17:18:58.0734 3900 NDIS - ok
17:18:58.0750 3900 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINXP\system32\DRIVERS\NdisIP.sys
17:18:58.0781 3900 NdisIP - ok
17:18:58.0812 3900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINXP\system32\DRIVERS\ndistapi.sys
17:18:58.0890 3900 NdisTapi - ok
17:18:58.0921 3900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINXP\system32\DRIVERS\ndisuio.sys
17:18:59.0203 3900 Ndisuio - ok
17:18:59.0234 3900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINXP\system32\DRIVERS\ndiswan.sys
17:18:59.0484 3900 NdisWan - ok
17:18:59.0546 3900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINXP\system32\drivers\NDProxy.sys
17:18:59.0609 3900 NDProxy - ok
17:18:59.0656 3900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINXP\system32\DRIVERS\netbios.sys
17:18:59.0937 3900 NetBIOS - ok
17:18:59.0984 3900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINXP\system32\DRIVERS\netbt.sys
17:19:00.0265 3900 NetBT - ok
17:19:00.0312 3900 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINXP\system32\netdde.exe
17:19:00.0609 3900 NetDDE - ok
17:19:00.0625 3900 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINXP\system32\netdde.exe
17:19:00.0890 3900 NetDDEdsdm - ok
17:19:00.0921 3900 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:01.0203 3900 Netlogon - ok
17:19:01.0265 3900 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINXP\System32\netman.dll
17:19:01.0531 3900 Netman - ok
17:19:01.0640 3900 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:19:01.0671 3900 NetTcpPortSharing - ok
17:19:01.0703 3900 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINXP\system32\DRIVERS\nic1394.sys
17:19:01.0968 3900 NIC1394 - ok
17:19:02.0031 3900 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINXP\System32\mswsock.dll
17:19:02.0062 3900 Nla - ok
17:19:02.0140 3900 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
17:19:02.0156 3900 NMSAccess - ok
17:19:02.0203 3900 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINXP\system32\drivers\ccdcmb.sys
17:19:02.0453 3900 nmwcd - ok
17:19:02.0500 3900 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINXP\system32\drivers\ccdcmbo.sys
17:19:02.0640 3900 nmwcdc - ok
17:19:02.0687 3900 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINXP\system32\drivers\nmwcdnsu.sys
17:19:02.0828 3900 nmwcdnsu - ok
17:19:02.0859 3900 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINXP\system32\drivers\nmwcdnsuc.sys
17:19:02.0984 3900 nmwcdnsuc - ok
17:19:03.0015 3900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINXP\system32\drivers\Npfs.sys
17:19:03.0250 3900 Npfs - ok
17:19:03.0328 3900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINXP\system32\drivers\Ntfs.sys
17:19:03.0656 3900 Ntfs - ok
17:19:03.0703 3900 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:03.0968 3900 NtLmSsp - ok
17:19:04.0031 3900 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINXP\system32\ntmssvc.dll
17:19:04.0359 3900 NtmsSvc - ok
17:19:04.0406 3900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINXP\system32\drivers\Null.sys
17:19:04.0671 3900 Null - ok
17:19:04.0703 3900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINXP\system32\DRIVERS\nwlnkflt.sys
17:19:04.0968 3900 NwlnkFlt - ok
17:19:04.0984 3900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
17:19:05.0281 3900 NwlnkFwd - ok
17:19:05.0328 3900 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINXP\system32\DRIVERS\ohci1394.sys
17:19:05.0593 3900 ohci1394 - ok
17:19:05.0640 3900 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINXP\system32\DRIVERS\parport.sys
17:19:05.0937 3900 Parport - ok
17:19:05.0968 3900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINXP\system32\drivers\PartMgr.sys
17:19:06.0265 3900 PartMgr - ok
17:19:06.0296 3900 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINXP\system32\drivers\ParVdm.sys
17:19:06.0546 3900 ParVdm - ok
17:19:06.0578 3900 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINXP\system32\DRIVERS\pccsmcfd.sys
17:19:06.0609 3900 pccsmcfd - ok
17:19:06.0640 3900 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINXP\system32\DRIVERS\pci.sys
17:19:06.0921 3900 PCI - ok
