Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2012, 10:26   #1
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo liebe Freunde vom Trojaner-Board,
auch ich habe Post bekommen mit der Aufforderung eine Rechnung zu bezahlen
(habe ich an Trojaner-Virus weitergeleitet). Die "Beilage" ließ sich nicht öffnen. Es kam sofort eine Fehlermeldung. Habe sofort Anti Maleware ausgeführt. Daraufhin öffnete sich das oben beschriebene Willkommensfenster mit der Aufforderung zur Zahlung. Ich hab den PC runtergefahren und neu gestartet.
Ging auch. Jedoch sehr sehr langsam, mit geänderten und fehlenden Datei/ Ordnernamen und Favoriten. Einige Webseiten lassen sich nicht mehr aufrufen. Die Maus macht ab und an was sie will.
Das Scannen mit Eset war erfolgreich jedoch wurden die Funde von Programm gleich korrigiert.
Anti Maleware ließ sich nicht mehr starten.
Erst nach Neuinstalation (mbam-anbei).
Das Scannen mit meinem "tollen" Schutzpaket von MCAffee blieb ebenfalls ohne Ergebnis.
Ein erneutes Scannen mit Eset war ebenfalls jetzt ohne Befund.
Es wäre wirklich toll wenn ihr mir detailiert sagen könntet wie mir weiter geholfen werden kann. Weiß ehrlich nicht weiter denn ich bin leider ein Laie auf diesem Gebiet.
Vielen Dank für eure Mühe im voraus !!
Gruß Torsten


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: XXXXXXXX [Administrator]

12.06.2012 22:56:35
mbam-log-2012-06-13 (11-09-27) 2

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251164
Laufzeit: 29 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\_restore{7A5A350C-B2D6-444B-8914-09D40B7E1D9E}\RP1\A0000009.exe (Trojan.Agent.SZ) -> Keine Aktion durchgeführt.

(Ende)

Alt 15.06.2012, 19:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Bitte routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 16.06.2012, 07:42   #3
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



(code)Hallo Arne,
danke erstmal für die schnelle Antwort.
Ich bin also wie oben beschrieben vorgegangen und kam zu folgendem Ergebnis.
Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.15.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: xxxxxx [Administrator]

Schutz: Aktiviert

15.06.2012 23:38:46
mbam-log-2012-06-16 (00-42-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252397
Laufzeit: 1 Stunde(n), 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Der ESET-Scan war wie folgt:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ea1c03d83fe0c4098d85604466a8898
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 12:25:24
# local_time=2012-06-12 02:25:24 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777173 100 75 3739866 39989994 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# scanned=96583
# found=2
# cleaned=2
# scan_time=5393
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs\iymhswynr.exe Win32/Trustezeb.C Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\hsymrhsymr.pre Win32/Trustezeb.C Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ea1c03d83fe0c4098d85604466a8898
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 11:50:02
# local_time=2012-06-13 01:50:02 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 3783683 40033811 0 0
# compatibility_mode=8192 67108863 100 0 43928 43928 0 0
# scanned=95214
# found=0
# cleaned=0
# scan_time=2655
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6ea1c03d83fe0c4098d85604466a8898
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-16 12:07:06
# local_time=2012-06-16 02:07:06 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 130439 5026308 0 0
# compatibility_mode=8192 67108863 100 0 302355 302355 0 0
# scanned=95520
# found=0
# cleaned=0
# scan_time=4450

Gruß Torsten(/code)
__________________

Alt 17.06.2012, 21:10   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Die Logs bitte in CODE-Tags posten!!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 11:03   #5
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



[code]Hallo freundlicher Helfer,
der normale Modus bei Windows funktioniert uneingeschränkt.
Im Startmenü vermiß ich soweit eigentlich nichts.
Unter "alle Programme" ist alles soweit vorhanden und funtioniert auch wieder.
Anti-Maleware ging vor Neuinstalation nicht mehr und Firefox öffnete sich anfangs nicht.
Geht jetzt aber wieder. Es fehlen aber alle Favoriten. Symbolleisteneinstellung ist verändert.
Auf dem Desktop sind Ordner umbennant. Darunter auch ein Ordner mit der Bennenung
"Achtung, bitte lesen". Hab diese aber noch nicht geöffnet.
Gruß Torsten [code/]


Alt 19.06.2012, 13:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Was soll das? Du sollst die Logs (Protokolle) in CODE-Tags posten und nicht deinen normalen Text!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Verschlüsselungs-Trojaner

Alt 20.06.2012, 09:21   #7
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo Arne,

ich bin wirklich selten dämlich. Very much sorry!!
Hoffentlich klappt es diesmal mit dem "Code".
Habe beide Logfiles gepostet (OTL.txt, Extras).
Firewall und Virenschutz hatte ich deaktiviert.

Code:
ATTFilter
OTL logfile created on: 20.06.2012 07:34:48 - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,29 Mb Total Physical Memory | 641,51 Mb Available Physical Memory | 62,69% Memory free
2,40 Gb Paging File | 1,71 Gb Available in Paging File | 71,26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 84,95 Gb Total Space | 50,90 Gb Free Space | 59,92% Space Free | Partition Type: NTFS
Drive D: | 143,06 Gb Total Space | 139,85 Gb Free Space | 97,76% Space Free | Partition Type: NTFS
 
Computer Name: KNUFFEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.20 07:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.21 21:17:10 | 000,795,600 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcupdate.exe
PRC - [2012.03.21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2012.03.20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012.03.20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\Mcafee\SystemCore\mfefire.exe
PRC - [2012.03.20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\Mcafee\SystemCore\mcshield.exe
PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.12.17 09:04:21 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.28 01:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2002.10.15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 12:24:43 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 12:24:28 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.14 12:20:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:20:05 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 06:26:19 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.11 08:43:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 08:42:46 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.11 08:42:24 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012.05.11 08:41:44 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012.05.11 08:40:58 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 08:40:39 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012.05.11 08:37:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 08:24:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 08:23:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.08.10 18:46:39 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:39 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2011.08.10 18:46:39 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2011.08.10 18:46:39 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2011.08.10 18:46:39 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2011.08.10 18:46:38 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:38 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:38 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:38 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:38 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:38 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:37 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:37 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:37 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:36 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:33 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:33 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.08.10 18:46:33 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:33 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:33 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:32 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:32 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:32 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:32 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:31 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:31 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.08.10 18:46:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:31 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.08.10 18:46:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.08.10 18:46:30 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.08.10 18:46:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.08.10 18:46:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.08.10 18:46:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.08.10 18:46:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.08.10 18:46:29 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.08.10 18:46:29 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.08.10 18:46:27 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.08.10 18:46:27 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.08.10 18:46:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.08.10 18:46:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.08.10 18:46:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011.08.10 18:46:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011.08.10 18:46:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.08.10 18:46:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.08.10 18:46:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.08.10 18:46:25 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.08.10 18:46:25 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.08.10 18:46:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.08.10 18:46:25 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.08.10 18:46:24 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.08.10 18:46:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.08.10 18:46:24 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011.08.10 18:46:22 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.08.10 18:46:21 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.08.10 18:46:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.08.10 18:46:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.08.10 18:46:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.08.10 18:46:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.08.10 18:46:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.08.10 18:46:19 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.08.10 18:46:19 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.08.10 18:46:19 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011.08.10 18:46:19 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.08.10 18:46:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.08.10 18:46:18 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.08.10 18:46:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.08.10 18:46:18 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.08.10 18:46:18 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.08.10 18:46:18 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.08.10 18:46:17 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.08.10 18:46:17 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.08.10 18:46:17 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.08.10 18:46:17 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.08.10 18:46:17 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.08.10 18:46:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.08.10 18:46:17 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.08.10 18:46:17 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.08.10 18:46:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.08.10 18:46:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.08.10 18:46:15 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.08.10 18:46:15 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011.08.10 18:46:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.08.10 18:46:15 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.08.10 18:46:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.08.10 18:46:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll
MOD - [2011.08.10 18:46:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.08.10 18:46:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.18 08:07:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.07 19:51:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012.03.20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012.03.20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.12.08 14:02:58 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.06.12 19:30:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012.02.22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012.02.22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012.02.22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012.02.22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012.02.22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012.02.22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012.02.22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012.02.22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012.02.22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011.05.22 22:51:26 | 000,020,216 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.02.25 18:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010.02.11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2008.04.13 20:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.12.28 01:02:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 01:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2003.03.14 13:36:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002.11.18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=14adae8c000000000000001a4f47e2d6
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=14adae8c000000000000001a4f47e2d6
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=99DD6A91-37C9-48C9-861A-9BBDD1F93C7B&apn_sauid=193D8F02-8DA8-4741-8A4A-AAD2DAD65762
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Programme\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.11 06:21:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2012.02.27 11:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.12 08:54:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2012.06.20 07:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.18 08:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 10:40:36 | 000,000,000 | ---D | M]
 
