| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: malwarebytes findet trojan.zbot - brauch hilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.09.2012, 21:34
| #1 |
 |  malwarebytes findet trojan.zbot - brauch hilfe hallo, nachdem ich bereits vor ein paar wochen von einem trojaner-befall betroffen war (http://www.trojaner-board.de/121246-...che-hilfe.html) muss ich eure hilfe schon wieder in anspruch nehmen -.- bei einem manuellen scan mit Malwarebytes wurde der "trojan.zbot" in der datei C:\WINDOWS\SYSTEM32\TubeFinder.exe gefunden. hab ihn im anschluss an den scan in die quarantäne verschoben. das log dazu: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Christopher :: D67S0N1J [Administrator] 12.09.2012 11:31:28 mbam-log-2012-09-12 (11-31-28).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389752 Laufzeit: 2 Stunde(n), 51 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\SYSTEM32\TubeFinder.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) otl: Code:
ATTFilter OTL logfile created on: 12.09.2012 17:25:17 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\Christopher\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,08 Mb Total Physical Memory | 558,73 Mb Available Physical Memory | 54,67% Memory free 2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 295,22 Gb Total Space | 185,57 Gb Free Space | 62,86% Space Free | Partition Type: NTFS Drive E: | 747,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF1.02 Computer Name: D67S0N1J | User Name: Christopher | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.12 17:25:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.10 19:29:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.21 09:51:59 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe PRC - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:00:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.28 06:46:40 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe PRC - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SYSTEM32\UAService7.exe PRC - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2005.01.28 14:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe PRC - [2004.12.10 12:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE PRC - [2004.06.29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe PRC - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe PRC - [2004.04.20 13:05:56 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\BACS\BacsTray.exe PRC - [2004.03.11 10:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE PRC - [2003.09.17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe PRC - [2003.06.18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 07:15:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll MOD - [2012.06.13 07:15:09 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll MOD - [2012.06.13 07:11:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.13 07:10:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.05.09 22:37:55 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.09 22:37:40 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.08 21:00:53 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.03.29 08:42:20 | 000,159,744 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mmfinfo.dll MOD - [2008.03.29 08:41:52 | 000,023,552 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mkunicode.dll MOD - [2007.06.28 06:46:20 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2005.05.09 17:03:56 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL MOD - [2005.05.09 17:03:24 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL MOD - [2005.01.28 14:31:34 | 000,045,056 | ---- | M] () -- C:\Programme\Logitech\SetPoint\gamehook.dll MOD - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdfcmnnt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\MOBCleanup.exe -- (MOBCleanup) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.07 17:54:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.24 16:29:07 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe -- (bgsvcgen) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\UAService7.exe -- (UserAccess7) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.05.09 16:58:44 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 21:00:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2012.05.08 21:00:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt) DRV - [2011.12.09 13:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr) DRV - [2011.06.12 17:39:36 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd) DRV - [2010.10.22 03:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fwlanusb.sys -- (FWLANUSB) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.05 14:26:46 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.22 23:40:17 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMM.sys -- (vmm) DRV - [2009.07.22 22:58:47 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt) DRV - [2009.07.22 22:58:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt) DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cpuz132_x32.sys -- (cpuz132) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2008.03.17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avmeject.sys -- (avmeject) DRV - [2006.11.30 14:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44unic.sys -- (se44unic) DRV - [2006.11.30 14:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44obex.sys -- (se44obex) DRV - [2006.11.30 14:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44nd5.sys -- (se44nd5) DRV - [2006.11.30 14:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mgmt.sys -- (se44mgmt) DRV - [2006.11.30 14:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdm.sys -- (se44mdm) DRV - [2006.11.30 14:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdfl.sys -- (se44mdfl) DRV - [2006.11.30 14:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44bus.sys -- (se44bus) DRV - [2006.11.07 09:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200obex.sys -- (w200obex) DRV - [2006.11.07 09:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mgmt.sys -- (w200mgmt) DRV - [2006.11.07 09:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdm.sys -- (w200mdm) DRV - [2006.11.07 09:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdfl.sys -- (w200mdfl) DRV - [2006.11.07 09:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200bus.sys -- (w200bus) DRV - [2004.12.10 12:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys -- (LHidKe) DRV - [2004.12.10 12:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE) DRV - [2004.12.10 12:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys -- (LHidUsbK) DRV - [2004.12.10 12:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS -- (L8042mou) DRV - [2004.12.10 12:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV - [2004.08.12 16:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k) DRV - [2004.08.06 18:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT) DRV - [2004.08.06 11:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k) DRV - [2004.07.13 11:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k) DRV - [2004.07.13 11:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia) DRV - [2004.07.13 11:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2004.07.13 11:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k) DRV - [2004.07.13 11:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2004.07.13 11:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k) DRV - [2004.05.29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k) DRV - [2004.05.07 07:38:58 | 000,026,624 | ---- | M] (Siemens AG ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\siusbmod.sys -- (siusbmod) DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys -- (prohlp02) DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys -- (prodrv06) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys -- (sfhlp01) DRV - [2003.11.12 21:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prosync1.sys -- (prosync1) DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl) DRV - [2002.11.08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys -- (HIDSwvd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.21 09:53:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 17:54:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 17:54:22 | 000,000,000 | ---D | M] [2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions [2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.08.13 19:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions [2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\ich@maltegoetz.de [2010.02.01 10:16:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\moveplayer@movenetworks.com [2012.07.25 17:39:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.05.31 17:53:11 | 000,001,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{38AEB6D0-12B8-4A84-9A82-FFA2FBEE57CA}.xml [2011.06.06 20:42:15 | 000,001,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{7B9FA70C-BAB5-413D-9F13-33F3E1C17580}.xml [2011.05.31 17:53:11 | 000,002,071 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{8208E2D1-D64B-4104-B323-B893E9B6A8BD}.xml [2011.05.31 17:53:11 | 000,002,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{DB54C858-AEAD-40BF-AC18-0A2FB91F3979}.xml [2012.09.07 17:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 17:54:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.21 09:53:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009.09.02 00:38:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.07 17:54:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll [2012.03.03 23:12:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2006.07.23 17:34:38 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll [2008.01.27 02:18:46 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Programme\mozilla firefox\plugins\nppopcaploader.dll [2012.06.21 09:52:16 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.05.31 17:53:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 07:59:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.05.31 17:53:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.05.31 17:53:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.31 17:53:10 | 000,002,221 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.05.31 17:53:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.31 17:53:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2012.08.15 20:40:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [bacstray] C:\Programme\Broadcom\BACS\\BacsTray.exe () O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/de/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A92428-55E5-4973-A6DE-791180CC117B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.06 16:54:36 | 000,000,031 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.12 17:24:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe [2012.09.12 14:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.09.12 11:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.09.07 17:54:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.09.04 18:19:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader [2012.09.04 18:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\YTD Video Downloader [2012.08.31 15:16:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IndustrieGigant 2 [2012.08.31 15:13:06 | 000,000,000 | ---D | C] -- C:\Programme\IndustrieGigant 2 [2012.08.30 12:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.08.18 12:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2012.08.15 20:46:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012.08.14 18:15:29 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.08.14 18:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.12 17:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.12 17:28:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.12 17:25:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe [2012.09.12 17:23:58 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe [2012.09.12 16:00:01 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job [2012.09.12 14:46:35 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.ics [2012.09.12 14:46:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2012.09.12 14:45:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job [2012.09.12 14:45:44 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.12 14:45:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2012.09.12 14:45:33 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys [2012.09.12 14:44:55 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx [2012.09.12 14:44:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2012.09.12 14:44:55 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2012.09.12 14:44:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.dat [2012.09.12 14:44:55 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.dat [2012.09.12 14:43:52 | 004,932,302 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-20061102}.CDF [2012.09.07 22:16:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.03 