17:19:06.0937 3900 PCIDump - ok
17:19:06.0968 3900 PCIIde - ok
17:19:07.0000 3900 PCLEPCI (0edd0d2d4da1b2b9ddc1a0d2c8112e19) C:\WINXP\system32\drivers\PCLEPCI.sys
17:19:07.0015 3900 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
17:19:07.0015 3900 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
17:19:07.0062 3900 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINXP\system32\drivers\Pcmcia.sys
17:19:07.0328 3900 Pcmcia - ok
17:19:07.0328 3900 PDCOMP - ok
17:19:07.0359 3900 PDFRAME - ok
17:19:07.0375 3900 PDRELI - ok
17:19:07.0406 3900 PDRFRAME - ok
17:19:07.0421 3900 perc2 - ok
17:19:07.0437 3900 perc2hib - ok
17:19:07.0515 3900 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINXP\system32\drivers\pfc.sys
17:19:07.0515 3900 pfc ( UnsignedFile.Multi.Generic ) - warning
17:19:07.0515 3900 pfc - detected UnsignedFile.Multi.Generic (1)
17:19:07.0578 3900 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINXP\system32\services.exe
17:19:07.0609 3900 PlugPlay - ok
17:19:07.0625 3900 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:07.0937 3900 PolicyAgent - ok
17:19:07.0968 3900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINXP\system32\DRIVERS\raspptp.sys
17:19:08.0250 3900 PptpMiniport - ok
17:19:08.0250 3900 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:08.0546 3900 ProtectedStorage - ok
17:19:08.0562 3900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINXP\system32\DRIVERS\psched.sys
17:19:08.0828 3900 PSched - ok
17:19:08.0859 3900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINXP\system32\DRIVERS\ptilink.sys
17:19:09.0140 3900 Ptilink - ok
17:19:09.0156 3900 ql1080 - ok
17:19:09.0171 3900 Ql10wnt - ok
17:19:09.0203 3900 ql12160 - ok
17:19:09.0218 3900 ql1240 - ok
17:19:09.0234 3900 ql1280 - ok
17:19:09.0281 3900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINXP\system32\DRIVERS\rasacd.sys
17:19:09.0531 3900 RasAcd - ok
17:19:09.0593 3900 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINXP\System32\rasauto.dll
17:19:09.0859 3900 RasAuto - ok
17:19:09.0906 3900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINXP\system32\DRIVERS\rasl2tp.sys
17:19:10.0156 3900 Rasl2tp - ok
17:19:10.0203 3900 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINXP\System32\rasmans.dll
17:19:10.0468 3900 RasMan - ok
17:19:10.0484 3900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINXP\system32\DRIVERS\raspppoe.sys
17:19:10.0796 3900 RasPppoe - ok
17:19:10.0812 3900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINXP\system32\DRIVERS\raspti.sys
17:19:11.0062 3900 Raspti - ok
17:19:11.0093 3900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINXP\system32\DRIVERS\rdbss.sys
17:19:11.0375 3900 Rdbss - ok
17:19:11.0406 3900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINXP\system32\DRIVERS\RDPCDD.sys
17:19:11.0671 3900 RDPCDD - ok
17:19:11.0734 3900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINXP\system32\DRIVERS\rdpdr.sys
17:19:12.0015 3900 rdpdr - ok
17:19:12.0062 3900 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINXP\system32\drivers\RDPWD.sys
17:19:12.0125 3900 RDPWD - ok
17:19:12.0171 3900 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINXP\system32\sessmgr.exe
17:19:12.0453 3900 RDSessMgr - ok
17:19:12.0500 3900 redbook (ed761d453856f795a7fe056e42c36365) C:\WINXP\system32\DRIVERS\redbook.sys
17:19:12.0796 3900 redbook - ok
17:19:12.0843 3900 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINXP\System32\mprdim.dll
17:19:13.0125 3900 RemoteAccess - ok
17:19:13.0156 3900 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINXP\system32\regsvc.dll
17:19:13.0421 3900 RemoteRegistry - ok
17:19:13.0468 3900 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINXP\system32\locator.exe
17:19:13.0734 3900 RpcLocator - ok
17:19:13.0828 3900 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINXP\system32\rpcss.dll
17:19:13.0875 3900 RpcSs - ok
17:19:13.0921 3900 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINXP\system32\rsvp.exe
17:19:14.0218 3900 RSVP - ok
17:19:14.0265 3900 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINXP\system32\lsass.exe
17:19:14.0531 3900 SamSs - ok
17:19:14.0531 3900 SBRE - ok