[2011.08.08 16:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2012.06.13 12:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions
[2012.05.23 23:30:18 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\battlefieldheroespatcher@ea.com
[2012.06.12 12:41:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de
[2011.11.04 09:27:20 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\djreEUANsEUArsodj
[2011.11.04 09:27:20 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\GsoUXNeEdpNeEUXrs
[2011.08.08 17:06:52 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxLfagGnVaOGLVT
[2010.09.28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxnVagGLfTOxnfTgGL
[2011.11.04 09:27:20 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\sAvpEUlvXodDvpEdDJX
[2011.11.04 09:27:20 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\tlLVaglLfTODLVa
[2012.05.02 23:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.02 23:21:01 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.03.18 01:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.03.18 01:57:57 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.06.18 08:07:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2011.12.08 14:02:58 | 000,063,632 | ---- | M] (soft Xpansion) -- C:\Programme\mozilla firefox\plugins\np-sxpdf.dll
[2012.02.17 09:51:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.16 21:42:20 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.11.11 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\Mcafee\SystemCore\ScriptSn.20120430005335.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Perfect PDF 6) - {2CEFDF99-7ED5-4884-9384-66BAFC1949BB} - C:\Programme\soft Xpansion\Perfect PDF 6 Converter\iexp32.dll (soft Xpansion)
O3 - HKU\S-1-5-21-682003330-573735546-725345543-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-682003330-573735546-725345543-500..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-682003330-573735546-725345543-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Gabest = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\627632.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O15 - HKU\S-1-5-21-682003330-573735546-725345543-500\..Trusted Domains: internet ([]about in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-682003330-573735546-725345543-500\..Trusted Domains: mcafee.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-682003330-573735546-725345543-500\..Trusted Domains: mcafee.com ([]https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1328620262296 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.24 11:48:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^Netzmanager.lnk - C:\Programme\Netzmanager\netzmanager.exe - (Deutsche Telekom AG)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WISO Mein Steuer-Sparbuch heute.lnk - C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe - ()
 
SafeBootMin: mcmscsvc - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
 
SafeBootNet: McMPFSvc - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 07:24:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.06.20 07:14:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012.06.20 07:03:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2012.06.12 22:51:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.12 22:51:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.12 22:51:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.12 19:29:52 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.06.12 19:29:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.06.12 12:53:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.12 08:38:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs
[2012.05.30 21:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PunkBuster
[2012.05.29 20:37:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Battlefield Heroes
[2012.05.23 23:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EA Games
[2012.05.23 23:31:01 | 000,000,000 | ---D | C] -- C:\Programme\EA Games
[2012.05.23 22:33:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Schriftverkehr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 07:24:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2012.06.20 06:59:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-573735546-725345543-500.job
[2012.06.20 06:58:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.20 06:58:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.20 06:58:49 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 05:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.18 13:00:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2012.06.16 08:06:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-682003330-573735546-725345543-500.job
[2012.06.14 12:17:04 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 06:26:37 | 000,452,398 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 06:26:37 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 06:26:37 | 000,081,356 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.14 06:26:37 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 11:10:21 | 000,003,582 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-log-2012-06-13 (11-09-27) 2
[2012.06.12 22:51:36 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.05 11:56:12 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012.06.05 11:55:45 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012.05.30 23:52:39 | 000,000,190 | ---- | M] () -- C:\vdeNxjdsNGjdsrGAUer
[2012.05.30 21:34:48 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012.05.28 20:22:23 | 000,423,258 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\qQdLNTAdLrajUnN
[2012.05.26 23:40:17 | 000,000,667 | ---- | M] () -- C:\WINDOWS\wiso.ini
[2012.05.23 23:45:35 | 000,138,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.13 11:09:50 | 000,003,582 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-log-2012-06-13 (11-09-27) 2
[2012.06.12 22:51:36 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 21:34:48 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012.05.23 23:45:36 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012.05.23 23:45:35 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys
[2012.05.23 23:45:06 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012.05.23 23:45:06 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012.05.23 23:45:03 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012.05.11 08:49:58 | 000,234,752 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.02.22 16:56:18 | 000,000,667 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2012.02.15 11:20:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 19:53:16 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2011.12.17 08:40:02 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll
[2011.12.17 08:40:02 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[2011.12.17 08:39:59 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011.09.17 23:14:18 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2011.09.04 17:08:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.08.11 07:59:07 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.08.11 07:59:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.08.11 07:59:04 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.08.11 07:59:04 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.08.11 07:59:04 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.08.10 18:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.08.10 18:44:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.08.10 10:54:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2011.08.10 08:57:46 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2011.08.10 08:57:46 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2011.08.08 16:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.08.08 15:11:15 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010.10.01 14:15:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.11 19:35:19 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.11 19:35:18 | 000,040,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 19:59:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2010.07.24 19:56:25 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2010.07.24 12:06:35 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.07.24 11:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.24 11:57:54 | 000,213,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.24 11:50:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.07.24 11:44:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2011.11.09 11:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACShredder
[2011.11.13 14:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AnvSoft
[2011.12.22 08:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ashampoo
[2012.04.18 19:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon
[2012.02.22 16:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service
[2011.12.17 08:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\concept design
[2012.03.15 10:12:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dpdhl.versandhelfer
[2011.11.18 15:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoft
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.02.21 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2012.06.12 08:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Neverball
[2012.02.03 21:47:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickScan
[2011.11.29 23:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2011.12.14 21:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simfy
[2012.02.03 21:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrojanHunter
[2011.11.20 12:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.05.17 12:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Unity
[2012.06.12 12:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs
[2011.12.22 08:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2012.02.16 10:55:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.12.16 21:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.06.12 08:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\backup
[2012.05.25 14:25:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.06.12 08:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\copypart
[2012.06.12 08:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\createpart
[2012.06.12 08:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\deletepart
[2011.08.09 09:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverBoost
[2012.01.03 15:31:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2012.06.12 08:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2010.10.01 14:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grey Alien Games
[2012.06.12 08:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2012.06.12 08:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Licenses
[2012.06.12 08:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mergeparts
[2011.08.22 09:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS
[2012.06.12 08:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2012.01.18 20:24:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin
[2012.02.18 14:21:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2012.06.12 08:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2012.06.12 08:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\redistpart
[2011.12.08 14:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion
[2011.12.10 16:17:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.04.23 12:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.06.12 08:54:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.06.12 08:54:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.12 08:54:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2011.08.21 14:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2012.06.18 13:00:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\vtscheduletask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.09 11:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ACShredder
[2011.12.24 08:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahead
[2011.11.13 14:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AnvSoft
[2011.12.22 08:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ashampoo
[2011.08.10 18:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ATI
[2012.04.18 19:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon
[2012.02.22 16:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Buhl Data Service
[2011.12.17 08:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\concept design
[2011.08.11 11:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
[2012.03.15 10:12:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dpdhl.versandhelfer
[2011.11.18 15:40:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoft
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.02.21 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2011.12.22 10:49:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Help
[2010.07.24 11:52:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.24 08:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.01.26 12:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2012.01.29 08:04:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\McAfee
[2012.05.20 09:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Media Player Classic
[2012.05.09 11:27:50 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.08.08 16:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.06.12 08:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Neverball
[2012.02.03 21:47:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickScan
[2011.11.29 23:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\RavensburgerTipToi
[2012.06.07 11:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real
[2011.12.14 21:20:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Simfy
[2012.01.03 10:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2012.02.03 21:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrojanHunter
[2011.11.20 12:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2012.05.17 12:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Unity
[2012.06.12 08:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2012.06.12 12:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs
 