08:15:09 | 000,001,897 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool [2012.08.30 12:36:30 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.18 22:54:44 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 20:58:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.15 20:40:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2012.08.14 18:15:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI [3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.12 17:23:56 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe [2012.08.14 18:15:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012.08.14 18:15:32 | 000,262,448 | RHS- | C] () -- C:\cmldr [2012.08.13 19:32:35 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys [2012.08.04 11:53:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\defogger_reenable [2012.05.10 18:39:03 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.04.18 17:01:26 | 000,002,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.recently-used.xbel [2011.01.14 22:31:16 | 000,001,897 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool [2010.12.30 21:49:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.12.30 21:49:06 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.12.30 21:49:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.10.29 19:51:41 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2007.11.20 22:49:38 | 000,005,095 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld [2007.05.05 14:26:52 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\RefEdit.exd [2006.06.13 12:30:39 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2005.05.20 17:35:36 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.05.19 15:10:54 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2012.05.10 18:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.01.28 17:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.03.15 23:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar [2011.07.10 21:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2012.09.08 19:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2006.09.14 17:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap [2012.03.15 22:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software [2005.09.17 16:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2009.07.22 23:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2008.04.15 18:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2008.08.26 21:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2010.08.29 20:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.09.04 18:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader [2012.09.04 18:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader [2008.03.03 19:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2011.07.10 21:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\AquaSoft [2012.05.10 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Canneverbe Limited [2012.05.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Check Point Software Technologies LTD [2012.05.06 17:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\CheckPoint [2005.08.02 20:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ChessBase [2011.08.18 20:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2009.05.01 12:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen [2009.07.21 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\DesktopPlayer [2008.07.18 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Dev-Cpp [2009.06.16 19:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\flightgear.org [2010.04.05 10:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\FreeFLVConverter [2011.07.10 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\gtk-2.0 [2012.05.25 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQ [2005.12.03 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQLite [2005.06.21 18:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Leadertech [2012.03.02 21:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient [2012.05.24 08:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient2 [2005.06.07 22:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MobileAction [2011.05.13 17:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MyPhoneExplorer [2011.05.01 21:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\NesterSoft [2011.05.31 17:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS [2011.07.10 21:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Opera [2010.04.05 14:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Pegasys Inc [2012.03.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Swiss Academic Software [2010.11.04 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\T-Online [2009.01.26 19:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Teleca [2005.07.20 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Template [2009.10.06 08:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\TomTom [2009.07.22 23:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Ubisoft [2009.10.10 11:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Vodafone [2008.07.20 19:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\WinTrack [2012.03.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Wise Registry Cleaner [2008.03.03 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Zylom [2005.05.20 23:00:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.09.2012 17:25:17 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Dokumente und Einstellungen\Christopher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,08 Mb Total Physical Memory | 558,73 Mb Available Physical Memory | 54,67% Memory free
2,40 Gb Paging File | 1,85 Gb Available in Paging File | 77,22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 295,22 Gb Total Space | 185,57 Gb Free Space | 62,86% Space Free | Partition Type: NTFS
Drive E: | 747,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Computer Name: D67S0N1J | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39678AE6-CC1B-11D8-9E00-000374890932}" = Need for Speed - Underground 2
"{3D988833-5353-4926-ABA2-F4ED405A69D1}" = Domino Day
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.0
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70A342A9-C719-4F19-BFD2-AEE8EFB214A8}" = Flatout
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C99E9B3-292B-4E0D-A719-998AFF4DB27C}" = Philips GoGear Digital Audio Player
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word
"{8D914DD2-F3CE-44E4-9498-E7EED093281C}_is1" = IndustrieGigant 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABF70089-CC49-11D8-9E00-000374890932}" = Metal Gear Solid 3 - Snake Eater
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE8349C-17B2-4527-8D46-EA584E81F0CA}" = MP3 Player Product Tools
"{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1A455B8-1EC9-44E5-A158-DFBC978383F0}" = TMPGEnc DVD Author 3 with DivX Authoring Testversion
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAD2D69-1FDE-4A4B-82AC-A222BEB6777D}_is1" = Abi-Schnitt-Rechner 1.2
"{CFA9C1EE-8D76-477E-9E26-D24C26F11F47}" = USB 2.0 Card Reader
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D460F2F5-645E-489F-AB9A-DEB24C47C2B5}" = T-Online Installationsdateien
"{D5C98CE7-4D24-4A83-AC9D-C94FB1F766F0}" = UieupagyMpl
"{D71EA855-E219-11D8-9E00-0004769EEFEB}" = Halo 2
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{E117043B-5227-47E9-AC4C-BFB792D5820F}" = Yu-Gi-Oh! ONLINE 3
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC6B304A-044A-46AE-B761-D1202720D93A}" = VOB2MPG v3
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"{F618BFCB-BCD8-4698-BEE8-B0C5FD75DA23}" = Flary Address
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CornelsenSTVP42" = Cornelsen Stoffverteilungsplaner 4.2
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Der IndustrieGigant" = Der IndustrieGigant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FLV-Media Player" = FLV-Media Player 1.8
"Formel 2 Bild Editor 1" = Formel 2 Bild Editor 1
"Funktion" = Funktion
"GameSpy Arcade" = GameSpy Arcade
"HLSW_is1" = HLSW v1.0.0.36
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HTML Studio_is1" = HTML Studio
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaInfo" = MediaInfo 0.7.5.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passfoto Manager_is1" = Passfoto Manager Ver. 1.3
"RealPlayer 15.0" = RealPlayer
"SearchAnonymizer" = SearchAnonymizer
"SprayR" = SprayR 1.0 RC7b
"ST4UNST #1" = Peck's Power Join
"ST6UNST #1" = CDCoverFixPrint 1.70
"Steam(TM)" = Steam(TM)
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"TIMELEFT3_is1" = TimeLeft
"Timers" = Timers
"TmNationsForever_is1" = TmNationsForever
"TomTom HOME" = TomTom HOME 2.7.2.1825
"T-Online Copas" = T-Online Copas
"Toolbox English" = Toolbox English
"UnderCoverXP_is1" = UnderCoverXP 1.08
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.5
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2012 07:37:43 | Computer Name = D67S0N1J | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
winword.exe, version 10.0.2627.0, fault address 0x002feceb.
Error - 31.07.2012 02:40:47 | Computer Name = D67S0N1J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689.
Error - 02.08.2012 07:13:45 | Computer Name = D67S0N1J | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 02.08.2012 07:13:50 | Computer Name = D67S0N1J | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.
Error - 04.08.2012 04:40:41 | Computer Name = D67S0N1J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 04.08.2012 04:42:46 | Computer Name = D67S0N1J | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x8007041d.
Error - 04.08.2012 05:34:39 | Computer Name = D67S0N1J | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 07.08.2012 02:39:30 | Computer Name = D67S0N1J | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 07.08.2012 08:41:43 | Computer Name = D67S0N1J | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 06.09.2012 12:12:19 | Computer Name = D67S0N1J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ig2.exe, Version 2.1.0.0, fehlgeschlagenes
Modul binkw32.dll, Version 1.5.7.0, Fehleradresse 0x0000ea4e.
[ System Events ]
Error - 11.09.2012 02:13:07 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 02:05:03 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 05:27:53 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 05:27:54 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 05:27:54 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Google
Update Service (gupdate).
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 12.09.2012 08:45:50 | Computer Name = D67S0N1J | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MOBCleanup" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 22:26:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.0.1.
Running: p1itllnz.exe; Driver: C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\fxtyapog.sys
---- System - GMER 1.0.15 ----
SSDT B7EF0B0C ZwClose
SSDT B7EF0AC6 ZwCreateKey
SSDT B7EF0B16 ZwCreateSection
SSDT B7EF0ABC ZwCreateThread
SSDT B7EF0ACB ZwDeleteKey
SSDT B7EF0AD5 ZwDeleteValueKey
SSDT B7EF0B07 ZwDuplicateObject
SSDT B7EF0ADA ZwLoadKey
SSDT B7EF0AA8 ZwOpenProcess
SSDT B7EF0AAD ZwOpenThread
SSDT B7EF0B2F ZwQueryValueKey
SSDT B7EF0AE4 ZwReplaceKey
SSDT B7EF0B20 ZwRequestWaitReplyPort
SSDT B7EF0ADF ZwRestoreKey
SSDT B7EF0B1B ZwSetContextThread
SSDT B7EF0B25 ZwSetSecurityObject
SSDT B7EF0AD0 ZwSetValueKey
SSDT B7EF0B2A ZwSystemDebugControl
SSDT B7EF0AB7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? hmdqpdyn.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4FDE3A0, 0x5CC259, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB0CFA300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF39B0300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[2344] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Driver\prodrv06 \Device\ProDrv06 E2041478
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E19229B0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
ich hoffe das ihr mir helfen könnt, auch hier glimpflich raus zu kommen. vielen dank schonmal für die hilfe! |
|
14.09.2012, 21:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | malwarebytes findet trojan.zbot - brauch hilfe Bitte ESET ausführen, danach sehen wir weiter!
__________________Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
15.09.2012, 12:48
| #3 |
| | malwarebytes findet trojan.zbot - brauch hilfe das kam dabei raus:
__________________Code:
ATTFilter C:\Programme\ICQ Away Reader\ICQ Away Reader.exe probably a variant of Win32/VB.NPY trojan
C:\Programme\Tiscali\Tiscali Internet\dlls\InstallDialer.exe a variant of Win32/Injector.AHE trojan
C:\System Volume Information\_restore{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP1941\A0615294.exe probably a variant of Win32/Toolbar.Widgi application
Geändert von fux89 (15.09.2012 um 12:58 Uhr) |
|
16.09.2012, 14:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.09.2012, 16:10
| #5 |