17:19:14.0578 3900 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINXP\System32\SCardSvr.exe
17:19:14.0890 3900 SCardSvr - ok
17:19:14.0937 3900 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINXP\system32\schedsvc.dll
17:19:15.0187 3900 Schedule - ok
17:19:15.0234 3900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINXP\system32\DRIVERS\secdrv.sys
17:19:15.0343 3900 Secdrv - ok
17:19:15.0375 3900 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINXP\System32\seclogon.dll
17:19:15.0687 3900 seclogon - ok
17:19:15.0718 3900 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINXP\system32\sens.dll
17:19:15.0968 3900 SENS - ok
17:19:16.0015 3900 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINXP\system32\DRIVERS\serenum.sys
17:19:16.0281 3900 serenum - ok
17:19:16.0312 3900 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINXP\system32\DRIVERS\serial.sys
17:19:16.0593 3900 Serial - ok
17:19:16.0734 3900 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
17:19:16.0828 3900 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:19:16.0828 3900 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:19:16.0875 3900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINXP\system32\drivers\Sfloppy.sys
17:19:17.0140 3900 Sfloppy - ok
17:19:17.0218 3900 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINXP\System32\ipnathlp.dll
17:19:17.0531 3900 SharedAccess - ok
17:19:17.0578 3900 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:19:17.0609 3900 ShellHWDetection - ok
17:19:17.0625 3900 Simbad - ok
17:19:17.0671 3900 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINXP\system32\DRIVERS\SLIP.sys
17:19:17.0687 3900 SLIP - ok
17:19:17.0718 3900 Sparrow - ok
17:19:17.0750 3900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINXP\system32\drivers\splitter.sys
17:19:18.0031 3900 splitter - ok
17:19:18.0078 3900 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINXP\system32\spoolsv.exe
17:19:18.0125 3900 Spooler - ok
17:19:18.0187 3900 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINXP\system32\DRIVERS\sr.sys
17:19:18.0296 3900 sr - ok
17:19:18.0359 3900 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINXP\system32\srsvc.dll
17:19:18.0484 3900 srservice - ok
17:19:18.0531 3900 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINXP\system32\DRIVERS\srv.sys
17:19:18.0625 3900 Srv - ok
17:19:18.0671 3900 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINXP\System32\ssdpsrv.dll
17:19:18.0796 3900 SSDPSRV - ok
17:19:18.0843 3900 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINXP\system32\DRIVERS\ssmdrv.sys
17:19:18.0859 3900 ssmdrv - ok
17:19:18.0906 3900 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINXP\system32\drivers\StarOpen.sys
17:19:18.0906 3900 StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:19:18.0906 3900 StarOpen - detected UnsignedFile.Multi.Generic (1)
17:19:18.0968 3900 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINXP\system32\wiaservc.dll
17:19:19.0250 3900 stisvc - ok
17:19:19.0296 3900 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINXP\system32\DRIVERS\StreamIP.sys
17:19:19.0328 3900 streamip - ok
17:19:19.0375 3900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINXP\system32\DRIVERS\swenum.sys
17:19:19.0671 3900 swenum - ok
17:19:19.0718 3900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINXP\system32\drivers\swmidi.sys
17:19:19.0968 3900 swmidi - ok
17:19:19.0984 3900 SwPrv - ok
17:19:20.0015 3900 symc810 - ok
17:19:20.0046 3900 symc8xx - ok
17:19:20.0062 3900 sym_hi - ok
17:19:20.0078 3900 sym_u3 - ok
17:19:20.0125 3900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINXP\system32\drivers\sysaudio.sys
17:19:20.0406 3900 sysaudio - ok
17:19:20.0453 3900 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINXP\system32\smlogsvc.exe
17:19:20.0718 3900 SysmonLog - ok
17:19:20.0796 3900 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINXP\System32\tapisrv.dll
17:19:21.0078 3900 TapiSrv - ok
17:19:21.0140 3900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINXP\system32\DRIVERS\tcpip.sys
17:19:21.0203 3900 Tcpip - ok
17:19:21.0250 3900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINXP\system32\drivers\TDPIPE.sys