< %APPDATA%\*.exe /s >
[2011.12.14 20:54:58 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.01 00:52:30 | 001,353,664 | ---- | M] (EA Digital Illusions CE AB) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
[2012.06.18 11:18:22 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.06.18 12:18:15 | 028,087,744 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012.06.18 12:17:39 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.11.11 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.08.08 16:09:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.08.08 16:09:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.11.11 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.08.08 16:09:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.08.08 16:09:25 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.11.11 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.11.11 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.11.11 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.11.11 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.11.11 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.11.11 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.11.11 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.11.11 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.11.11 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.06.12 19:30:02 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2010.07.24 12:56:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.07.24 12:56:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.07.24 12:56:18 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C798CE3C
@Alternate Data Stream - 153 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93F3E4C9

< End of report >
         




Außerdem gab es noch folgenden EXTRA- Logfile


Code:
ATTFilter
OTL Extras logfile created on: 20.06.2012 07:34:48 - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,29 Mb Total Physical Memory | 641,51 Mb Available Physical Memory | 62,69% Memory free
2,40 Gb Paging File | 1,71 Gb Available in Paging File | 71,26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 84,95 Gb Total Space | 50,90 Gb Free Space | 59,92% Space Free | Partition Type: NTFS
Drive D: | 143,06 Gb Total Space | 139,85 Gb Free Space | 97,76% Space Free | Partition Type: NTFS
 
Computer Name: KNUFFEL | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57236:TCP" = 57236:TCP:*:Enabled:Pando Media Booster
"57236:UDP" = 57236:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57236:TCP" = 57236:TCP:*:Enabled:Pando Media Booster
"57236:UDP" = 57236:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{221DF177-A4AF-43CA-9E84-7B1DC1B23C47}" = Hercules Audio - Benutzerhandbuch
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29778A23-2B6D-46E8-82C6-5B2484033344}" = Panda ActiveScan Cleaner
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = Franzis onlineTV 6
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D309F9-38AB-4cc3-8DA7-0544F5011788}" = soft Xpansion Perfect PDF 6 Converter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48DC94B-E4EC-6F4C-6CA2-B3F2D13FF0FD}" = ATI Catalyst Install Manager
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Any Video Converter_is1" = Any Video Converter 3.2.5
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"ATI Display Driver" = ATI Display Driver
"AVMWLANCLI" = AVM FRITZ!WLAN
"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.8.0.0
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffs2011_is1" = Franzis Führerschein Trainer 2012
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HWiNFO32_is1" = HWiNFO32 Version 3.84
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.6.0 (Full)
"KVB-Erstattungsantrag PC_is1" = KVB-Erstattungsantrag PC 2.62
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netzmanager" = Netzmanager
"Neverball" = Neverball 1.5.4
"PCI Audio Driver" = PCI Audio Driver
"PunkBusterSvc" = PunkBuster Services
"Ravensburger tiptoi" = Ravensburger tiptoi
"RealPlayer 15.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.01.2012 21:24:46 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 4088 (0xff8)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\mfc42.dll

 by C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   7200(0)(0)

 7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 26.01.2012 21:26:27 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2532 (0x9e4)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Programme\Adobe\Reader
 10.0\Reader\plug_ins\Spelling.api   by C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe

 4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)

 
Error - 26.01.2012 21:58:44 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 584 (0x248)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   5008(4703)(0)   5008(750)(0)   5008(578)(0)   5008(0)(0)   5008(15110)(0)   5008(3265)(0)

 5008(0)(0)   5008(1016)(0)  
 
Error - 29.01.2012 10:41:06 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2100 (0x834)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\sxs.dll

 by C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   7200(0)(0)

 7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 29.01.2012 10:45:16 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2108 (0x83c)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\mshtml.dll

 by C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   7200(0)(0)

 7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 29.01.2012 10:46:39 | Computer Name = KNUFFEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul mshtml.dll, Version 8.0.6001.19120, Fehleradresse 0x000a24f7.
 
Error - 30.01.2012 13:36:34 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 1772 (0x6ec)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Programme\Real\RealPlayer\Update\setu3270.dll

 by C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   7200(0)(0)

 7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 31.01.2012 20:36:00 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2800 (0xaf0)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Programme\McAfee\MSC\mcinfo.exe

 by C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe   4(31)(0)   4(31)(0)   7200(31)(0)

 7595(31)(0)   7005(15)(0)   7004(15)(0)   5006(15)(0)   5004(15)(0)  
 
Error - 05.02.2012 05:00:58 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 1448 (0x5a8)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\hnetcfg.dll

 by C:\Programme\AVAST Software\Avast\AvastSvc.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)

 7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 05.02.2012 05:05:51 | Computer Name = KNUFFEL | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 3340 (0xd0c)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.380
 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemcons.dll

 by C:\WINDOWS\System32\svchost.exe   4(63)(0)   4(47)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)

 7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
[ System Events ]
Error - 14.06.2012 06:39:17 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 14.06.2012 21:33:49 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 15.06.2012 05:26:42 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 15.06.2012 05:28:36 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 15.06.2012 05:30:17 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 17.06.2012 06:22:31 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 17.06.2012 06:29:16 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 17.06.2012 06:35:47 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 18.06.2012 02:05:08 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   i8042prt
 
Error - 20.06.2012 01:00:53 | Computer Name = KNUFFEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
 