| | malwarebytes findet trojan.zbot - brauch hilfe hier das ergebnis: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 09/16/2012 um 17:09:57 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Christopher - D67S0N1J
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Christopher\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [5977 octets] - [08/08/2012 20:20:25]
AdwCleaner[S1].txt - [6173 octets] - [09/08/2012 15:10:17]
AdwCleaner[R2].txt - [745 octets] - [16/09/2012 17:09:57]
########## EOF - C:\AdwCleaner[R2].txt - [804 octets] ##########
Geändert von fux89 (16.09.2012 um 16:16 Uhr) |
|
16.09.2012, 18:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> malwarebytes findet trojan.zbot - brauch hilfe |
|
16.09.2012, 21:24
| #7 |
| | malwarebytes findet trojan.zbot - brauch hilfeCode:
ATTFilter # AdwCleaner v2.001 - Datei am 09/16/2012 um 22:19:51 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Christopher - D67S0N1J
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Christopher\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[R1].txt - [5977 octets] - [08/08/2012 20:20:25]
AdwCleaner[S1].txt - [6173 octets] - [09/08/2012 15:10:17]
AdwCleaner[R2].txt - [872 octets] - [16/09/2012 17:09:57]
AdwCleaner[S2].txt - [1063 octets] - [16/09/2012 22:19:51]
########## EOF - C:\AdwCleaner[S2].txt - [1123 octets] ##########
|
|
17.09.2012, 11:16
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 11:32
| #9 |
| | malwarebytes findet trojan.zbot - brauch hilfe zu 1.) windows läuft ganz normal, kann keine probleme feststellen. zu 2.) vermisse nix, scheint alles noch da zu sein. |
|
17.09.2012, 11:35
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 12:37
| #11 |
| | malwarebytes findet trojan.zbot - brauch hilfe und hier das ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2012 13:05:48 - Run 2
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\Christopher\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,08 Mb Total Physical Memory | 469,97 Mb Available Physical Memory | 45,98% Memory free
2,40 Gb Paging File | 1,88 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 295,22 Gb Total Space | 185,29 Gb Free Space | 62,76% Space Free | Partition Type: NTFS
Drive E: | 747,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF1.02
Computer Name: D67S0N1J | User Name: Christopher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.17 13:04:57 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL(1).exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.10 19:29:33 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.21 09:52:06 | 000,499,312 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\realplayer\realplay.exe
PRC - [2012.06.21 09:51:59 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:00:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
PRC - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.28 06:46:40 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007.02.02 18:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe
PRC - [2006.07.23 03:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe
PRC - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SYSTEM32\UAService7.exe
PRC - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.01.28 14:35:58 | 000,434,176 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe
PRC - [2004.12.10 12:45:26 | 000,049,152 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
PRC - [2004.06.29 12:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2004.04.20 13:05:56 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\BACS\BacsTray.exe
PRC - [2004.03.11 10:50:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTHELPER.EXE
PRC - [2003.09.17 11:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
PRC - [2003.06.18 02:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.13 07:15:32 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.13 07:15:09 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.13 07:11:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 07:10:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.05.09 22:37:55 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.09 22:37:40 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.08 21:00:53 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.03.29 08:42:20 | 000,159,744 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mmfinfo.dll
MOD - [2008.03.29 08:41:52 | 000,023,552 | ---- | M] () -- C:\Programme\Essentials Codec Pack\Haali\mkunicode.dll
MOD - [2007.06.28 06:46:20 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2005.05.09 17:03:56 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL
MOD - [2005.05.09 17:03:24 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL
MOD - [2005.01.28 14:31:34 | 000,045,056 | ---- | M] () -- C:\Programme\Logitech\SetPoint\gamehook.dll
MOD - [2005.01.27 02:02:00 | 000,086,016 | ---- | M] () -- C:\Programme\Dell\Media Experience\DMXLauncher.exe
MOD - [2001.10.28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\SYSTEM32\pdfcmnnt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\MOBCleanup.exe -- (MOBCleanup)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 17:54:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.24 16:29:07 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 21:00:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:00:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 15:17:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.04.05 14:26:46 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006.03.17 23:59:02 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\UAService7.exe -- (UserAccess7)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.05.20 18:20:06 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.05.09 16:58:44 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2004.06.29 12:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 21:00:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:00:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 13:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2011.06.12 17:39:36 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys -- (sptd)
DRV - [2010.10.22 03:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.05 14:26:46 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.09.22 23:40:17 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMM.sys -- (vmm)
DRV - [2009.07.22 22:58:47 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atksgt.sys -- (atksgt)
DRV - [2009.07.22 22:58:47 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lirsgt.sys -- (lirsgt)
DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\cpuz132_x32.sys -- (cpuz132)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008.03.17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\avmeject.sys -- (avmeject)
DRV - [2006.11.30 14:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44unic.sys -- (se44unic)
DRV - [2006.11.30 14:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44obex.sys -- (se44obex)
DRV - [2006.11.30 14:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44nd5.sys -- (se44nd5)
DRV - [2006.11.30 14:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mgmt.sys -- (se44mgmt)
DRV - [2006.11.30 14:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdm.sys -- (se44mdm)
DRV - [2006.11.30 14:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44mdfl.sys -- (se44mdfl)
DRV - [2006.11.30 14:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\se44bus.sys -- (se44bus)
DRV - [2006.11.07 09:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200obex.sys -- (w200obex)
DRV - [2006.11.07 09:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mgmt.sys -- (w200mgmt)
DRV - [2006.11.07 09:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdm.sys -- (w200mdm)
DRV - [2006.11.07 09:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200mdfl.sys -- (w200mdfl)
DRV - [2006.11.07 09:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\w200bus.sys -- (w200bus)
DRV - [2004.12.10 12:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidKE.Sys -- (LHidKe)
DRV - [2004.12.10 12:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2004.12.10 12:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.12.10 12:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042MOU.SYS -- (L8042mou)
DRV - [2004.12.10 12:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004.08.12 16:40:50 | 000,904,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004.08.06 18:29:14 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfmodnt.sys -- (PfModNT)
DRV - [2004.08.06 11:43:26 | 000,366,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctaud2k.sys -- (ctaud2k)
DRV - [2004.07.13 11:15:48 | 000,148,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\haP16v2k.sys -- (hap16v2k)
DRV - [2004.07.13 11:13:14 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emupia2k.sys -- (emupia)
DRV - [2004.07.13 11:12:36 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.07.13 11:11:58 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004.07.13 11:11:28 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2004.07.13 11:09:32 | 000,645,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctac32k.sys -- (ctac32k)
DRV - [2004.05.29 18:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004.05.07 07:38:58 | 000,026,624 | ---- | M] (Siemens AG ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\siusbmod.sys -- (siusbmod)
DRV - [2004.03.09 12:18:09 | 000,065,504 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prohlp02.sys -- (prohlp02)
DRV - [2004.03.09 11:45:49 | 000,077,184 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfhlp01.sys -- (sfhlp01)
DRV - [2003.11.12 21:11:54 | 000,333,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\prosync1.sys -- (prosync1)
DRV - [2003.07.16 08:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - [2002.11.08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001.08.17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys -- (HIDSwvd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.euro.dell.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.euro.dell.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.21 09:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.07 17:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.07 17:54:22 | 000,000,000 | ---D | M]
[2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions
[2009.10.06 08:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.09.16 16:38:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions
[2012.09.16 16:38:52 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\ich@maltegoetz.de
[2010.02.01 10:16:34 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\moveplayer@movenetworks.com
[2012.07.25 17:39:55 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.31 17:53:11 | 000,001,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{38AEB6D0-12B8-4A84-9A82-FFA2FBEE57CA}.xml
[2011.06.06 20:42:15 | 000,001,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{7B9FA70C-BAB5-413D-9F13-33F3E1C17580}.xml
[2011.05.31 17:53:11 | 000,002,071 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{8208E2D1-D64B-4104-B323-B893E9B6A8BD}.xml
[2011.05.31 17:53:11 | 000,002,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla\Firefox\Profiles\e9r827ci.default\searchplugins\{DB54C858-AEAD-40BF-AC18-0A2FB91F3979}.xml
[2012.09.07 17:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 17:54:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.21 09:53:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009.09.02 00:38:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.07 17:54:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2012.03.03 23:12:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2006.07.23 17:34:38 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll
[2008.01.27 02:18:46 | 000,155,648 | ---- | M] (PopCap Games) -- C:\Programme\mozilla firefox\plugins\nppopcaploader.dll
[2012.06.21 09:52:16 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.05.31 17:53:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 07:59:46 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.05.31 17:53:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.31 17:53:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.31 17:53:10 | 000,002,221 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.05.31 17:53:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.31 17:53:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
O1 HOSTS File: ([2012.08.15 20:40:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar3.dll (Google Germany GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [bacstray] C:\Programme\Broadcom\BACS\\BacsTray.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DMXLauncher] C:\Programme\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O15 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.mcafee.com/molbin/shared/mcgdmgr/de/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A92428-55E5-4973-A6DE-791180CC117B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.03.06 16:54:36 | 000,000,031 | R--- | M] () - E:\autorun.inf -- [ UDF1.02 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DVDLauncher - hkey= - key= - C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{BC5FEEF1-CC81-4C41-B13E-6EB8BCE71464} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.09.17 13:04:56 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL(1).exe
