Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zugriff auf web.de-Postfach verweigert - Botnetz

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.11.2012, 18:16   #1
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Guten Abend,

ich habe folgendes Problem. Als ich vor kurzem auf mein Postfach zugegriffen habe ist mir aufgefallen, dass ich ganze viele E-Mails verschickt haben soll (was ich nicht habe) und diese per Mailer Daemon wieder an mich zurückgesendet wurden. Kurz darauf wurde mein Mail-Account bei web.de gesperrt, mit folgender Nachricht:

Unbefugte haben kürzlich auf Ihr Postfach zugegriffen. Um Sie und Ihre Daten zu schützen, haben wir Ihr Postfach daher gesperrt.

-------
Sehr geehrter WEB.DE Nutzer,

unser Sicherheits-Team hat den Versuch eines unbefugten Zugriffs auf Ihr Postfach festgestellt. Es besteht der dringende Verdacht, dass Ihr Postfach für den Spam-Versand missbraucht wurde oder dass sich Dritte unbefugt Zugriff verschafft haben.

Um dies zu unterbinden, haben wir Ihr Postfach zu Ihrer und zu unserer Sicherheit vorsorglich für den Login gesperrt.

Um Ihr Postfach wieder freizuschalten, gehen Sie bitte wie folgt vor:

Führen Sie bitte umgehend einen Virenscan durch. Falls Sie keinen Virenscanner besitzen, besuchen Sie zunächst unsere Partnerseite https://www.botfrei.de/webde/ und laden sich den dort angebotenen Virenscanner herunter.

Wenden Sie sich dann bitte zur Entsperrung Ihres Postfachs an unseren Kundenservice. Wir haben dazu eine kostenlose Rufnummer bereitgestellt:

0800 932 3322

Montag bis Freitag: 8 - 18 Uhr
Samstag und Sonntag: 10 - 18 Uhr

Uns ist die Sicherheit Ihres Postfachs und Ihrer Daten wichtig. Bitte helfen Sie uns, gemeinsam eine hohe Datenqualität zu erhalten und den vollen Funktionsumfang Ihres Postfachs zu gewährleisten.

Vielen Dank für Ihre Mitwirkung!

WEB.DE
Abuse Abteilung

------

Das Schicksal hat wohl bereits einige erreicht, wie ich im Internet nachlesen durfte. Ich habe daraufhin einen Scan mit Malwarebytes und Avira gemacht. Avira hat tatsächlich etwas gefunden.

Ich habe den Trojaner dann gelöscht (ich weis, das soll man nicht) aber der darauffolgende Scan ergab wieder einen Fund (den ich diesmal in die Quarantäne verschoben habe).

Ich würde mich wirklich freuen, wenn mir einer von Euch weiterhelfen könnte.

Ich arbeite mal die Checkliste ab und poste die Ergebnisse.

Vielen Dank im Voraus

Mit freundlichen Grüßen

Wilms

Die defogger disable log file:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:04 on 15/11/2012 (AnGoe)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.11.2012 19:19:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AnGoe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,82% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 7,04 Gb Free Space | 10,11% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 6,32 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive F: | 14,91 Gb Total Space | 14,27 Gb Free Space | 95,75% Space Free | Partition Type: FAT32
 
Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
PRC - [2012.11.04 10:32:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe
PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.04 10:32:12 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7)
SRV - [2012.11.04 10:32:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1)
SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer)
SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 10:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
 
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions
[2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com
[2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged
[2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions
[2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\staged
[2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com
[2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.04 10:32:17 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 19:04:15 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.02.04 11:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 10:32:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.27 18:40:04 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.11.04 10:32:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 18:40:04 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.04.27 18:40:04 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.11.04 10:32:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.04.27 18:40:04 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    全讯网,博彩优æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*即时指数,太阳城代理112scg,tt娱乐城8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1    100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 19:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\TB
[2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD_retreat_endgültige Versionen
[2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD-draft
[2012.10.26 23:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.23 21:30:09 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\AngioQuant
[2012.10.23 19:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\MathWorks
[2012.10.17 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Avira
[2012.10.17 17:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.17 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.10.17 17:12:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.17 17:12:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.17 17:12:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:12:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.17 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 19:24:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job
[2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2012.11.15 19:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\AnGoe\defogger_reenable
[2012.11.15 18:39:49 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 18:39:49 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 18:39:49 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 18:39:49 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 18:39:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 18:35:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:47:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 22:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.14 22:28:25 | 000,216,064 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat
[2012.10.26 23:25:29 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.26 23:25:28 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.18 18:51:56 | 083,023,306 | ---- | M] () -- C:\ProgramData\gifnocsm.pad
[2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:13:40 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.17 13:47:21 | 083,023,306 | ---- | M] () -- C:\ProgramData\dapeton.pad
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\AnGoe\defogger_reenable
[2012.10.26 23:25:29 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.26 23:25:28 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad
[2012.10.17 17:13:40 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad
[2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\AnGoe\.recently-used.xbel
[2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe
[2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini
[2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm
[2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5
[2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\AnGoe\ntuser.pol
[2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\AnGoe\PCPanel2.ini
[2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\AnGoe\.perlprimer
[2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat
[2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat
[2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf
[2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat
[2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.16 00:49:06 | 000,216,064 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.11.2012 19:19:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\AnGoe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,82% Memory free
4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 7,04 Gb Free Space | 10,11% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 6,32 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive F: | 14,91 Gb Total Space | 14,27 Gb Free Space | 95,75% Space Free | Partition Type: FAT32
 
Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
PRC - [2012.11.04 10:32:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe
PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.04 10:32:12 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7)
SRV - [2012.11.04 10:32:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1)
SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer)
SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 10:32:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
 
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions
[2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com
[2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged
[2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions
[2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\staged
[2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com
[2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.04 10:32:17 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.15 19:04:15 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.02.04 11:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.04 10:32:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.04.27 18:40:04 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.11.04 10:32:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.27 18:40:04 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.04.27 18:40:04 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.11.04 10:32:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.04.27 18:40:04 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    全讯网,博彩优æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*即时指数,太阳城代理112scg,tt娱乐城8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1    100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 19:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\TB
[2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD_retreat_endgültige Versionen
[2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD-draft
[2012.10.26 23:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.23 21:30:09 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\AngioQuant
[2012.10.23 19:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\MathWorks
[2012.10.17 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Avira
[2012.10.17 17:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.17 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.10.17 17:12:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.17 17:12:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.17 17:12:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:12:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.17 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 19:24:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job
[2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe
[2012.11.15 19:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\AnGoe\defogger_reenable
[2012.11.15 18:39:49 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 18:39:49 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 18:39:49 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.15 18:39:49 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 18:39:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 18:35:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 17:47:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.11.14 22:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.14 22:28:25 | 000,216,064 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat
[2012.10.26 23:25:29 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.26 23:25:28 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.18 18:51:56 | 083,023,306 | ---- | M] () -- C:\ProgramData\gifnocsm.pad
[2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.17 17:13:40 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.17 13:47:21 | 083,023,306 | ---- | M] () -- C:\ProgramData\dapeton.pad
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\AnGoe\defogger_reenable
[2012.10.26 23:25:29 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.26 23:25:28 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad
[2012.10.17 17:13:40 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad
[2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\AnGoe\.recently-used.xbel
[2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe
[2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini
[2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm
[2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5
[2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\AnGoe\ntuser.pol
[2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\AnGoe\PCPanel2.ini
[2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\AnGoe\.perlprimer
[2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat
[2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat
[2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf
[2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat
[2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.16 00:49:06 | 000,216,064 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt Extras.Txt (33,3 KB, 249x aufgerufen)

Alt 17.11.2012, 11:36   #2
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Zitat:
Zitat von Wilms Beitrag anzeigen
Ich habe daraufhin einen Scan mit Malwarebytes und Avira gemacht. Avira hat tatsächlich etwas gefunden.

Ich habe den Trojaner dann gelöscht (ich weis, das soll man nicht) aber der darauffolgende Scan ergab wieder einen Fund (den ich diesmal in die Quarantäne verschoben habe).
Und ich soll jetzt erraten, was die Programme gefunden haben?
Bitte alle Logs mit Funden posten






Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdateien von MBAM und Avira,
  • die Logdatei von ComboFix.
__________________

__________________

Alt 21.11.2012, 08:50   #3
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
__________________

Alt 28.11.2012, 09:10   #4
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,



die Logdateien sind zu alt, wir benötigen neue.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von aswMBR,
  • die Logdatei von TDSSKiller.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 28.11.2012, 22:50   #5
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



hallo M-K-D-B,

freut mich sehr, dass es doch noch klappt. Ich bin immer relativ lange bei der Arbeit, deshalb werde ich meistens erst gegen Abend antworten. Ich hoffe, das ist okay. Ich arbeite jetzt mal die Schritte ab und poste die Ergebnisse.