< End of report >
         
Gruß Torsten

Alt 20.06.2012, 11:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=14adae8c000000000000001a4f47e2d6
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=14adae8c000000000000001a4f47e2d6
IE - HKU\S-1-5-21-682003330-573735546-725345543-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=99DD6A91-37C9-48C9-861A-9BBDD1F93C7B&apn_sauid=193D8F02-8DA8-4741-8A4A-AAD2DAD65762
FF - user.js - File not found
[2012.06.12 12:41:01 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de
[2011.11.04 09:27:20 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\djreEUANsEUArsodj
[2011.11.04 09:27:20 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\GsoUXNeEdpNeEUXrs
[2011.08.08 17:06:52 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxLfagGnVaOGLVT
[2010.09.28 22:39:14 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxnVagGLfTOxnfTgGL
[2011.11.04 09:27:20 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\sAvpEUlvXodDvpEdDJX
[2011.11.04 09:27:20 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\tlLVaglLfTODLVa
[2012.05.02 23:21:01 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.03.18 01:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.03.18 01:57:57 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2011.12.16 21:42:20 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-682003330-573735546-725345543-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-682003330-573735546-725345543-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Gabest = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\627632.exe
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.24 11:48:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta
[2012.06.12 08:38:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs
[2012.04.18 19:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem
[2012.06.12 08:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon
@Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C798CE3C
@Alternate Data Stream - 153 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93F3E4C9
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 12:14   #9
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo
Ich hab jetzt das OTL-Fix durchgeführt.

Hier das Logfile nach dem Rechnerneustart.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\skin folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\locale folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\content folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de\components folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\extensions\toolbar@web.de folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\djreEUANsEUArsodj moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\GsoUXNeEdpNeEUXrs moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxLfagGnVaOGLVT moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\qOxnVagGLfTOxnfTgGL moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\sAvpEUlvXodDvpEdDJX moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\5w66rxfx.default\searchplugins\tlLVaglLfTODLVa moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de folder moved successfully.
C:\Programme\Mozilla Firefox\distribution\extensions folder moved successfully.
Folder C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de\ not found.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery\ not found.
Registry key HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-682003330-573735546-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Gabest deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4119e7a2-4912-11e1-9172-001a4f47e2d6}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta not found.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Yliymhs folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem\Cradle Of Rome\Save folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem\Cradle Of Rome folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C798CE3C deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93F3E4C9 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 11716606 bytes
->Temporary Internet Files folder emptied: 1243234 bytes
->Java cache emptied: 18009320 bytes
->FireFox cache emptied: 162867087 bytes
->Flash cache emptied: 58177 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33566 bytes
 
User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 599431 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 187,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.50.0 log created on 06212012_120107

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...
         
Gruß Torsten

Alt 21.06.2012, 15:04   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Code:
ATTFilter
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem\Cradle Of Rome\Save folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem\Cradle Of Rome folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Awem folder moved successfully.
         
Uhje, ich fürchte ich hab den Ordner Awem mit Malware verwechsellt
Falls du in brauchst, er sollte in C:\_OTL\MovedFiles (und dann entsprechend im Unterverzeichnis) zu finden sein. Einfach wieder an den Ursprungsort kopieren



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 22:28   #11
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo Arne,

die versehentlich verschobene Datei brauch ich nicht.
Hab also alles soweit ausgeführt.
Hier jetzt das Logfile vom TDSS-Killer.