[2012.09.15 08:42:18 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.15 08:42:00 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Christopher\Desktop\esetsmartinstaller_enu.exe
[2012.09.12 17:24:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe
[2012.09.12 11:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.09.07 17:54:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2012.09.04 18:19:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2012.09.04 18:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\YTD Video Downloader
[2012.08.31 15:16:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IndustrieGigant 2
[2012.08.31 15:13:06 | 000,000,000 | ---D | C] -- C:\Programme\IndustrieGigant 2
[2012.08.30 12:40:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.17 13:04:57 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL(1).exe
[2012.09.17 12:39:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.17 12:34:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012.09.17 12:33:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job
[2012.09.17 12:33:50 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.17 12:33:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012.09.17 12:33:39 | 1071,800,320 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.16 22:30:22 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2012.09.16 22:30:22 | 000,029,544 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2012.09.16 22:30:22 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2012.09.16 22:30:22 | 000,026,424 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20061102}.rfx
[2012.09.16 22:30:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012.09.16 22:30:22 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012.09.16 22:30:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-20061102}.dat
[2012.09.16 22:30:22 | 000,000,384 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20061102}.dat
[2012.09.16 22:29:42 | 004,932,302 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000000-00001102-00000004-20061102}.CDF
[2012.09.16 22:28:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 17:09:46 | 000,512,399 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\adwcleaner.exe
[2012.09.15 16:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2012.09.15 08:42:05 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Christopher\Desktop\esetsmartinstaller_enu.exe
[2012.09.12 17:48:41 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\p1itllnz.exe
[2012.09.12 17:25:00 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Christopher\Desktop\OTL.exe
[2012.09.12 17:23:58 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe
[2012.09.07 22:16:02 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2257774982-1209123923-1774505960-1006.job
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.03 08:15:09 | 000,001,897 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool
[2012.08.30 12:36:30 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.18 22:54:44 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Christopher\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.16 17:09:46 | 000,512,399 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\adwcleaner.exe
[2012.09.12 17:48:40 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\p1itllnz.exe
[2012.09.12 17:23:56 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Desktop\Defogger.exe
[2012.08.04 11:53:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\defogger_reenable
[2012.05.10 18:39:03 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.04.18 17:01:26 | 000,002,938 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.recently-used.xbel
[2011.01.14 22:31:16 | 000,001,897 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\.si_tool
[2010.12.30 21:49:09 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.12.30 21:49:06 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.12.30 21:49:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.10.29 19:51:41 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2007.11.20 22:49:38 | 000,005,095 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld
[2007.05.05 14:26:52 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\RefEdit.exd
[2006.06.13 12:30:39 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2005.05.20 17:35:36 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.05.19 15:10:54 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Christopher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== LOP Check ==========
[2012.05.10 18:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.01.28 17:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.03.15 23:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2011.07.10 21:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.09.08 19:06:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2006.09.14 17:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap
[2012.03.15 22:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2005.09.17 16:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.07.22 23:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2008.04.15 18:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2008.08.26 21:49:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2010.08.29 20:31:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2012.09.04 18:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YouTube Downloader
[2012.09.04 18:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YTD Video Downloader
[2008.03.03 19:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2011.07.10 21:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\AquaSoft
[2012.05.10 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Canneverbe Limited
[2012.05.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Check Point Software Technologies LTD
[2012.05.06 17:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\CheckPoint
[2005.08.02 20:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ChessBase
[2011.08.18 20:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.01 12:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen
[2009.07.21 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\DesktopPlayer
[2008.07.18 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Dev-Cpp
[2009.06.16 19:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\flightgear.org
[2010.04.05 10:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\FreeFLVConverter
[2011.07.10 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\gtk-2.0
[2012.05.25 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQ
[2005.12.03 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQLite
[2005.06.21 18:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Leadertech
[2012.03.02 21:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient
[2012.05.24 08:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient2
[2005.06.07 22:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MobileAction
[2011.05.13 17:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MyPhoneExplorer
[2011.05.01 21:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\NesterSoft
[2011.05.31 17:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS
[2011.07.10 21:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Opera
[2010.04.05 14:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Pegasys Inc
[2012.03.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Swiss Academic Software
[2010.11.04 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\T-Online
[2009.01.26 19:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Teleca
[2005.07.20 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Template
[2009.10.06 08:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\TomTom
[2009.07.22 23:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Ubisoft
[2009.10.10 11:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Vodafone
[2008.07.20 19:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\WinTrack
[2012.03.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Wise Registry Cleaner
[2008.03.03 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Zylom
[2009.09.08 16:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2009.10.10 11:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2005.05.20 23:00:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2006.09.08 17:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Microsoft
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.08.18 20:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Adobe
[2006.05.08 18:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Apple Computer
[2011.07.10 21:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\AquaSoft
[2011.12.10 17:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Avira
[2012.05.10 18:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Canneverbe Limited
[2012.05.06 17:58:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Check Point Software Technologies LTD
[2012.05.06 17:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\CheckPoint
[2005.08.02 20:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ChessBase
[2011.08.18 20:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.01 12:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen
[2007.10.13 00:07:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Creative
[2005.05.28 12:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\CyberLink
[2009.07.21 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\DesktopPlayer
[2008.07.18 18:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Dev-Cpp
[2009.12.27 23:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\DivX
[2009.06.16 19:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\flightgear.org
[2010.04.05 10:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\FreeFLVConverter
[2007.10.02 22:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Google
[2011.07.10 21:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\gtk-2.0
[2005.08.02 20:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Help
[2011.04.08 20:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\HpUpdate
[2012.05.25 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQ
[2005.12.03 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\ICQLite
[2008.03.03 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Identities
[2005.05.24 22:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Jasc Software Inc
[2005.06.21 18:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Leadertech
[2007.04.11 13:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Logitech
[2012.03.02 21:19:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient
[2012.05.24 08:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\LolClient2
[2009.07.18 10:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Macromedia
[2012.08.07 14:48:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Malwarebytes
[2005.08.26 20:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\McAfee.com Personal Firewall
[2005.10.31 13:04:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Media Player Classic
[2009.12.12 12:40:08 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft
[2005.06.07 22:22:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MobileAction
[2010.02.01 10:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Move Networks
[2008.08.28 09:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Mozilla
[2011.05.13 17:07:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\MyPhoneExplorer
[2011.05.01 21:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\NesterSoft
[2011.05.31 17:52:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS
[2011.07.10 21:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Opera
[2010.04.05 14:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Pegasys Inc
[2011.12.11 10:09:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Real
[2005.08.07 16:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\SecuROM
[2005.05.11 22:42:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Sonic
[2008.04.15 18:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Sony Ericsson
[2005.05.11 22:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Sun
[2012.03.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Swiss Academic Software
[2010.11.04 18:26:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\T-Online
[2005.12.02 15:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Talkback
[2006.04.28 14:59:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\teamspeak2
[2009.01.26 19:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Teleca
[2005.07.20 14:33:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Template
[2005.08.21 13:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\THQ
[2009.10.06 08:20:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\TomTom