17:19:21.0515 3900 TDPIPE - ok
17:19:21.0562 3900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINXP\system32\drivers\TDTCP.sys
17:19:21.0812 3900 TDTCP - ok
17:19:21.0843 3900 TermDD (88155247177638048422893737429d9e) C:\WINXP\system32\DRIVERS\termdd.sys
17:19:22.0125 3900 TermDD - ok
17:19:22.0187 3900 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINXP\System32\termsrv.dll
17:19:22.0468 3900 TermService - ok
17:19:22.0531 3900 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINXP\System32\shsvcs.dll
17:19:22.0562 3900 Themes - ok
17:19:22.0609 3900 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINXP\system32\tlntsvr.exe
17:19:22.0750 3900 TlntSvr - ok
17:19:22.0875 3900 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
17:19:22.0906 3900 TomTomHOMEService - ok
17:19:22.0921 3900 TosIde - ok
17:19:22.0953 3900 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINXP\system32\trkwks.dll
17:19:23.0218 3900 TrkWks - ok
17:19:23.0265 3900 TTHID (f3996987080426d4e87ecd9d4fe373af) C:\WINXP\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
17:19:23.0296 3900 TTHID - ok
17:19:23.0328 3900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINXP\system32\drivers\Udfs.sys
17:19:23.0609 3900 Udfs - ok
17:19:23.0718 3900 UDXTTM6010 (328762250ddf538cf007cf692dd6e934) C:\WINXP\system32\DRIVERS\UDXTTM6010.sys
17:19:23.0796 3900 UDXTTM6010 - ok
17:19:23.0812 3900 ultra - ok
17:19:23.0875 3900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINXP\system32\DRIVERS\update.sys
17:19:24.0187 3900 Update - ok
17:19:24.0234 3900 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINXP\System32\upnphost.dll
17:19:24.0375 3900 upnphost - ok
17:19:24.0421 3900 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINXP\system32\DRIVERS\usbser_lowerflt.sys
17:19:24.0546 3900 upperdev - ok
17:19:24.0578 3900 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINXP\System32\ups.exe
17:19:24.0781 3900 UPS - ok
17:19:24.0843 3900 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINXP\system32\Drivers\usbaapl.sys
17:19:24.0906 3900 USBAAPL - ok
17:19:24.0921 3900 usbbus - ok
17:19:24.0968 3900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINXP\system32\DRIVERS\usbccgp.sys
17:19:25.0218 3900 usbccgp - ok
17:19:25.0234 3900 UsbDiag - ok
17:19:25.0281 3900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINXP\system32\DRIVERS\usbehci.sys
17:19:25.0593 3900 usbehci - ok
17:19:25.0640 3900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINXP\system32\DRIVERS\usbhub.sys
17:19:25.0906 3900 usbhub - ok
17:19:25.0921 3900 USBModem - ok
17:19:25.0984 3900 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINXP\system32\DRIVERS\usbscan.sys
17:19:26.0265 3900 usbscan - ok
17:19:26.0312 3900 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINXP\system32\drivers\usbser.sys
17:19:26.0531 3900 usbser - ok
17:19:26.0562 3900 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINXP\system32\DRIVERS\usbser_lowerfltj.sys
17:19:26.0687 3900 UsbserFilt - ok
17:19:26.0703 3900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINXP\system32\DRIVERS\USBSTOR.SYS
17:19:26.0953 3900 USBSTOR - ok
17:19:26.0984 3900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINXP\system32\DRIVERS\usbuhci.sys
17:19:27.0250 3900 usbuhci - ok
17:19:27.0265 3900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINXP\System32\drivers\vga.sys
17:19:27.0515 3900 VgaSave - ok
17:19:27.0546 3900 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINXP\system32\DRIVERS\viaagp.sys
17:19:27.0812 3900 viaagp - ok
17:19:27.0843 3900 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINXP\system32\DRIVERS\viaide.sys
17:19:28.0125 3900 ViaIde - ok
17:19:28.0156 3900 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINXP\system32\drivers\VolSnap.sys
17:19:28.0421 3900 VolSnap - ok
17:19:28.0468 3900 VSS (68f106273be29e7b7ef8266977268e78) C:\WINXP\System32\vssvc.exe
17:19:28.0609 3900 VSS - ok
17:19:28.0656 3900 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINXP\system32\w32time.dll
17:19:28.0906 3900 W32Time - ok
17:19:28.0953 3900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINXP\system32\DRIVERS\wanarp.sys
17:19:29.0187 3900 Wanarp - ok