Code:
ATTFilter
07:57:59.0968 1868	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
07:58:01.0984 1868	============================================================
07:58:01.0984 1868	Current date / time: 2006/08/16 07:58:01.0984
07:58:01.0984 1868	SystemInfo:
07:58:01.0984 1868	
07:58:01.0984 1868	OS Version: 5.1.2600 ServicePack: 3.0
07:58:01.0984 1868	Product type: Workstation
07:58:01.0984 1868	ComputerName: XXXXXX
07:58:01.0984 1868	UserName: Administrator
07:58:01.0984 1868	Windows directory: C:\WINDOWS
07:58:01.0984 1868	System windows directory: C:\WINDOWS
07:58:01.0984 1868	Processor architecture: Intel x86
07:58:01.0984 1868	Number of processors: 2
07:58:01.0984 1868	Page size: 0x1000
07:58:01.0984 1868	Boot type: Normal boot
07:58:01.0984 1868	============================================================
07:58:04.0515 1868	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:58:04.0546 1868	============================================================
07:58:04.0546 1868	\Device\Harddisk0\DR0:
07:58:04.0546 1868	MBR partitions:
07:58:04.0546 1868	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0xA9E4611
07:58:04.0562 1868	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB3A6C8D, BlocksNum 0x11E1D8F4
07:58:04.0562 1868	============================================================
07:58:04.0625 1868	D: <-> \Device\Harddisk0\DR0\Partition1
07:58:04.0687 1868	C: <-> \Device\Harddisk0\DR0\Partition0
07:58:04.0687 1868	============================================================
07:58:04.0687 1868	Initialize success
07:58:04.0687 1868	============================================================
08:01:12.0906 3832	============================================================
08:01:12.0906 3832	Scan started
08:01:12.0906 3832	Mode: Manual; SigCheck; TDLFS; 
08:01:12.0906 3832	============================================================
08:01:13.0078 3832	Abiosdsk - ok
08:01:13.0093 3832	abp480n5 - ok
08:01:13.0140 3832	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:01:14.0031 3832	ACPI - ok
08:01:14.0062 3832	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:01:14.0218 3832	ACPIEC - ok
08:01:14.0265 3832	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:01:14.0296 3832	AdobeFlashPlayerUpdateSvc - ok
08:01:14.0312 3832	adpu160m - ok
08:01:14.0343 3832	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:01:14.0500 3832	aec - ok
08:01:14.0546 3832	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:01:14.0593 3832	AFD - ok
08:01:14.0593 3832	Aha154x - ok
08:01:14.0609 3832	aic78u2 - ok
08:01:14.0609 3832	aic78xx - ok
08:01:14.0640 3832	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
08:01:14.0796 3832	Alerter - ok
08:01:14.0812 3832	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
08:01:14.0968 3832	ALG - ok
08:01:14.0968 3832	AliIde - ok
08:01:14.0984 3832	amsint - ok
08:01:15.0015 3832	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
08:01:15.0156 3832	AppMgmt - ok
08:01:15.0203 3832	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:01:15.0359 3832	Arp1394 - ok
08:01:15.0359 3832	asc - ok
08:01:15.0375 3832	asc3350p - ok
08:01:15.0375 3832	asc3550 - ok
08:01:15.0453 3832	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:01:15.0468 3832	aspnet_state - ok
08:01:15.0484 3832	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:01:15.0640 3832	AsyncMac - ok
08:01:15.0656 3832	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:01:15.0812 3832	atapi - ok
08:01:15.0812 3832	Atdisk - ok
08:01:15.0875 3832	Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe
08:01:15.0921 3832	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
08:01:15.0921 3832	Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
08:01:15.0968 3832	ATI Smart       (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe
08:01:16.0015 3832	ATI Smart ( UnsignedFile.Multi.Generic ) - warning
08:01:16.0015 3832	ATI Smart - detected UnsignedFile.Multi.Generic (1)
08:01:16.0187 3832	ati2mtag        (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:01:16.0328 3832	ati2mtag ( UnsignedFile.Multi.Generic ) - warning
08:01:16.0328 3832	ati2mtag - detected UnsignedFile.Multi.Generic (1)
08:01:16.0421 3832	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:01:16.0578 3832	Atmarpc - ok
08:01:16.0609 3832	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
08:01:16.0765 3832	AudioSrv - ok
08:01:16.0796 3832	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:01:16.0953 3832	audstub - ok
08:01:17.0031 3832	AVM WLAN Connection Service (9bd46c1d2f33a890b7226edf543f18aa) C:\Programme\avmwlanstick\WlanNetService.exe
08:01:17.0078 3832	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
08:01:17.0078 3832	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
08:01:17.0093 3832	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
08:01:17.0125 3832	avmeject ( UnsignedFile.Multi.Generic ) - warning
08:01:17.0125 3832	avmeject - detected UnsignedFile.Multi.Generic (1)
08:01:17.0156 3832	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:01:17.0312 3832	Beep - ok
08:01:17.0359 3832	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
08:01:17.0546 3832	BITS - ok
08:01:17.0562 3832	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
08:01:17.0765 3832	Browser - ok
08:01:17.0781 3832	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:01:17.0953 3832	cbidf2k - ok
08:01:17.0968 3832	cd20xrnt - ok
08:01:17.0984 3832	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:01:18.0156 3832	Cdaudio - ok
08:01:18.0171 3832	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:01:18.0343 3832	Cdfs - ok
08:01:18.0359 3832	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:01:18.0515 3832	Cdrom - ok
08:01:18.0546 3832	cfwids          (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\WINDOWS\system32\drivers\cfwids.sys
08:01:18.0578 3832	cfwids - ok
08:01:18.0593 3832	Changer - ok
08:01:18.0609 3832	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
08:01:18.0781 3832	CiSvc - ok
08:01:18.0796 3832	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
08:01:18.0953 3832	ClipSrv - ok
08:01:19.0015 3832	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:01:19.0062 3832	clr_optimization_v2.0.50727_32 - ok
08:01:19.0062 3832	CmdIde - ok
08:01:19.0109 3832	cmpci           (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
08:01:19.0187 3832	cmpci - ok
08:01:19.0203 3832	COMSysApp - ok
08:01:19.0218 3832	Cpqarray - ok
08:01:19.0296 3832	cpuz130 - ok
08:01:19.0328 3832	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
08:01:19.0500 3832	CryptSvc - ok
08:01:19.0500 3832	dac2w2k - ok
08:01:19.0515 3832	dac960nt - ok
08:01:19.0562 3832	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:01:19.0656 3832	DcomLaunch - ok
08:01:19.0687 3832	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
08:01:19.0843 3832	Dhcp - ok
08:01:19.0859 3832	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:01:20.0000 3832	Disk - ok
08:01:20.0015 3832	dmadmin - ok
08:01:20.0062 3832	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
08:01:20.0265 3832	dmboot - ok
08:01:20.0281 3832	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
08:01:20.0437 3832	dmio - ok
08:01:20.0453 3832	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:01:20.0609 3832	dmload - ok
08:01:20.0640 3832	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
08:01:20.0781 3832	dmserver - ok
08:01:20.0812 3832	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:01:20.0953 3832	DMusic - ok
08:01:20.0984 3832	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
08:01:21.0078 3832	Dnscache - ok
08:01:21.0125 3832	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
08:01:21.0265 3832	Dot3svc - ok
08:01:21.0281 3832	dpti2o - ok
08:01:21.0296 3832	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:01:21.0453 3832	drmkaud - ok
08:01:21.0468 3832	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
08:01:21.0625 3832	EapHost - ok
08:01:21.0656 3832	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
08:01:21.0812 3832	ERSvc - ok
08:01:21.0843 3832	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:01:21.0921 3832	Eventlog - ok
08:01:21.0968 3832	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
08:01:22.0015 3832	EventSystem - ok
08:01:22.0062 3832	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:01:22.0218 3832	Fastfat - ok
08:01:22.0250 3832	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:01:22.0312 3832	FastUserSwitchingCompatibility - ok
08:01:22.0343 3832	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:01:22.0484 3832	Fdc - ok
08:01:22.0500 3832	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
08:01:22.0656 3832	Fips - ok
08:01:22.0671 3832	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:01:22.0812 3832	Flpydisk - ok
08:01:22.0859 3832	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:01:23.0000 3832	FltMgr - ok
08:01:23.0078 3832	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:01:23.0109 3832	FontCache3.0.0.0 - ok
08:01:23.0125 3832	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:01:23.0296 3832	Fs_Rec - ok
08:01:23.0312 3832	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:01:23.0453 3832	Ftdisk - ok
08:01:23.0500 3832	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
08:01:23.0546 3832	FWLANUSB - ok
08:01:23.0593 3832	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:01:23.0750 3832	gameenum - ok
08:01:23.0765 3832	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:01:23.0906 3832	Gpc - ok
08:01:23.0953 3832	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:01:24.0093 3832	HDAudBus - ok
08:01:24.0140 3832	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:01:24.0296 3832	helpsvc - ok
08:01:24.0312 3832	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
08:01:24.0453 3832	HidServ - ok
08:01:24.0468 3832	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:01:24.0625 3832	hidusb - ok
08:01:24.0640 3832	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
08:01:24.0796 3832	hkmsvc - ok
08:01:24.0796 3832	hpn - ok
08:01:24.0843 3832	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:01:24.0890 3832	HTTP - ok
08:01:24.0906 3832	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
08:01:25.0062 3832	HTTPFilter - ok
08:01:25.0109 3832	HWiNFO32        (a8631a5c888203d9ebef43a474d7613f) C:\Programme\HWiNFO32\HWiNFO32.SYS
08:01:25.0140 3832	HWiNFO32 - ok
08:01:25.0140 3832	i2omgmt - ok
08:01:25.0156 3832	i2omp - ok
08:01:25.0171 3832	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:01:25.0343 3832	i8042prt - ok
08:01:25.0421 3832	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:01:25.0468 3832	idsvc - ok
08:01:25.0515 3832	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:01:25.0671 3832	Imapi - ok
08:01:25.0703 3832	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
08:01:25.0859 3832	ImapiService - ok
08:01:25.0859 3832	ini910u - ok
08:01:25.0875 3832	IntelIde - ok
08:01:25.0890 3832	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:01:26.0046 3832	intelppm - ok
08:01:26.0062 3832	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:01:26.0218 3832	Ip6Fw - ok
08:01:26.0250 3832	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:01:26.0406 3832	IpFilterDriver - ok
08:01:26.0421 3832	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:01:26.0562 3832	IpInIp - ok