[2009.07.22 23:08:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Ubisoft
[2009.10.10 11:14:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Vodafone
[2008.07.20 19:55:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\WinTrack
[2012.03.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Wise Registry Cleaner
[2008.03.03 19:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Zylom
< %APPDATA%\*.exe /s >
[2007.10.22 14:20:03 | 000,438,784 | ---- | M] (Cornelsen Verlag GmbH & Co. oHG) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen\310333\EG_21_Starter.exe
[2007.04.23 00:40:11 | 000,438,784 | ---- | M] (Cornelsen Verlag GmbH & Co. oHG) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Cornelsen\318166\EG_21_Starter.exe
[2005.06.08 14:34:01 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Installer\{39678AE6-CC1B-11D8-9E00-000374890932}\ARPPRODUCTICON.exe
[2005.06.11 10:31:44 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Installer\{70A342A9-C719-4F19-BFD2-AEE8EFB214A8}\ARPPRODUCTICON.exe
[2005.06.11 10:38:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Installer\{ABF70089-CC49-11D8-9E00-000374890932}\ARPPRODUCTICON.exe
[2006.05.30 21:18:01 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Installer\{ACE8349C-17B2-4527-8D46-EA584E81F0CA}\_154754de.exe
[2006.05.30 21:18:01 | 000,004,150 | R--- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Microsoft\Installer\{ACE8349C-17B2-4527-8D46-EA584E81F0CA}\_39b32d12.exe
[2011.06.12 15:17:01 | 000,106,496 | ---- | M] (OCS) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe
[2011.06.12 15:17:02 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
[2010.12.06 21:24:39 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Real\Update\setup3.13\setup.exe
[2012.06.13 21:58:48 | 000,315,544 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.06.02 08:57:53 | 027,381,184 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer.exe
[2012.06.02 08:55:14 | 000,692,480 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008.09.04 17:48:04 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008.09.04 17:48:04 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 15:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008.09.04 17:48:04 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008.09.04 17:48:04 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004.08.04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\I386\EVENTLOG.DLL
[2004.08.04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2004.06.29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004.06.29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\I386\IASTOR.SYS
[2004.06.29 12:17:16 | 000,477,952 | ---- | M] (Intel Corporation) MD5=D7731536E183B4397402CA6F9E1D52F7 -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004.08.04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\I386\NETLOGON.DLL
[2004.08.04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SYSTEM32\scecli.dll
[2004.08.04 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\I386\SCECLI.DLL
[2004.08.04 15:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 15:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\I386\USER32.DLL
[2004.08.04 15:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SYSTEM32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SYSTEM32\DLLCACHE\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2004.08.04 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\I386\USERINIT.EXE
[2004.08.04 15:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\I386\WINLOGON.EXE
[2004.08.04 15:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SYSTEM32\DLLCACHE\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SYSTEM32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\I386\WS2IFSL.SYS
[2004.08.04 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\SYSTEM32\DLLCACHE\ws2ifsl.sys
[2004.08.04 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.08.18 14:11:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2004.08.18 14:11:04 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2004.08.18 14:11:04 | 000,413,696 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
< End of report >
|
|
17.09.2012, 12:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
[2012.09.07 17:54:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 13:08
| #13 |
| | malwarebytes findet trojan.zbot - brauch hilfe wie schon beim letzten mal musste ich den fix im abgesicherten modus (mit netzwerktreibern) durchführen, müsste aber geklappt haben: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\components\Scriptff.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2257774982-1209123923-1774505960-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2257774982-1209123923-1774505960-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xnwfyhdk.mld moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Christopher\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Christopher\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Besitzer
User: Christopher
->Temp folder emptied: 66888238 bytes
->Temporary Internet Files folder emptied: 2746523 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 431689464 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1963 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475 bytes
RecycleBin emptied: 33770568 bytes
Total Files Cleaned = 510,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_140209
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.09.2012, 14:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwarebytes findet trojan.zbot - brauch hilfe Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 14:53
| #15 |
| | malwarebytes findet trojan.zbot - brauch hilfe das ergebnis: Code:
ATTFilter 15:46:41.0515 3660 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:46:42.0921 3660 ============================================================
15:46:42.0921 3660 Current date / time: 2012/09/17 15:46:42.0921
15:46:42.0921 3660 SystemInfo:
15:46:42.0921 3660
15:46:42.0921 3660 OS Version: 5.1.2600 ServicePack: 3.0
15:46:42.0921 3660 Product type: Workstation
15:46:42.0921 3660 ComputerName: D67S0N1J
15:46:42.0921 3660 UserName: Christopher
15:46:42.0921 3660 Windows directory: C:\WINDOWS
15:46:42.0921 3660 System windows directory: C:\WINDOWS
15:46:42.0921 3660 Processor architecture: Intel x86
15:46:42.0921 3660 Number of processors: 2
15:46:42.0921 3660 Page size: 0x1000
15:46:42.0921 3660 Boot type: Normal boot
15:46:42.0921 3660 ============================================================
15:46:43.0328 3660 Drive \Device\Harddisk0\DR0 - Size: 0x4A81740000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:46:43.0328 3660 ============================================================
15:46:43.0328 3660 \Device\Harddisk0\DR0:
15:46:43.0328 3660 MBR partitions:
15:46:43.0328 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x24E728CB
15:46:43.0328 3660 ============================================================
15:46:43.0343 3660 C: <-> \Device\Harddisk0\DR0\Partition1
15:46:43.0343 3660 ============================================================
15:46:43.0343 3660 Initialize success
15:46:43.0343 3660 ============================================================
15:47:31.0578 1092 ============================================================
15:47:31.0578 1092 Scan started
15:47:31.0578 1092 Mode: Manual; SigCheck; TDLFS;
15:47:31.0578 1092 ============================================================
15:47:31.0656 1092 ================ Scan system memory ========================
15:47:31.0656 1092 System memory - ok
15:47:31.0656 1092 ================ Scan services =============================
15:47:31.0812 1092 Abiosdsk - ok
15:47:31.0859 1092 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:47:33.0265 1092 abp480n5 - ok
15:47:33.0312 1092 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:47:33.0531 1092 ACPI - ok
15:47:33.0578 1092 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:47:33.0703 1092 ACPIEC - ok
15:47:33.0796 1092 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:47:33.0812 1092 AdobeFlashPlayerUpdateSvc - ok
15:47:33.0843 1092 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:47:33.0953 1092 adpu160m - ok
15:47:33.0984 1092 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:47:34.0125 1092 aec - ok
15:47:34.0171 1092 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:47:34.0218 1092 AFD - ok
15:47:34.0234 1092 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:47:34.0390 1092 agp440 - ok
15:47:34.0406 1092 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:47:34.0531 1092 agpCPQ - ok
15:47:34.0531 1092 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:47:34.0609 1092 Aha154x - ok
15:47:34.0609 1092 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:47:34.0734 1092 aic78u2 - ok
15:47:34.0750 1092 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:47:34.0875 1092 aic78xx - ok
15:47:34.0921 1092 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:47:35.0109 1092 Alerter - ok
15:47:35.0140 1092 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
15:47:35.0203 1092 ALG - ok
15:47:35.0203 1092 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:47:35.0328 1092 AliIde - ok
15:47:35.0328 1092 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:47:35.0468 1092 alim1541 - ok
15:47:35.0468 1092 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:47:35.0593 1092 amdagp - ok
15:47:35.0609 1092 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:47:35.0687 1092 amsint - ok
15:47:35.0781 1092 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
15:47:35.0812 1092 AntiVirSchedulerService - ok
15:47:35.0843 1092 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:47:35.0859 1092 AntiVirService - ok
15:47:35.0875 1092 AppMgmt - ok
15:47:35.0906 1092 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:47:36.0015 1092 Arp1394 - ok
15:47:36.0031 1092 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:47:36.0156 1092 asc - ok
15:47:36.0187 1092 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:47:36.0250 1092 asc3350p - ok
15:47:36.0250 1092 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:47:36.0375 1092 asc3550 - ok
15:47:36.0500 1092 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:47:36.0546 1092 aspnet_state - ok
15:47:36.0562 1092 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:47:36.0687 1092 AsyncMac - ok
15:47:36.0703 1092 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:47:36.0828 1092 atapi - ok
15:47:36.0828 1092 Atdisk - ok
15:47:36.0875 1092 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:47:36.0937 1092 atksgt - ok
15:47:36.0953 1092 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:47:37.0078 1092 Atmarpc - ok
15:47:37.0093 1092 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:47:37.0234 1092 AudioSrv - ok
15:47:37.0265 1092 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:47:37.0390 1092 audstub - ok
15:47:37.0421 1092 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:47:37.0437 1092 avgntflt - ok
15:47:37.0468 1092 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:47:37.0484 1092 avipbb - ok
15:47:37.0500 1092 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:47:37.0515 1092 avkmgr - ok
15:47:37.0531 1092 [ 4ECB2653BFE9116C031A94F708343A16 ] AVM IGD CTRL Service C:\Programme\FRITZ!DSL\IGDCTRL.EXE
15:47:37.0562 1092 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
15:47:37.0562 1092 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
15:47:37.0609 1092 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Programme\avmwlanstick\WlanNetService.exe
15:47:37.0671 1092 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
15:47:37.0671 1092 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
15:47:37.0718 1092 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
15:47:37.0750 1092 avmeject ( UnsignedFile.Multi.Generic ) - warning
15:47:37.0750 1092 avmeject - detected UnsignedFile.Multi.Generic (1)
15:47:37.0796 1092 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:47:37.0875 1092 b57w2k - ok
15:47:37.0921 1092 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:47:38.0062 1092 Beep - ok
15:47:38.0109 1092 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
15:47:38.0125 1092 bgsvcgen - ok
15:47:38.0171 1092 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
15:47:38.0453 1092 BITS - ok
15:47:38.0484 1092 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
15:47:38.0578 1092 Browser - ok
15:47:38.0593 1092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:47:38.0734 1092 cbidf - ok
15:47:38.0734 1092 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:47:38.0859 1092 cbidf2k - ok
15:47:38.0875 1092 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:47:38.0937 1092 cd20xrnt - ok
15:47:39.0000 1092 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:47:39.0125 1092 Cdaudio - ok
15:47:39.0156 1092 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:47:39.0296 1092 Cdfs - ok
15:47:39.0343 1092 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\WINDOWS\system32\drivers\cdrbsdrv.sys