17:19:29.0281 3900 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINXP\system32\Drivers\wdf01000.sys
17:19:29.0343 3900 Wdf01000 - ok
17:19:29.0359 3900 WDICA - ok
17:19:29.0406 3900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINXP\system32\drivers\wdmaud.sys
17:19:29.0671 3900 wdmaud - ok
17:19:29.0718 3900 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINXP\System32\webclnt.dll
17:19:30.0000 3900 WebClient - ok
17:19:30.0093 3900 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINXP\system32\wbem\WMIsvc.dll
17:19:30.0375 3900 winmgmt - ok
17:19:30.0437 3900 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINXP\system32\mspmsnsv.dll
17:19:30.0484 3900 WmdmPmSN - ok
17:19:30.0578 3900 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINXP\System32\advapi32.dll
17:19:30.0671 3900 Wmi - ok
17:19:30.0734 3900 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINXP\system32\wbem\wmiapsrv.exe
17:19:31.0000 3900 WmiApSrv - ok
17:19:31.0171 3900 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
17:19:31.0281 3900 WMPNetworkSvc - ok
17:19:31.0328 3900 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINXP\system32\DRIVERS\wpdusb.sys
17:19:31.0359 3900 WpdUsb - ok
17:19:31.0406 3900 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINXP\system32\wscsvc.dll
17:19:31.0671 3900 wscsvc - ok
17:19:31.0703 3900 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINXP\system32\DRIVERS\WSTCODEC.SYS
17:19:31.0734 3900 WSTCODEC - ok
17:19:31.0781 3900 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINXP\system32\wuauserv.dll
17:19:32.0078 3900 wuauserv - ok
17:19:32.0109 3900 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINXP\system32\DRIVERS\WudfPf.sys
17:19:32.0156 3900 WudfPf - ok
17:19:32.0203 3900 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINXP\system32\DRIVERS\wudfrd.sys
17:19:32.0234 3900 WudfRd - ok
17:19:32.0265 3900 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINXP\System32\WUDFSvc.dll
17:19:32.0296 3900 WudfSvc - ok
17:19:32.0375 3900 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINXP\System32\wzcsvc.dll
17:19:32.0656 3900 WZCSVC - ok
17:19:32.0703 3900 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINXP\System32\xmlprov.dll
17:19:32.0953 3900 xmlprov - ok
17:19:33.0000 3900 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:19:33.0781 3900 \Device\Harddisk0\DR0 - ok
17:19:33.0781 3900 Boot (0x1200) (fff7d1580dd8b0ca065154d0e6c8f214) \Device\Harddisk0\DR0\Partition0
17:19:33.0796 3900 \Device\Harddisk0\DR0\Partition0 - ok
17:19:33.0812 3900 Boot (0x1200) (c01e695939d0539bcb9d9d5126af65ed) \Device\Harddisk0\DR0\Partition1
17:19:33.0812 3900 \Device\Harddisk0\DR0\Partition1 - ok
17:19:33.0812 3900 ============================================================
17:19:33.0812 3900 Scan finished
17:19:33.0812 3900 ============================================================
17:19:33.0968 3892 Detected object count: 8
17:19:33.0968 3892 Actual detected object count: 8
17:22:17.0296 3892 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0296 3892 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0296 3892 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0296 3892 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0312 3892 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0312 3892 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0312 3892 LGScsiCommandService ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0312 3892 LGScsiCommandService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0328 3892 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0328 3892 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0328 3892 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0328 3892 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0343 3892 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0343 3892 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:22:17.0343 3892 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:22:17.0343 3892 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.06.2012, 22:25
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 17:02