08:01:26.0593 3832	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:01:26.0750 3832	IpNat - ok
08:01:26.0765 3832	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:01:26.0906 3832	IPSec - ok
08:01:26.0937 3832	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:01:27.0062 3832	IRENUM - ok
08:01:27.0093 3832	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:01:27.0234 3832	isapnp - ok
08:01:27.0328 3832	JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
08:01:27.0359 3832	JavaQuickStarterService - ok
08:01:27.0390 3832	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:01:27.0531 3832	Kbdclass - ok
08:01:27.0546 3832	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:01:27.0703 3832	kbdhid - ok
08:01:27.0734 3832	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:01:27.0890 3832	kmixer - ok
08:01:27.0921 3832	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:01:27.0984 3832	KSecDD - ok
08:01:28.0015 3832	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
08:01:28.0046 3832	lanmanserver - ok
08:01:28.0062 3832	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
08:01:28.0109 3832	lanmanworkstation - ok
08:01:28.0109 3832	lbrtfdc - ok
08:01:28.0140 3832	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
08:01:28.0296 3832	LmHosts - ok
08:01:28.0328 3832	MagicTune       (b3b7c5f26f3f8c7992350b7ede64f5c9) C:\WINDOWS\system32\drivers\MTiCtwl.sys
08:01:28.0359 3832	MagicTune - ok
08:01:28.0375 3832	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
08:01:28.0406 3832	MBAMProtector - ok
08:01:28.0468 3832	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
08:01:28.0515 3832	MBAMService - ok
08:01:28.0578 3832	McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0609 3832	McAfee SiteAdvisor Service - ok
08:01:28.0656 3832	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
08:01:28.0687 3832	McComponentHostService - ok
08:01:28.0703 3832	McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0718 3832	McMPFSvc - ok
08:01:28.0734 3832	mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0765 3832	mcmscsvc - ok
08:01:28.0765 3832	McNaiAnn        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0796 3832	McNaiAnn - ok
08:01:28.0796 3832	McNASvc         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0828 3832	McNASvc - ok
08:01:28.0906 3832	McODS           (135aa9e9e7047b7dc1f753205d421a26) C:\Programme\McAfee\VirusScan\mcods.exe
08:01:28.0937 3832	McODS - ok
08:01:28.0937 3832	McProxy         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:28.0968 3832	McProxy - ok
08:01:29.0031 3832	McShield        (593fa4c378818ece76ba64a11ad56cf2) C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe
08:01:29.0062 3832	McShield - ok
08:01:29.0125 3832	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
08:01:29.0281 3832	Messenger - ok
08:01:29.0312 3832	mfeapfk         (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\WINDOWS\system32\drivers\mfeapfk.sys
08:01:29.0343 3832	mfeapfk - ok
08:01:29.0359 3832	mfeavfk         (c1dc5f42d3367f33b6451be78b38bd46) C:\WINDOWS\system32\drivers\mfeavfk.sys
08:01:29.0390 3832	mfeavfk - ok
08:01:29.0390 3832	mfeavfk01 - ok
08:01:29.0421 3832	mfebopk         (0435c43f4c2be01b84868ad2a906397b) C:\WINDOWS\system32\drivers\mfebopk.sys
08:01:29.0453 3832	mfebopk - ok
08:01:29.0468 3832	mfefire         (7e1f8b1bdc8240f08bd358b3a466c005) C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe
08:01:29.0484 3832	mfefire - ok
08:01:29.0515 3832	mfefirek        (4ea6ff90015424517843e931448e00f1) C:\WINDOWS\system32\drivers\mfefirek.sys
08:01:29.0546 3832	mfefirek - ok
08:01:29.0578 3832	mfehidk         (d1e998748ba24a731106611d535c6bbf) C:\WINDOWS\system32\drivers\mfehidk.sys
08:01:29.0625 3832	mfehidk - ok
08:01:29.0640 3832	mfendisk        (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:01:29.0671 3832	mfendisk - ok
08:01:29.0671 3832	mfendiskmp      (26c76d10ed650e6492800d6f081ecfba) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
08:01:29.0703 3832	mfendiskmp - ok
08:01:29.0718 3832	mferkdet        (f454a13377f0a006d20a8c14a753c432) C:\WINDOWS\system32\drivers\mferkdet.sys
08:01:29.0765 3832	mferkdet - ok
08:01:29.0781 3832	mfetdi2k        (070d3faf2eac417c59d8674a8752f7a6) C:\WINDOWS\system32\drivers\mfetdi2k.sys
08:01:29.0812 3832	mfetdi2k - ok
08:01:29.0828 3832	mfevtp          (b10c4efd40810c08f4b44df2efcb54f7) C:\WINDOWS\system32\mfevtps.exe
08:01:29.0859 3832	mfevtp - ok
08:01:29.0890 3832	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:01:30.0046 3832	mnmdd - ok
08:01:30.0078 3832	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
08:01:30.0234 3832	mnmsrvc - ok
08:01:30.0250 3832	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
08:01:30.0390 3832	Modem - ok
08:01:30.0406 3832	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:01:30.0562 3832	Mouclass - ok
08:01:30.0609 3832	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:01:30.0765 3832	mouhid - ok
08:01:30.0796 3832	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:01:30.0937 3832	MountMgr - ok
08:01:31.0000 3832	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
08:01:31.0031 3832	MozillaMaintenance - ok
08:01:31.0046 3832	mraid35x - ok
08:01:31.0062 3832	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:01:31.0218 3832	MRxDAV - ok
08:01:31.0281 3832	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:01:31.0328 3832	MRxSmb - ok
08:01:31.0343 3832	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
08:01:31.0500 3832	MSDTC - ok
08:01:31.0531 3832	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:01:31.0671 3832	Msfs - ok
08:01:31.0671 3832	MSIServer - ok
08:01:31.0734 3832	MSK80Service    (7e6932eeda54c8eaf7dc6c2225261b85) C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
08:01:31.0765 3832	MSK80Service - ok
08:01:31.0781 3832	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:01:31.0937 3832	MSKSSRV - ok
08:01:31.0937 3832	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:01:32.0078 3832	MSPCLOCK - ok
08:01:32.0078 3832	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:01:32.0234 3832	MSPQM - ok
08:01:32.0250 3832	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:01:32.0390 3832	mssmbios - ok
08:01:32.0421 3832	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:01:32.0468 3832	Mup - ok
08:01:32.0500 3832	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
08:01:32.0656 3832	napagent - ok
08:01:32.0671 3832	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:01:32.0828 3832	NDIS - ok
08:01:32.0859 3832	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:01:32.0875 3832	NdisTapi - ok
08:01:32.0906 3832	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:01:33.0046 3832	Ndisuio - ok
08:01:33.0062 3832	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:01:33.0203 3832	NdisWan - ok
08:01:33.0234 3832	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:01:33.0265 3832	NDProxy - ok
08:01:33.0281 3832	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:01:33.0421 3832	NetBIOS - ok
08:01:33.0437 3832	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:01:33.0593 3832	NetBT - ok
08:01:33.0625 3832	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:01:33.0781 3832	NetDDE - ok
08:01:33.0781 3832	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
08:01:33.0921 3832	NetDDEdsdm - ok
08:01:33.0953 3832	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:01:34.0093 3832	Netlogon - ok
08:01:34.0109 3832	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
08:01:34.0250 3832	Netman - ok
08:01:34.0328 3832	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:01:34.0343 3832	NetTcpPortSharing - ok
08:01:34.0531 3832	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
08:01:34.0640 3832	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
08:01:34.0640 3832	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
08:01:34.0734 3832	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:01:34.0875 3832	NIC1394 - ok
08:01:34.0921 3832	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
08:01:34.0984 3832	Nla - ok
08:01:35.0000 3832	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:01:35.0140 3832	Npfs - ok
08:01:35.0171 3832	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:01:35.0312 3832	Ntfs - ok
08:01:35.0343 3832	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:01:35.0484 3832	NtLmSsp - ok
08:01:35.0515 3832	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
08:01:35.0687 3832	NtmsSvc - ok
08:01:35.0718 3832	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:01:35.0875 3832	Null - ok
08:01:35.0906 3832	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:01:36.0078 3832	NwlnkFlt - ok
08:01:36.0078 3832	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:01:36.0234 3832	NwlnkFwd - ok
08:01:36.0250 3832	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:01:36.0390 3832	ohci1394 - ok
08:01:36.0453 3832	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
08:01:36.0484 3832	ose - ok
08:01:36.0515 3832	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
08:01:36.0671 3832	Parport - ok
08:01:36.0671 3832	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:01:36.0828 3832	PartMgr - ok
08:01:36.0859 3832	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
08:01:37.0031 3832	ParVdm - ok
08:01:37.0046 3832	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
08:01:37.0171 3832	PCI - ok
08:01:37.0187 3832	PCIDump - ok
08:01:37.0218 3832	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:01:37.0390 3832	PCIIde - ok
08:01:37.0421 3832	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:01:37.0578 3832	Pcmcia - ok
08:01:37.0578 3832	PDCOMP - ok
08:01:37.0593 3832	PDFRAME - ok
08:01:37.0593 3832	PDRELI - ok
08:01:37.0609 3832	PDRFRAME - ok
08:01:37.0625 3832	perc2 - ok
08:01:37.0625 3832	perc2hib - ok
08:01:37.0671 3832	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
08:01:37.0718 3832	PlugPlay - ok
08:01:37.0765 3832	PnkBstrA        (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
08:01:37.0781 3832	PnkBstrA - ok
08:01:37.0796 3832	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:01:37.0921 3832	PolicyAgent - ok
08:01:37.0953 3832	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:01:38.0093 3832	PptpMiniport - ok
08:01:38.0109 3832	PQNTDrv         (06baaab3f25557b6ad5803ea64caa690) C:\WINDOWS\system32\drivers\PQNTDrv.sys
08:01:38.0140 3832	PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
08:01:38.0140 3832	PQNTDrv - detected UnsignedFile.Multi.Generic (1)
08:01:38.0140 3832	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:01:38.0281 3832	ProtectedStorage - ok
08:01:38.0296 3832	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:01:38.0437 3832	PSched - ok
08:01:38.0468 3832	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:01:38.0625 3832	Ptilink - ok
08:01:38.0640 3832	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:01:38.0671 3832	PxHelp20 - ok
08:01:38.0671 3832	ql1080 - ok
08:01:38.0687 3832	Ql10wnt - ok
08:01:38.0703 3832	ql12160 - ok
08:01:38.0703 3832	ql1240 - ok
08:01:38.0718 3832	ql1280 - ok
08:01:38.0734 3832	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:01:38.0890 3832	RasAcd - ok
08:01:38.0906 3832	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
08:01:39.0062 3832	RasAuto - ok
08:01:39.0078 3832	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:01:39.0218 3832	Rasl2tp - ok