15:47:39.0343 1092 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
15:47:39.0343 1092 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
15:47:39.0390 1092 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:47:39.0515 1092 Cdrom - ok
15:47:39.0515 1092 Changer - ok
15:47:39.0562 1092 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:47:39.0687 1092 CiSvc - ok
15:47:39.0703 1092 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:47:39.0843 1092 ClipSrv - ok
15:47:39.0875 1092 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:39.0953 1092 clr_optimization_v2.0.50727_32 - ok
15:47:39.0968 1092 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:47:40.0109 1092 CmdIde - ok
15:47:40.0125 1092 COMSysApp - ok
15:47:40.0156 1092 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:47:40.0296 1092 Cpqarray - ok
15:47:40.0328 1092 [ 097A0A4899B759A4F032BD464963B4BE ] cpuz132 C:\WINDOWS\system32\drivers\cpuz132_x32.sys
15:47:40.0328 1092 cpuz132 ( UnsignedFile.Multi.Generic ) - warning
15:47:40.0328 1092 cpuz132 - detected UnsignedFile.Multi.Generic (1)
15:47:40.0375 1092 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.EXE
15:47:40.0390 1092 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
15:47:40.0390 1092 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
15:47:40.0421 1092 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:47:40.0546 1092 CryptSvc - ok
15:47:40.0593 1092 [ 1E41B8A10B9D78240C8BFACC269DB155 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
15:47:40.0703 1092 ctac32k - ok
15:47:40.0750 1092 [ 9BF1AA0EAC9C7D33CE4D8A152E151F60 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
15:47:40.0812 1092 ctaud2k - ok
15:47:40.0843 1092 [ 29F78D59B053CB8778F8426E4E24099C ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:47:40.0875 1092 ctdvda2k - ok
15:47:40.0906 1092 [ A6F4C70DA545230D001915D8EB08D881 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:47:40.0921 1092 ctprxy2k - ok
15:47:40.0953 1092 [ B39E55C1C5E28E016EE3848F2E34C205 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:47:40.0984 1092 ctsfm2k - ok
15:47:41.0015 1092 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:47:41.0140 1092 dac2w2k - ok
15:47:41.0140 1092 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:47:41.0296 1092 dac960nt - ok
15:47:41.0343 1092 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:47:41.0390 1092 DcomLaunch - ok
15:47:41.0468 1092 [ 8261AFAB6196157D7E19F4B2F3FBC383 ] de_serv C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
15:47:41.0468 1092 de_serv ( UnsignedFile.Multi.Generic ) - warning
15:47:41.0468 1092 de_serv - detected UnsignedFile.Multi.Generic (1)
15:47:41.0515 1092 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:47:41.0640 1092 Dhcp - ok
15:47:41.0656 1092 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:47:41.0781 1092 Disk - ok
15:47:41.0796 1092 dmadmin - ok
15:47:41.0828 1092 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:47:42.0000 1092 dmboot - ok
15:47:42.0015 1092 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:47:42.0156 1092 dmio - ok
15:47:42.0203 1092 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:47:42.0312 1092 dmload - ok
15:47:42.0359 1092 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:47:42.0484 1092 dmserver - ok
15:47:42.0515 1092 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:47:42.0656 1092 DMusic - ok
15:47:42.0687 1092 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:47:42.0781 1092 Dnscache - ok
15:47:42.0828 1092 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:47:42.0937 1092 Dot3svc - ok
15:47:42.0953 1092 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:47:43.0078 1092 dpti2o - ok
15:47:43.0109 1092 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:47:43.0234 1092 drmkaud - ok
15:47:43.0265 1092 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
15:47:43.0296 1092 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
15:47:43.0296 1092 drvmcdb - detected UnsignedFile.Multi.Generic (1)
15:47:43.0312 1092 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
15:47:43.0312 1092 drvnddm ( UnsignedFile.Multi.Generic ) - warning
15:47:43.0312 1092 drvnddm - detected UnsignedFile.Multi.Generic (1)
15:47:43.0343 1092 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:47:43.0468 1092 E100B - ok
15:47:43.0500 1092 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:47:43.0640 1092 EapHost - ok
15:47:43.0671 1092 [ 5D70013D7E6602EC0A482F2985558C2D ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
15:47:43.0703 1092 emupia - ok
15:47:43.0734 1092 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:47:43.0875 1092 ERSvc - ok
15:47:43.0921 1092 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
15:47:43.0937 1092 Eventlog - ok
15:47:44.0015 1092 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
15:47:44.0078 1092 EventSystem - ok
15:47:44.0109 1092 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:47:44.0234 1092 Fastfat - ok
15:47:44.0250 1092 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:47:44.0328 1092 FastUserSwitchingCompatibility - ok
15:47:44.0390 1092 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
15:47:44.0515 1092 Fax - ok
15:47:44.0531 1092 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:47:44.0656 1092 Fdc - ok
15:47:44.0671 1092 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:47:44.0812 1092 Fips - ok
15:47:44.0828 1092 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:47:44.0953 1092 Flpydisk - ok
15:47:45.0000 1092 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:47:45.0125 1092 FltMgr - ok
15:47:45.0218 1092 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:47:45.0250 1092 FontCache3.0.0.0 - ok
15:47:45.0265 1092 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:47:45.0390 1092 Fs_Rec - ok
15:47:45.0421 1092 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:47:45.0531 1092 Ftdisk - ok
15:47:45.0578 1092 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
15:47:45.0671 1092 FWLANUSB - ok
15:47:45.0703 1092 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:47:45.0828 1092 gameenum - ok
15:47:45.0859 1092 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys
15:47:45.0921 1092 GcKernel - ok
15:47:45.0968 1092 [ 32A73A8952580B284A47290ADB62032A ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:47:45.0984 1092 GEARAspiWDM - ok
15:47:46.0000 1092 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:47:46.0125 1092 Gpc - ok
15:47:46.0171 1092 gupdate - ok
15:47:46.0171 1092 gupdatem - ok
15:47:46.0218 1092 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
15:47:46.0234 1092 gusvc - ok
15:47:46.0281 1092 [ 7EC50A84B89DAE3458CB0308739B80DE ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:47:46.0375 1092 ha10kx2k - ok
15:47:46.0421 1092 [ 02A6BAD64177C56D8B86B198B38DB361 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
15:47:46.0468 1092 hap16v2k - ok
15:47:46.0531 1092 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:47:46.0640 1092 helpsvc - ok
15:47:46.0656 1092 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
15:47:46.0796 1092 HidServ - ok
15:47:46.0843 1092 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
15:47:46.0906 1092 HIDSwvd - ok
15:47:46.0937 1092 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:47:47.0062 1092 HidUsb - ok
15:47:47.0109 1092 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:47:47.0218 1092 hkmsvc - ok
15:47:47.0234 1092 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:47:47.0359 1092 hpn - ok
15:47:47.0390 1092 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:47:47.0500 1092 HPZid412 - ok
15:47:47.0531 1092 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:47:47.0609 1092 HPZipr12 - ok
15:47:47.0625 1092 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:47:47.0718 1092 HPZius12 - ok
15:47:47.0765 1092 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:47:47.0828 1092 HTTP - ok
15:47:47.0843 1092 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:47:47.0984 1092 HTTPFilter - ok
15:47:48.0031 1092 [ 07853191B1BDEE5B39BE4CFCFE3B9AD4 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:47:48.0109 1092 hwdatacard - ok
15:47:48.0140 1092 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:47:48.0265 1092 i2omgmt - ok
15:47:48.0312 1092 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:47:48.0437 1092 i2omp - ok
15:47:48.0437 1092 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:47:48.0578 1092 i8042prt - ok
15:47:48.0640 1092 [ A38BF37FD0795382655F756DD4446FA0 ] IAANTMon C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
15:47:48.0640 1092 IAANTMon ( UnsignedFile.Multi.Generic ) - warning
15:47:48.0640 1092 IAANTMon - detected UnsignedFile.Multi.Generic (1)
15:47:48.0703 1092 [ D7731536E183B4397402CA6F9E1D52F7 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
15:47:48.0765 1092 iaStor - ok
15:47:48.0875 1092 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:47:48.0890 1092 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:47:48.0890 1092 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:47:49.0000 1092 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:47:49.0062 1092 idsvc - ok
15:47:49.0093 1092 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:47:49.0218 1092 Imapi - ok
15:47:49.0250 1092 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
15:47:49.0390 1092 ImapiService - ok
15:47:49.0406 1092 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:47:49.0531 1092 ini910u - ok
15:47:49.0546 1092 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:47:49.0671 1092 IntelIde - ok
15:47:49.0703 1092 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:47:49.0828 1092 intelppm - ok
15:47:49.0859 1092 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:47:49.0968 1092 Ip6Fw - ok
15:47:50.0015 1092 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:47:50.0140 1092 IpFilterDriver - ok
15:47:50.0156 1092 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:47:50.0281 1092 IpInIp - ok
15:47:50.0312 1092 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:47:50.0453 1092 IpNat - ok
15:47:50.0500 1092 [ 962BC769D1008D83F6A00B9DE887EEF4 ] iPodService C:\Programme\iPod\bin\iPodService.exe
15:47:50.0500 1092 iPodService ( UnsignedFile.Multi.Generic ) - warning
15:47:50.0500 1092 iPodService - detected UnsignedFile.Multi.Generic (1)
15:47:50.0531 1092 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:47:50.0656 1092 IPSec - ok
15:47:50.0687 1092 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:47:50.0765 1092 IRENUM - ok
15:47:50.0781 1092 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:47:50.0906 1092 isapnp - ok
15:47:50.0921 1092 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:47:51.0046 1092 Kbdclass - ok
15:47:51.0062 1092 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:47:51.0187 1092 kbdhid - ok
15:47:51.0203 1092 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:47:51.0328 1092 kmixer - ok
15:47:51.0375 1092 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:47:51.0468 1092 KSecDD - ok
15:47:51.0515 1092 [ AD1541D5FF5B3F903DA34737B6BA9A53 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:47:51.0562 1092 L8042Kbd - ok
15:47:51.0593 1092 [ E9D3C991F28F01415A7B56A854D243D8 ] L8042mou C:\WINDOWS\system32\Drivers\L8042mou.sys
15:47:51.0656 1092 L8042mou - ok
15:47:51.0687 1092 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:47:51.0734 1092 lanmanserver - ok
15:47:51.0781 1092 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:47:51.0875 1092 lanmanworkstation - ok
15:47:51.0875 1092 lbrtfdc - ok
15:47:51.0906 1092 [ E47F94327E369ED6916049FEBF5F85E5 ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
15:47:51.0921 1092 LHidKe - ok
15:47:51.0937 1092 [ A54C75E7481272EAAA6245683C89ECAA ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
15:47:52.0000 1092 LHidUsbK - ok
15:47:52.0031 1092 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:47:52.0046 1092 lirsgt - ok
15:47:52.0093 1092 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:47:52.0218 1092 LmHosts - ok
15:47:52.0234 1092 [ 0E34232FCA6F20172B1D8B6E8A9A26D1 ] LMouKE C:\WINDOWS\system32\Drivers\LMouKE.sys
15:47:52.0250 1092 LMouKE - ok
15:47:52.0296 1092 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:47:52.0328 1092 MBAMProtector - ok
15:47:52.0375 1092 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:47:52.0406 1092 MBAMScheduler - ok
15:47:52.0453 1092 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:47:52.0500 1092 MBAMService - ok
15:47:52.0531 1092 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:47:52.0671 1092 Messenger - ok
15:47:52.0718 1092 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:47:52.0843 1092 mnmdd - ok
15:47:52.0890 1092 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:47:53.0015 1092 mnmsrvc - ok
15:47:53.0109 1092 MOBCleanup - ok
15:47:53.0156 1092 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:47:53.0281 1092 Modem - ok
15:47:53.0312 1092 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:47:53.0421 1092 MODEMCSA - ok