| #26 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Hallo Cosinus, ich weiß zwar nicht genau, was Du da mit meinem PC machst, aber deine Geduld (mit mir als PC-Laie) und dein investiertes Engagement, RESPEKT ! Combofix Logfile: Code:
ATTFilter ComboFix 12-06-21.01 - we 21.06.2012 8:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1023.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\we\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\we\4.0
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\we\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\we\WINDOWS
c:\programme\Internet Explorer\SET458.tmp
c:\winxp\IsUn0407.exe
c:\winxp\system32\_000006_.tmp.dll
c:\winxp\system32\_000007_.tmp.dll
c:\winxp\system32\_000008_.tmp.dll
c:\winxp\system32\_000009_.tmp.dll
c:\winxp\system32\_000010_.tmp.dll
c:\winxp\system32\_000011_.tmp.dll
c:\winxp\system32\_000019_.tmp.dll
c:\winxp\system32\_000020_.tmp.dll
c:\winxp\system32\_000021_.tmp.dll
c:\winxp\system32\_000022_.tmp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-19 19:26 . 2012-06-19 19:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\GFI Software
2012-06-18 14:54 . 2012-06-18 14:54 -------- d-----w- C:\_OTL
2012-06-11 05:35 . 2012-06-11 05:35 -------- d-----w- c:\programme\7-Zip
2012-06-10 18:25 . 2012-06-10 18:25 -------- d-----r- c:\dokumente und einstellungen\LocalService\Eigene Dateien
2012-06-06 19:37 . 2012-06-06 19:37 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Ad-Aware Antivirus
2012-06-05 16:44 . 2012-06-05 16:44 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Ad-Aware Antivirus
2012-06-05 13:46 . 2012-06-05 13:46 -------- d-----w- c:\dokumente und einstellungen\we\Lokale Einstellungen\Anwendungsdaten\adaware
2012-06-05 13:45 . 2012-06-05 13:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection
2012-06-05 13:42 . 2012-06-19 19:26 -------- d-----w- c:\programme\Ad-Aware Antivirus
2012-06-05 13:32 . 2011-04-30 08:50 766464 ------w- c:\winxp\system32\dllcache\vgx.dll
2012-06-05 13:30 . 2012-06-13 16:20 -------- d-----w- c:\dokumente und einstellungen\we\Anwendungsdaten\Ad-Aware Antivirus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 00:06 . 2012-04-09 15:23 426184 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2012-06-15 00:06 . 2011-10-09 20:08 70344 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2004-08-03 22:57 604160 ----a-w- c:\winxp\system32\crypt32.dll
2012-05-15 15:35 . 2007-10-09 18:05 841216 ----a-w- c:\winxp\system32\wininet.dll
2012-05-15 13:56 . 2007-10-09 18:06 1863296 ----a-w- c:\winxp\system32\win32k.sys
2012-05-05 03:14 . 2007-10-09 18:06 2194944 ----a-w- c:\winxp\system32\ntoskrnl.exe
2012-05-05 03:14 . 2007-02-28 08:06 2071424 ----a-w- c:\winxp\system32\ntkrnlpa.exe
2012-05-03 18:49 . 2011-10-16 10:07 83392 ----a-w- c:\winxp\system32\drivers\avgntflt.sys
2012-05-03 18:49 . 2011-10-16 10:07 137928 ----a-w- c:\winxp\system32\drivers\avipbb.sys
2012-05-02 13:46 . 2010-07-20 09:13 139656 ----a-w- c:\winxp\system32\drivers\rdpwd.sys
2012-04-26 07:02 . 2012-04-26 07:02 89166136 ----a-w- C:\LGPCSuiteIV_Setup.exe
2012-04-23 14:38 . 2007-10-09 18:04 1830912 ----a-w- c:\winxp\system32\inetcpl.cpl
2012-04-23 14:38 . 2007-10-09 16:19 78336 ----a-w- c:\winxp\system32\ieencode.dll
2012-04-23 14:38 . 2007-10-09 16:19 17408 ------w- c:\winxp\system32\corpol.dll
2012-06-14 23:18 . 2012-06-14 23:18 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-03 348624]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Ad-Aware Browsing Protection"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2012-04-23 124928]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25 497648 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w- c:\programme\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 05:52 15360 ----a-w- c:\winxp\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 14:49 14940040 ----a-r- c:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-17 03:42 577536 ------r- c:\winxp\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\programme\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\ChannelEditor\\CinergyDvrChannelEditor.exe"=
"c:\\WINXP\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINXP\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
.