08:01:39.0265 3832	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
08:01:39.0406 3832	RasMan - ok
08:01:39.0421 3832	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:01:39.0562 3832	RasPppoe - ok
08:01:39.0593 3832	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:01:39.0750 3832	Raspti - ok
08:01:39.0781 3832	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:01:39.0921 3832	Rdbss - ok
08:01:39.0937 3832	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:01:40.0078 3832	RDPCDD - ok
08:01:40.0109 3832	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:01:40.0265 3832	rdpdr - ok
08:01:40.0296 3832	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:01:40.0343 3832	RDPWD - ok
08:01:40.0375 3832	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
08:01:40.0531 3832	RDSessMgr - ok
08:01:40.0546 3832	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:01:40.0687 3832	redbook - ok
08:01:40.0718 3832	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
08:01:40.0859 3832	RemoteAccess - ok
08:01:40.0890 3832	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
08:01:41.0031 3832	RemoteRegistry - ok
08:01:41.0062 3832	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
08:01:41.0203 3832	RpcLocator - ok
08:01:41.0250 3832	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
08:01:41.0312 3832	RpcSs - ok
08:01:41.0343 3832	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
08:01:41.0515 3832	RSVP - ok
08:01:41.0546 3832	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
08:01:41.0687 3832	SamSs - ok
08:01:41.0703 3832	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
08:01:41.0859 3832	SCardSvr - ok
08:01:41.0906 3832	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
08:01:42.0046 3832	Schedule - ok
08:01:42.0078 3832	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:01:42.0203 3832	Secdrv - ok
08:01:42.0234 3832	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
08:01:42.0390 3832	seclogon - ok
08:01:42.0406 3832	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
08:01:42.0546 3832	SENS - ok
08:01:42.0562 3832	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:01:42.0734 3832	serenum - ok
08:01:42.0734 3832	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
08:01:42.0875 3832	Serial - ok
08:01:42.0906 3832	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
08:01:43.0062 3832	Sfloppy - ok
08:01:43.0093 3832	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
08:01:43.0265 3832	SharedAccess - ok
08:01:43.0296 3832	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:01:43.0328 3832	ShellHWDetection - ok
08:01:43.0328 3832	Simbad - ok
08:01:43.0343 3832	Sparrow - ok
08:01:43.0375 3832	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:01:43.0531 3832	splitter - ok
08:01:43.0562 3832	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:01:43.0625 3832	Spooler - ok
08:01:43.0687 3832	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
08:01:43.0687 3832	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
08:01:43.0687 3832	sptd ( LockedFile.Multi.Generic ) - warning
08:01:43.0687 3832	sptd - detected LockedFile.Multi.Generic (1)
08:01:43.0687 3832	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
08:01:43.0843 3832	sr - ok
08:01:43.0875 3832	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
08:01:44.0015 3832	srservice - ok
08:01:44.0046 3832	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:01:44.0093 3832	Srv - ok
08:01:44.0109 3832	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
08:01:44.0265 3832	SSDPSRV - ok
08:01:44.0296 3832	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
08:01:44.0453 3832	stisvc - ok
08:01:44.0468 3832	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:01:44.0625 3832	swenum - ok
08:01:44.0640 3832	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:01:44.0796 3832	swmidi - ok
08:01:44.0812 3832	SwPrv - ok
08:01:44.0890 3832	SXDS10          (cd77fd9b0071d2f36b14cc23dde1aad0) C:\Programme\Gemeinsame Dateien\soft Xpansion\sxds10.exe
08:01:44.0921 3832	SXDS10 ( UnsignedFile.Multi.Generic ) - warning
08:01:44.0921 3832	SXDS10 - detected UnsignedFile.Multi.Generic (1)
08:01:44.0921 3832	symc810 - ok
08:01:44.0937 3832	symc8xx - ok
08:01:44.0937 3832	sym_hi - ok
08:01:44.0953 3832	sym_u3 - ok
08:01:44.0968 3832	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:01:45.0109 3832	sysaudio - ok
08:01:45.0140 3832	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
08:01:45.0296 3832	SysmonLog - ok
08:01:45.0312 3832	tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\WINDOWS\system32\DRIVERS\tap0901.sys
08:01:45.0343 3832	tap0901 ( UnsignedFile.Multi.Generic ) - warning
08:01:45.0343 3832	tap0901 - detected UnsignedFile.Multi.Generic (1)
08:01:45.0359 3832	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
08:01:45.0515 3832	TapiSrv - ok
08:01:45.0562 3832	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:01:45.0656 3832	Tcpip - ok
08:01:45.0687 3832	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:01:45.0828 3832	TDPIPE - ok
08:01:45.0843 3832	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:01:46.0000 3832	TDTCP - ok
08:01:46.0078 3832	TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys
08:01:46.0093 3832	TelekomNM3 - ok
08:01:46.0109 3832	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:01:46.0265 3832	TermDD - ok
08:01:46.0312 3832	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
08:01:46.0453 3832	TermService - ok
08:01:46.0484 3832	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
08:01:46.0515 3832	Themes - ok
08:01:46.0546 3832	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
08:01:46.0718 3832	TlntSvr - ok
08:01:46.0734 3832	TosIde - ok
08:01:46.0750 3832	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
08:01:46.0890 3832	TrkWks - ok
08:01:46.0906 3832	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:01:47.0062 3832	Udfs - ok
08:01:47.0062 3832	ultra - ok
08:01:47.0125 3832	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:01:47.0281 3832	Update - ok
08:01:47.0312 3832	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
08:01:47.0468 3832	upnphost - ok
08:01:47.0484 3832	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
08:01:47.0625 3832	UPS - ok
08:01:47.0656 3832	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:01:47.0796 3832	usbccgp - ok
08:01:47.0828 3832	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:01:47.0968 3832	usbehci - ok
08:01:48.0000 3832	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:01:48.0156 3832	usbhub - ok
08:01:48.0171 3832	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:01:48.0312 3832	usbohci - ok
08:01:48.0343 3832	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:01:48.0484 3832	usbprint - ok
08:01:48.0500 3832	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:01:48.0640 3832	usbstor - ok
08:01:48.0656 3832	usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:01:48.0796 3832	usb_rndisx - ok
08:01:48.0843 3832	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:01:48.0984 3832	VgaSave - ok
08:01:48.0984 3832	ViaIde - ok
08:01:49.0015 3832	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
08:01:49.0156 3832	VolSnap - ok
08:01:49.0187 3832	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
08:01:49.0359 3832	VSS - ok
08:01:49.0375 3832	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
08:01:49.0515 3832	W32Time - ok
08:01:49.0562 3832	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:01:49.0718 3832	Wanarp - ok
08:01:49.0750 3832	wceusbsh        (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
08:01:49.0828 3832	wceusbsh - ok
08:01:49.0828 3832	WDICA - ok
08:01:49.0875 3832	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:01:50.0015 3832	wdmaud - ok
08:01:50.0046 3832	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
08:01:50.0187 3832	WebClient - ok
08:01:50.0250 3832	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:01:50.0406 3832	winmgmt - ok
08:01:50.0453 3832	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:01:50.0515 3832	WmdmPmSN - ok
08:01:50.0593 3832	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
08:01:50.0687 3832	Wmi - ok
08:01:50.0718 3832	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:01:50.0859 3832	WmiApSrv - ok
08:01:50.0984 3832	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
08:01:51.0046 3832	WMPNetworkSvc - ok
08:01:51.0093 3832	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
08:01:51.0234 3832	wscsvc - ok
08:01:51.0265 3832	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
08:01:51.0406 3832	wuauserv - ok
08:01:51.0453 3832	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:01:51.0500 3832	WudfPf - ok
08:01:51.0515 3832	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:01:51.0546 3832	WudfRd - ok
08:01:51.0578 3832	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:01:51.0625 3832	WudfSvc - ok
08:01:51.0671 3832	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
08:01:51.0843 3832	WZCSVC - ok
08:01:51.0859 3832	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
08:01:52.0015 3832	xmlprov - ok
08:01:52.0046 3832	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:01:52.0562 3832	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:01:52.0562 3832	\Device\Harddisk0\DR0 - detected TDSS File System (1)
08:01:52.0562 3832	Boot (0x1200)   (474b5724a549458b2b8399fe175af1e1) \Device\Harddisk0\DR0\Partition0
08:01:52.0578 3832	\Device\Harddisk0\DR0\Partition0 - ok
08:01:52.0593 3832	Boot (0x1200)   (e1248b317277ca64181472c1b6eb7523) \Device\Harddisk0\DR0\Partition1
08:01:52.0609 3832	\Device\Harddisk0\DR0\Partition1 - ok
08:01:52.0609 3832	============================================================
08:01:52.0609 3832	Scan finished
08:01:52.0609 3832	============================================================
08:01:52.0718 3664	Detected object count: 11
08:01:52.0718 3664	Actual detected object count: 11
08:03:18.0281 3664	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0281 3664	Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0281 3664	ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0281 3664	ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0281 3664	ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0281 3664	ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0296 3664	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0296 3664	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0296 3664	avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0296 3664	avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0296 3664	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0296 3664	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0296 3664	PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0296 3664	PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0296 3664	sptd ( LockedFile.Multi.Generic ) - skipped by user
08:03:18.0296 3664	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0312 3664	SXDS10 ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0312 3664	SXDS10 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0312 3664	tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
08:03:18.0312 3664	tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:03:18.0312 3664	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:03:18.0312 3664	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
Gruß Torsten