15:47:53.0453 1092 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:47:53.0578 1092 Mouclass - ok
15:47:53.0609 1092 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:47:53.0734 1092 mouhid - ok
15:47:53.0750 1092 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:47:53.0875 1092 MountMgr - ok
15:47:53.0921 1092 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:47:53.0937 1092 MozillaMaintenance - ok
15:47:53.0953 1092 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:47:54.0125 1092 mraid35x - ok
15:47:54.0156 1092 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:47:54.0281 1092 MRxDAV - ok
15:47:54.0312 1092 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:47:54.0375 1092 MRxSmb - ok
15:47:54.0421 1092 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:47:54.0546 1092 MSDTC - ok
15:47:54.0562 1092 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:47:54.0687 1092 Msfs - ok
15:47:54.0687 1092 MSIServer - ok
15:47:54.0718 1092 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:47:54.0859 1092 MSKSSRV - ok
15:47:54.0890 1092 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:47:55.0015 1092 MSPCLOCK - ok
15:47:55.0031 1092 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:47:55.0156 1092 MSPQM - ok
15:47:55.0171 1092 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:47:55.0296 1092 mssmbios - ok
15:47:55.0343 1092 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:47:55.0390 1092 Mup - ok
15:47:55.0453 1092 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
15:47:55.0578 1092 napagent - ok
15:47:55.0609 1092 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:47:55.0734 1092 NDIS - ok
15:47:55.0750 1092 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:47:55.0796 1092 NdisTapi - ok
15:47:55.0828 1092 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:47:55.0953 1092 Ndisuio - ok
15:47:56.0000 1092 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:47:56.0109 1092 NdisWan - ok
15:47:56.0156 1092 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:47:56.0218 1092 NDProxy - ok
15:47:56.0250 1092 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:47:56.0375 1092 NetBIOS - ok
15:47:56.0406 1092 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:47:56.0515 1092 NetBT - ok
15:47:56.0562 1092 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
15:47:56.0687 1092 NetDDE - ok
15:47:56.0703 1092 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:47:56.0812 1092 NetDDEdsdm - ok
15:47:56.0859 1092 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:47:56.0984 1092 Netlogon - ok
15:47:57.0046 1092 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
15:47:57.0203 1092 Netman - ok
15:47:57.0250 1092 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:57.0265 1092 NetTcpPortSharing - ok
15:47:57.0296 1092 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:47:57.0421 1092 NIC1394 - ok
15:47:57.0453 1092 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
15:47:57.0468 1092 Nla - ok
15:47:57.0531 1092 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
15:47:57.0546 1092 NMSAccess - ok
15:47:57.0578 1092 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:47:57.0687 1092 Npfs - ok
15:47:57.0734 1092 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:47:57.0906 1092 Ntfs - ok
15:47:57.0906 1092 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:47:58.0031 1092 NtLmSsp - ok
15:47:58.0078 1092 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:47:58.0250 1092 NtmsSvc - ok
15:47:58.0281 1092 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:47:58.0406 1092 Null - ok
15:47:58.0640 1092 [ B9B1BB146EB9A83DCF0F5635B09D3D43 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:47:59.0046 1092 nv - ok
15:47:59.0093 1092 [ 1633409E67F1BD6E5AC8ECB9CD5D2027 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:47:59.0171 1092 NVSvc - ok
15:47:59.0203 1092 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:47:59.0328 1092 NwlnkFlt - ok
15:47:59.0343 1092 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:47:59.0468 1092 NwlnkFwd - ok
15:47:59.0500 1092 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:47:59.0625 1092 ohci1394 - ok
15:47:59.0671 1092 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
15:47:59.0687 1092 omci ( UnsignedFile.Multi.Generic ) - warning
15:47:59.0687 1092 omci - detected UnsignedFile.Multi.Generic (1)
15:47:59.0734 1092 [ C52548B920482DB03AF8B49BABD9FC48 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
15:47:59.0765 1092 ossrv - ok
15:47:59.0781 1092 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:47:59.0921 1092 Parport - ok
15:47:59.0937 1092 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:48:00.0046 1092 PartMgr - ok
15:48:00.0078 1092 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:48:00.0187 1092 ParVdm - ok
15:48:00.0203 1092 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:48:00.0343 1092 PCI - ok
15:48:00.0359 1092 PCIDump - ok
15:48:00.0375 1092 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:48:00.0500 1092 PCIIde - ok
15:48:00.0515 1092 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:48:00.0656 1092 Pcmcia - ok
15:48:00.0671 1092 PDCOMP - ok
15:48:00.0671 1092 PDFRAME - ok
15:48:00.0687 1092 PDRELI - ok
15:48:00.0687 1092 PDRFRAME - ok
15:48:00.0703 1092 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:48:00.0828 1092 perc2 - ok
15:48:00.0828 1092 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:48:00.0953 1092 perc2hib - ok
15:48:01.0015 1092 [ FEFC8EBC170615068C3305DBEE2667DD ] PfModNT C:\WINDOWS\system32\drivers\PfModNT.sys
15:48:01.0031 1092 PfModNT - ok
15:48:01.0046 1092 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
15:48:01.0062 1092 PlugPlay - ok
15:48:01.0109 1092 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
15:48:01.0125 1092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:48:01.0125 1092 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:48:01.0125 1092 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:48:01.0250 1092 PolicyAgent - ok
15:48:01.0265 1092 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:48:01.0390 1092 PptpMiniport - ok
15:48:01.0421 1092 [ 6D3B2FC5DEC2F59B28FE5FA17250A7B0 ] prodrv06 C:\WINDOWS\System32\drivers\prodrv06.sys
15:48:01.0437 1092 prodrv06 ( UnsignedFile.Multi.Generic ) - warning
15:48:01.0437 1092 prodrv06 - detected UnsignedFile.Multi.Generic (1)
15:48:01.0453 1092 [ C5F47B7EC2EC906847D5F80BA779A5BD ] prohlp02 C:\WINDOWS\system32\drivers\prohlp02.sys
15:48:01.0453 1092 prohlp02 ( UnsignedFile.Multi.Generic ) - warning
15:48:01.0453 1092 prohlp02 - detected UnsignedFile.Multi.Generic (1)
15:48:01.0484 1092 [ F3471E7971EE62420451D958DA635064 ] prosync1 C:\WINDOWS\system32\drivers\prosync1.sys
15:48:01.0500 1092 prosync1 ( UnsignedFile.Multi.Generic ) - warning
15:48:01.0500 1092 prosync1 - detected UnsignedFile.Multi.Generic (1)
15:48:01.0500 1092 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:48:01.0625 1092 ProtectedStorage - ok
15:48:01.0656 1092 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:48:01.0765 1092 PSched - ok
15:48:01.0781 1092 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:48:01.0906 1092 Ptilink - ok
15:48:01.0937 1092 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:48:01.0953 1092 PxHelp20 - ok
15:48:01.0968 1092 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:48:02.0093 1092 ql1080 - ok
15:48:02.0093 1092 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:48:02.0250 1092 Ql10wnt - ok
15:48:02.0265 1092 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:48:02.0375 1092 ql12160 - ok
15:48:02.0390 1092 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:48:02.0500 1092 ql1240 - ok
15:48:02.0515 1092 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:48:02.0625 1092 ql1280 - ok
15:48:02.0656 1092 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:48:02.0765 1092 RasAcd - ok
15:48:02.0796 1092 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:48:02.0921 1092 RasAuto - ok
15:48:02.0937 1092 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:48:03.0046 1092 Rasl2tp - ok
15:48:03.0093 1092 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:48:03.0218 1092 RasMan - ok
15:48:03.0234 1092 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:48:03.0359 1092 RasPppoe - ok
15:48:03.0359 1092 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:48:03.0484 1092 Raspti - ok
15:48:03.0515 1092 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:48:03.0640 1092 Rdbss - ok
15:48:03.0656 1092 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:48:03.0781 1092 RDPCDD - ok
15:48:03.0812 1092 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:48:03.0937 1092 rdpdr - ok
15:48:04.0015 1092 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:48:04.0093 1092 RDPWD - ok
15:48:04.0109 1092 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:48:04.0234 1092 RDSessMgr - ok
15:48:04.0265 1092 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:48:04.0390 1092 redbook - ok
15:48:04.0437 1092 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:48:04.0546 1092 RemoteAccess - ok
15:48:04.0578 1092 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:48:04.0703 1092 ROOTMODEM - ok
15:48:04.0734 1092 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:48:04.0859 1092 RpcLocator - ok
15:48:04.0890 1092 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:48:04.0906 1092 RpcSs - ok
15:48:04.0937 1092 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:48:05.0046 1092 RSVP - ok
15:48:05.0078 1092 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
15:48:05.0187 1092 SamSs - ok
15:48:05.0218 1092 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:48:05.0343 1092 SCardSvr - ok
15:48:05.0390 1092 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:48:05.0515 1092 Schedule - ok
15:48:05.0531 1092 [ 3097CFF31374E309A8950775111A52BD ] se44bus C:\WINDOWS\system32\DRIVERS\se44bus.sys
15:48:05.0781 1092 se44bus - ok
15:48:05.0812 1092 [ 4A03DD4FB5B7CB2C53D8FE8848455A4E ] se44mdfl C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
15:48:05.0843 1092 se44mdfl - ok
15:48:05.0859 1092 [ 2CA2E66A945B5DE1228AB5F5341D0E97 ] se44mdm C:\WINDOWS\system32\DRIVERS\se44mdm.sys
15:48:05.0890 1092 se44mdm - ok
15:48:05.0937 1092 [ 1977FB3C58C7C714A0BA8AD7960EFB26 ] se44mgmt C:\WINDOWS\system32\DRIVERS\se44mgmt.sys
15:48:05.0968 1092 se44mgmt - ok
15:48:06.0015 1092 [ 9BD87C965EB93475BCBD732936F46E7C ] se44nd5 C:\WINDOWS\system32\DRIVERS\se44nd5.sys
15:48:06.0046 1092 se44nd5 - ok
15:48:06.0078 1092 [ 5EFF45D05677695417C523D89C1757B6 ] se44obex C:\WINDOWS\system32\DRIVERS\se44obex.sys
15:48:06.0109 1092 se44obex - ok
15:48:06.0140 1092 [ 037D2D26F91CA67BAD9DA36FE5C88640 ] se44unic C:\WINDOWS\system32\DRIVERS\se44unic.sys
15:48:06.0171 1092 se44unic - ok
15:48:06.0281 1092 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Dokumente und Einstellungen\Christopher\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
15:48:06.0281 1092 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
15:48:06.0281 1092 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
15:48:06.0312 1092 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:48:06.0375 1092 Secdrv - ok
15:48:06.0390 1092 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
15:48:06.0515 1092 seclogon - ok
15:48:06.0546 1092 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
15:48:06.0671 1092 SENS - ok
15:48:06.0687 1092 [ B490AD520257DDA26C1D587A71E527B5 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:48:06.0687 1092 Ser2pl ( UnsignedFile.Multi.Generic ) - warning
15:48:06.0687 1092 Ser2pl - detected UnsignedFile.Multi.Generic (1)
15:48:06.0718 1092 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:48:06.0843 1092 serenum - ok
15:48:06.0875 1092 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:48:06.0984 1092 Serial - ok
15:48:07.0046 1092 [ 462AEE0EA0481EA8BD45CAC876A4CCC4 ] sfhlp01 C:\WINDOWS\system32\drivers\sfhlp01.sys
15:48:07.0062 1092 sfhlp01 ( UnsignedFile.Multi.Generic ) - warning
15:48:07.0062 1092 sfhlp01 - detected UnsignedFile.Multi.Generic (1)
15:48:07.0109 1092 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:48:07.0218 1092 Sfloppy - ok
15:48:07.0296 1092 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:48:07.0421 1092 SharedAccess - ok
15:48:07.0453 1092 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:48:07.0484 1092 ShellHWDetection - ok
15:48:07.0500 1092 Simbad - ok
15:48:07.0515 1092 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:48:07.0640 1092 sisagp - ok
15:48:07.0656 1092 [ 9FE3C19C993179C1266BD2B6CFB83E6B ] siusbmod C:\WINDOWS\system32\DRIVERS\siusbmod.sys
15:48:07.0687 1092 siusbmod ( UnsignedFile.Multi.Generic ) - warning
15:48:07.0687 1092 siusbmod - detected UnsignedFile.Multi.Generic (1)
15:48:07.0718 1092 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:48:07.0796 1092 Sparrow - ok
15:48:07.0812 1092 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:48:07.0921 1092 splitter - ok
15:48:07.0968 1092 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:48:08.0046 1092 Spooler - ok