R1 avkmgr;avkmgr;c:\winxp\system32\drivers\avkmgr.sys [16.10.2011 12:07 36000]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [06.09.2010 03:19 169408]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2011 12:07 86224]
R2 LGScsiCommandService;LG SCSI command service;c:\winxp\system32\LGScsiCommandService.exe [26.04.2012 08:58 47616]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\winxp\system32\drivers\Cinergy_Hybrid-Stick_HID.sys [22.11.2010 15:57 21752]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\winxp\system32\drivers\UDXTTM6010.sys [22.11.2010 15:57 762232]
S1 SBRE;SBRE;\??\c:\winxp\system32\drivers\SBREdrv.sys --> c:\winxp\system32\drivers\SBREdrv.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\winxp\system32\drivers\ASPI32.SYS [20.02.2012 13:06 16512]
S3 LgBttPort;LGE Bluetooth TransPort;c:\winxp\system32\DRIVERS\lgbtport.sys --> c:\winxp\system32\DRIVERS\lgbtport.sys [?]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\winxp\system32\DRIVERS\lgbtbus.sys --> c:\winxp\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\winxp\system32\DRIVERS\lgvmodem.sys --> c:\winxp\system32\DRIVERS\lgvmodem.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 23:00 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\winxp\system32\drivers\nmwcdnsu.sys [20.07.2010 14:19 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\winxp\system32\drivers\nmwcdnsuc.sys [20.07.2010 14:19 8320]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\we\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: maris.com\www.redshift
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\we\Anwendungsdaten\Mozilla\Firefox\Profiles\aqf6didp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.web.de
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-NokiaOviSuite2 - c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-QuickTime Task - c:\programme\QuickTime\QTTask.exe
MSConfigStartUp-SearchSettings - c:\programme\pdfforge Toolbar\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 17:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\winxp\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4004)
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.dll
c:\winxp\system32\wpdshserviceobj.dll
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\winxp\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\winxp\system32\wbem\wmiapsrv.exe
c:\winxp\system32\Ati2evxx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21 17:27:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-21 15:27
.
Vor Suchlauf: 14 Verzeichnis(se), 18.446.962.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 18.334.175.232 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AF7EFABF980B3341CCB9E26C2CAD0D53
--- --- --- |
|
21.06.2012, 19:21
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 16:34
| #28 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-22 06:15:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17 WDC_WD1600AAJB-00J3A0 rev.01.03E01
Running: rxy0hg9f.exe; Driver: C:\DOKUME~1\we\LOKALE~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT F7E4206C ZwClose
SSDT F7E42026 ZwCreateKey
SSDT F7E42076 ZwCreateSection
SSDT F7E4201C ZwCreateThread
SSDT F7E4202B ZwDeleteKey
SSDT F7E42035 ZwDeleteValueKey
SSDT F7E42067 ZwDuplicateObject
SSDT F7E4203A ZwLoadKey
SSDT F7E42008 ZwOpenProcess
SSDT F7E4200D ZwOpenThread
SSDT F7E4208F ZwQueryValueKey
SSDT F7E42044 ZwReplaceKey
SSDT F7E42080 ZwRequestWaitReplyPort
SSDT F7E4203F ZwRestoreKey
SSDT F7E4207B ZwSetContextThread
SSDT F7E42085 ZwSetSecurityObject
SSDT F7E42030 ZwSetValueKey
SSDT F7E4208A ZwSystemDebugControl
SSDT F7E42017 ZwTerminateProcess
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1764] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager vError get version hxxp://www.online-solutions.ru/en/ Saved at 16:37:25 on 22.06.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.21312 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\WINXP\system32\sdnclean.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "alsndmgr.cpl" - ? - C:\WINXP\system32\alsndmgr.cpl (File found, but it contains no detailed information) "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINXP\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINXP\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINXP\system32\javacpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Advanced SCSI Programming Interface Driver" (ASPI) - "Adaptec" - C:\WINXP\System32\DRIVERS\ASPI32.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINXP\system32\drivers\Changer.sys (File not found) "Cinergy Hybrid-Stick BDA service" (UDXTTM6010) - ? - C:\WINXP\System32\DRIVERS\UDXTTM6010.sys "Cinergy Hybrid-Stick HID service" (TTHID) - "DTV-DVB" - C:\WINXP\System32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys "i2omgmt" (i2omgmt) - ? - C:\WINXP\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINXP\system32\drivers\lbrtfdc.sys (File not found) "LG Bluetooth Bus Enumerator" (lgbusenum) - ? - C:\WINXP\System32\DRIVERS\lgbtbus.sys (File not found) "LGE Bluetooth TransPort" (LgBttPort) - ? - C:\WINXP\System32\DRIVERS\lgbtport.sys (File not found) "LGE Mobile Composite USB Device" (usbbus) - ? - C:\WINXP\System32\DRIVERS\lgusbbus.sys (File not found) "LGE Mobile USB Modem" (USBModem) - ? - C:\WINXP\System32\DRIVERS\lgusbmodem.sys (File not found) "LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\WINXP\System32\DRIVERS\lgusbdiag.sys (File not found) "LGE Virtual Modem" (LGVMODEM) - ? - C:\WINXP\System32\DRIVERS\lgvmodem.