Alt 22.06.2012, 09:39   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Code:
ATTFilter
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
         
Das TDSS File System bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 14:32   #13
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo Arne
Nach Ausführung des TDSS Killer wird mir zwar dieser Eintrag angezeigt, ich kann ihn aber nicht fixen. Zur Auswahl steht nur Delete, Copy in Quarantäne und Skip.
Wie muß ich das denn machen ?http://www.trojaner-board.de/images/smilies/wtf.gif
Gruß Torsten

Alt 22.06.2012, 14:49   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Fixen = Delete = löschen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2012, 10:47   #15
Togel0308
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Habe wie angegeben gelöscht.
Jetzt fährt der PC hoch und sagt mir" Fehler am Datenträger-Bitte Neustart".

Antwort

Themen zu Verschlüsselungs-Trojaner
anti, anti maleware, anti-malware, aufrufe, autostart, dateien, dateisystem, eset, explorer, file, heuristiks/extra, heuristiks/shuriken, image, langsam, maleware, maus, microsoft, neu, nicht mehr, ordner, programm, rechnung, regedit.exe, scan, sehr langsam, service pack 3, software, speicher, system volume information, trojaner-board, verschlüsselungs trojaner windows xp, webseiten, weitergeleitet



Ähnliche Themen: Verschlüsselungs-Trojaner


  1. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  2. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  3. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  4. verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.07.2012 (1)
  5. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 14.06.2012 (6)
  7. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (4)
  8. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (7)
  9. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  10. Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  11. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  12. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  14. Verschlüsselungs-Trojaner auf XP
    Log-Analyse und Auswertung - 07.06.2012 (9)
  15. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 03.06.2012 (1)
  16. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 29.05.2012 (15)
  17. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)

Zum Thema Verschlüsselungs-Trojaner - Hallo liebe Freunde vom Trojaner-Board, auch ich habe Post bekommen mit der Aufforderung eine Rechnung zu bezahlen (habe ich an Trojaner-Virus weitergeleitet). Die "Beilage" ließ sich nicht öffnen. Es kam - Verschlüsselungs-Trojaner...
Archiv
Du betrachtest: Verschlüsselungs-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.