15:48:08.0093 1092 [ C4BB8A12843D9CBB65F5FF617F389BBD ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
15:48:08.0203 1092 sptd - ok
15:48:08.0234 1092 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:48:08.0296 1092 sr - ok
15:48:08.0343 1092 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
15:48:08.0406 1092 srservice - ok
15:48:08.0437 1092 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:48:08.0531 1092 Srv - ok
15:48:08.0562 1092 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
15:48:08.0578 1092 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
15:48:08.0578 1092 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
15:48:08.0593 1092 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:48:08.0671 1092 SSDPSRV - ok
15:48:08.0703 1092 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:48:08.0718 1092 ssmdrv - ok
15:48:08.0734 1092 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
15:48:08.0750 1092 ssrtln ( UnsignedFile.Multi.Generic ) - warning
15:48:08.0750 1092 ssrtln - detected UnsignedFile.Multi.Generic (1)
15:48:08.0765 1092 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
15:48:08.0765 1092 StarOpen ( UnsignedFile.Multi.Generic ) - warning
15:48:08.0765 1092 StarOpen - detected UnsignedFile.Multi.Generic (1)
15:48:08.0796 1092 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:48:08.0937 1092 stisvc - ok
15:48:08.0984 1092 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:48:09.0125 1092 swenum - ok
15:48:09.0156 1092 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:48:09.0281 1092 swmidi - ok
15:48:09.0296 1092 SwPrv - ok
15:48:09.0328 1092 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:48:09.0453 1092 symc810 - ok
15:48:09.0468 1092 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:48:09.0578 1092 symc8xx - ok
15:48:09.0578 1092 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:48:09.0703 1092 sym_hi - ok
15:48:09.0703 1092 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:48:09.0828 1092 sym_u3 - ok
15:48:09.0859 1092 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:48:09.0968 1092 sysaudio - ok
15:48:10.0000 1092 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:48:10.0109 1092 SysmonLog - ok
15:48:10.0140 1092 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:48:10.0281 1092 TapiSrv - ok
15:48:10.0328 1092 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:48:10.0390 1092 Tcpip - ok
15:48:10.0437 1092 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:48:10.0546 1092 TDPIPE - ok
15:48:10.0562 1092 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:48:10.0687 1092 TDTCP - ok
15:48:10.0718 1092 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:48:10.0843 1092 TermDD - ok
15:48:10.0875 1092 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
15:48:11.0000 1092 TermService - ok
15:48:11.0078 1092 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
15:48:11.0093 1092 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0093 1092 tfsnboio - detected UnsignedFile.Multi.Generic (1)
15:48:11.0125 1092 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
15:48:11.0125 1092 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0125 1092 tfsncofs - detected UnsignedFile.Multi.Generic (1)
15:48:11.0140 1092 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
15:48:11.0140 1092 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0140 1092 tfsndrct - detected UnsignedFile.Multi.Generic (1)
15:48:11.0156 1092 [ D4400188782AA797598958969C9657D4 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
15:48:11.0171 1092 tfsndres ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0171 1092 tfsndres - detected UnsignedFile.Multi.Generic (1)
15:48:11.0203 1092 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
15:48:11.0203 1092 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0203 1092 tfsnifs - detected UnsignedFile.Multi.Generic (1)
15:48:11.0218 1092 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
15:48:11.0218 1092 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0218 1092 tfsnopio - detected UnsignedFile.Multi.Generic (1)
15:48:11.0234 1092 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
15:48:11.0250 1092 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0250 1092 tfsnpool - detected UnsignedFile.Multi.Generic (1)
15:48:11.0250 1092 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
15:48:11.0265 1092 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0265 1092 tfsnudf - detected UnsignedFile.Multi.Generic (1)
15:48:11.0281 1092 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
15:48:11.0281 1092 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
15:48:11.0281 1092 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
15:48:11.0312 1092 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
15:48:11.0328 1092 Themes - ok
15:48:11.0375 1092 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:48:11.0500 1092 TosIde - ok
15:48:11.0515 1092 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:48:11.0640 1092 TrkWks - ok
15:48:11.0656 1092 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:48:11.0781 1092 Udfs - ok
15:48:11.0812 1092 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:48:11.0875 1092 ultra - ok
15:48:11.0937 1092 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:48:12.0093 1092 Update - ok
15:48:12.0125 1092 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:48:12.0187 1092 upnphost - ok
15:48:12.0218 1092 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
15:48:12.0343 1092 UPS - ok
15:48:12.0375 1092 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:48:12.0500 1092 usbccgp - ok
15:48:12.0515 1092 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:48:12.0625 1092 usbehci - ok
15:48:12.0640 1092 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:48:12.0750 1092 usbhub - ok
15:48:12.0781 1092 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:48:12.0890 1092 usbprint - ok
15:48:12.0921 1092 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:48:13.0046 1092 usbscan - ok
15:48:13.0078 1092 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:48:13.0203 1092 USBSTOR - ok
15:48:13.0250 1092 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:48:13.0359 1092 usbuhci - ok
15:48:13.0390 1092 [ D40A2F00DA5A23A254C7B9C1678043C1 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe
15:48:13.0406 1092 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
15:48:13.0406 1092 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
15:48:13.0437 1092 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:48:13.0546 1092 VgaSave - ok
15:48:13.0562 1092 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:48:13.0687 1092 viaagp - ok
15:48:13.0687 1092 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:48:13.0828 1092 ViaIde - ok
15:48:13.0859 1092 [ E41FEF9E3056FE88C71E411F705BE41E ] vmm C:\WINDOWS\system32\Drivers\vmm.sys
15:48:13.0890 1092 vmm - ok
15:48:13.0890 1092 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:48:14.0000 1092 VolSnap - ok
15:48:14.0062 1092 [ F96A678DEBDCCB0B4BB7F38CB2580589 ] VPCNetS2 C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
15:48:14.0078 1092 VPCNetS2 - ok
15:48:14.0109 1092 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
15:48:14.0171 1092 VSS - ok
15:48:14.0218 1092 [ 34923E278EAC7DDCEA717AE1FCF592F6 ] w200bus C:\WINDOWS\system32\DRIVERS\w200bus.sys
15:48:14.0281 1092 w200bus - ok
15:48:14.0328 1092 [ EFF90A983CD3DEAB05922242E8072DC6 ] w200mdfl C:\WINDOWS\system32\DRIVERS\w200mdfl.sys
15:48:14.0468 1092 w200mdfl - ok
15:48:14.0500 1092 [ F03DA4FBB2708A0B5409EA63E88C0F50 ] w200mdm C:\WINDOWS\system32\DRIVERS\w200mdm.sys
15:48:14.0515 1092 w200mdm - ok
15:48:14.0531 1092 [ 1522D6387E6BB54AEF9824B1733832DB ] w200mgmt C:\WINDOWS\system32\DRIVERS\w200mgmt.sys
15:48:14.0546 1092 w200mgmt - ok
15:48:14.0578 1092 [ 8405BE0BBA1CCF26D0FBDD26BE03C816 ] w200obex C:\WINDOWS\system32\DRIVERS\w200obex.sys
15:48:14.0609 1092 w200obex - ok
15:48:14.0640 1092 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
15:48:14.0765 1092 w32time - ok
15:48:14.0796 1092 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:48:14.0906 1092 Wanarp - ok
15:48:14.0921 1092 WDICA - ok
15:48:14.0953 1092 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:48:15.0109 1092 wdmaud - ok
15:48:15.0140 1092 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:48:15.0265 1092 WebClient - ok
15:48:15.0343 1092 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:48:15.0468 1092 winmgmt - ok
15:48:15.0515 1092 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:48:15.0609 1092 WmdmPmSN - ok
15:48:15.0640 1092 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:48:15.0765 1092 WmiApSrv - ok
15:48:15.0843 1092 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
15:48:15.0921 1092 WMPNetworkSvc - ok
15:48:15.0921 1092 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:48:15.0937 1092 WpdUsb - ok
15:48:15.0984 1092 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:48:16.0109 1092 WS2IFSL - ok
15:48:16.0140 1092 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:48:16.0296 1092 wscsvc - ok
15:48:16.0312 1092 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:48:16.0437 1092 wuauserv - ok
15:48:16.0468 1092 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:48:16.0515 1092 WudfPf - ok
15:48:16.0531 1092 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:48:16.0562 1092 WudfRd - ok
15:48:16.0593 1092 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:48:16.0671 1092 WudfSvc - ok
15:48:16.0703 1092 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:48:16.0843 1092 WZCSVC - ok
15:48:16.0875 1092 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:48:17.0015 1092 xmlprov - ok
15:48:17.0031 1092 ================ Scan global ===============================
15:48:17.0062 1092 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
15:48:17.0109 1092 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:48:17.0125 1092 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
15:48:17.0140 1092 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
15:48:17.0156 1092 [Global] - ok
15:48:17.0156 1092 ================ Scan MBR ==================================
15:48:17.0171 1092 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
15:48:17.0437 1092 \Device\Harddisk0\DR0 - ok
15:48:17.0437 1092 ================ Scan VBR ==================================
15:48:17.0468 1092 [ 6A3C7C285378CA155B34B4F236F50650 ] \Device\Harddisk0\DR0\Partition1
15:48:17.0468 1092 \Device\Harddisk0\DR0\Partition1 - ok
15:48:17.0468 1092 ============================================================
15:48:17.0468 1092 Scan finished
15:48:17.0468 1092 ============================================================
15:48:17.0609 3312 Detected object count: 34
15:48:17.0609 3312 Actual detected object count: 34
15:52:02.0218 3312 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0218 3312 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0234 3312 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0234 3312 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 IAANTMon ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 IAANTMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 iPodService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 iPodService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0250 3312 omci ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0250 3312 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 prodrv06 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 prodrv06 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 prohlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 prohlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 prosync1 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 prosync1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0265 3312 sfhlp01 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0265 3312 sfhlp01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 siusbmod ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 siusbmod ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0281 3312 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0281 3312 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0296 3312 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0296 3312 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:02.0312 3312 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:02.0312 3312 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu malwarebytes findet trojan.zbot - brauch hilfe |
| 7-zip, antivir, aufrufe, avg, avira, bho, cdburnerxp, cpu-z, dell computer, dsl, error, firefox, flash player, format, home, intranet, logfile, mozilla, mp3, nodrives, ntdll.dll, object, officejet, pando media booster, plug-in, registry, rundll, scan, security, software, speicherplatz, stick, system, udp, unerwarteter fehler, usb 2.0, visual studio, windows, windows internet |
Button.
.
und speichere das Logfile als ESET.txt auf dem Desktop.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