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINXP\System32\drivers\pfc.sys "PCIDump" (PCIDump) - ? - C:\WINXP\system32\drivers\PCIDump.sys (File not found) "PCLEPCI" (PCLEPCI) - "Pinnacle Systems GmbH" - C:\WINXP\system32\drivers\PCLEPCI.sys "PDCOMP" (PDCOMP) - ? - C:\WINXP\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINXP\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINXP\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINXP\system32\drivers\PDRFRAME.sys (File not found) "SBRE" (SBRE) - ? - C:\WINXP\system32\drivers\SBREdrv.sys (File not found) "Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINXP\System32\drivers\ALCXWDM.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINXP\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINXP\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINXP\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINXP\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINXP\system32\dfshim.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\we\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Ad-Aware Browsing Protection" - "Lavasoft" - "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINXP\system32\avmprmon.dll "PDFCreator" - ? - C:\WINXP\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Programme\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "ATI Smart" (ATI Smart) - ? - C:\WINXP\system32\ati2sgag.exe "Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "getPlus(R) Helper" (getPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper.dll (File not found) "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LG SCSI command service" (LGScsiCommandService) - ? - C:\WINXP\system32\LGScsiCommandService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINXP\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-22 16:41:31
-----------------------------
16:41:31.446 OS Version: Windows 5.1.2600 Service Pack 3
16:41:31.446 Number of processors: 1 586 0x602
16:41:31.446 ComputerName: WE UserName: we
16:41:31.837 Initialize success
16:42:19.915 AVAST engine defs: 12062200
16:42:22.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-17
16:42:22.759 Disk 0 Vendor: WDC_WD1600AAJB-00J3A0 01.03E01 Size: 152627MB BusType: 3
16:42:22.774 Disk 0 MBR read successfully
16:42:22.774 Disk 0 MBR scan
16:42:22.805 Disk 0 Windows XP default MBR code
16:42:22.821 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 82897 MB offset 63
16:42:22.821 Disk 0 Partition - 00 0F Extended LBA 69727 MB offset 169774920
16:42:22.837 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 69727 MB offset 169774983
16:42:22.837 Disk 0 scanning sectors +312576705
16:42:22.930 Disk 0 scanning C:\WINXP\system32\drivers
16:42:39.774 Service scanning
16:42:58.243 Modules scanning
16:43:03.509 Disk 0 trace - called modules:
16:43:04.024 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
16:43:04.024 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86778ab8]
16:43:04.024 3 CLASSPNP.SYS[f786ffd7] -> nt!IofCallDriver -> \Device\0000005a[0x8677e9e8]
16:43:04.040 5 ACPI.sys[f77e5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-17[0x8677cd98]
16:43:04.352 AVAST engine scan C:\WINXP
16:43:09.821 AVAST engine scan C:\WINXP\system32
16:47:09.571 AVAST engine scan C:\WINXP\system32\drivers
16:47:35.774 AVAST engine scan C:\Dokumente und Einstellungen\we
17:08:15.149 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:16:32.399 Scan finished successfully
17:30:55.759 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\we\Desktop\MBR.dat"
17:30:55.759 The log file has been saved successfully to "C:\Dokumente und Einstellungen\we\Desktop\aswMBR.txt"
|
|
24.06.2012, 15:27
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 23:06
| #30 |
| | Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2)Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/24/2012 at 11:29 PM
Application Version : 5.1.1002
Core Rules Database Version : 8788
Trace Rules Database Version: 6600
Scan type : Complete Scan
Total Scan Time : 01:57:51
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 33875
Registry threats detected : 1
File items scanned : 87839
File threats detected : 0
System.BrokenFileAssociation
HKCR\.exe
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.24.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 we :: WE [Administrator] Schutz: Deaktiviert 25.06.2012 00:08:34 mbam-log-2012-06-25 (00-08-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 296145 Laufzeit: 45 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Freunde haben Spammail mit meinem Absender erhalten (Offer.Bundler.ST und TR/Crypt.XPACK.Gen 2) |
| absender, ad-aware, adresse, adressen, avira, erhalte, forum, freunde, fund, interne, internet, lange, laufen, mail-account, melde, nicht mehr, schei, seite, spammail, spybot, stelle, stichwort, tr/crypt.xpack.ge, tr/crypt.xpack.gen, unterstützung, virenfund, woche |
Linear-Darstellung