Viele Grüße

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2012 23:44:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\.....\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,90% Memory free
4,24 Gb Paging File | 3,08 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 21,23 Gb Free Space | 30,48% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS
Drive H: | 1,86 Gb Total Space | 0,27 Gb Free Space | 14,75% Space Free | Partition Type: FAT32
 
Computer Name: MENKOU | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe
PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7)
SRV - [2012.11.20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1)
SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer)
SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235}
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.26 21:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
 
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions
[2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com
[2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged
[2012.11.15 21:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions
[2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com
[2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.15 21:46:43 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.26 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.20 07:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	全讯网,博彩优æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*即时指数,太阳城代理112scg,tt娱乐城8bc8,网上真钱娱
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\.....\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\.....\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10EB7847-2806-9C49-4815-4E64A85A606E} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8E9EDC1B-5B74-8111-B966-47D72A703524} - Microsoft Windows Media Player 11.0
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
MsConfig - StartUpReg: CamAppSTI.exe - hkey= - key= - C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe (AVEO)
MsConfig - StartUpReg: Cm108Sound - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: PLFSet - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\sx_cam_i420.dll (Xirlink, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.28 23:39:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe
[2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.11.23 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\FolderSize
[2012.11.23 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012.11.23 13:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2012.11.18 10:42:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.18 10:42:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.18 10:42:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.18 10:42:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.18 10:42:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.18 10:42:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.18 10:42:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.18 10:42:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\.....\.imagej
[2012.11.17 11:46:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.17 11:45:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\TB
[2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\PhD_retreat_endgültige Versionen
[2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\PhD-draft
[2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\.....\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\.....\Desktop\*.tmp files -> C:\Users\.....\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 23:44:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job
[2012.11.28 23:35:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 23:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 22:48:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 22:48:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 21:03:03 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.28 21:03:03 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.28 21:03:03 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.28 21:03:03 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.28 20:49:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 20:48:29 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 20:48:19 | 244,118,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.28 00:08:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.26 23:19:13 | 000,222,720 | ---- | M] () -- C:\Users\.....\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 21:57:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 18:45:18 | 000,420,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe
[2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\.....\defogger_reenable
[2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\.....\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\.....\Desktop\*.tmp files -> C:\Users\.....\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.26 21:57:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\.....\defogger_reenable
[2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad
[2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad
[2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\.....\.recently-used.xbel
[2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe
[2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini
[2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\.....\AppData\Local\keyfile3.drm
[2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5
[2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\.....\ntuser.pol
[2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\.....\PCPanel2.ini
[2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\.....\.perlprimer
[2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\.....\AppData\Local\d3d9caps.dat
[2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\.....\AppData\Roaming\pcouffin.cat
[2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\.....\AppData\Roaming\pcouffin.inf
[2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\.....\AppData\Roaming\wklnhst.dat
[2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.16 00:49:06 | 000,222,720 | ---- | C] () -- C:\Users\.....\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software)

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.11.2012 23:44:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,90% Memory free
4,24 Gb Paging File | 3,08 Gb Available in Paging File | 72,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 21,23 Gb Free Space | 30,48% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS
Drive H: | 1,86 Gb Total Space | 0,27 Gb Free Space | 14,75% Space Free | Partition Type: FAT32
 
Computer Name: MENKOU | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E77E7F-DE13-4CF6-A9A9-C7578BBBEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{065C9460-F936-4941-AE68-B274DF7C7DF4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0BCDCBD0-43C0-45C9-87F4-F8D1DA30CFA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1EABA1C6-A240-4B2C-AE5C-73C44F2C9F5E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{30D6649E-0305-4534-828B-A115E2FF35FD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4AEB381A-FCF1-4AA7-BF6E-99EE287EF7C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{58F3D252-8911-4F8B-92E9-3F7695D4CCBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{66D87C95-50F0-44BA-9077-0237328C97E0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7260CD35-A51B-498C-B35F-925C8BE4D7C8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{810BEBB9-DF61-4BD2-8164-A6FA487EA37B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{83527D8B-14B6-4AD9-A943-8EB5970887B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{864BAC36-752E-49DF-B940-7E81517EC749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9214F1D2-107F-4309-8E3B-B0246D092AD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{95D0A141-A248-4A61-B7FB-2AFCEBA208CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A2C3D533-203D-4C20-B734-F9750911335D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A7DDC671-14A0-48A3-BD01-62F0CE4D4F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AC8D1D60-B24F-4E7C-A0B0-6AC9B113061C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D1ABFF8A-F46D-4D43-A657-9125B3C1134B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DA56E6D4-5D7B-4FDC-B86C-5E87492A83CF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F4E6236B-3F95-41BE-B004-55918741470A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1176668C-D6A8-46D7-98AE-517791695A56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{264F230D-AE95-4EB8-8E9D-65DA9066EF22}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{269B078E-7E8D-40BE-905E-D2B26944C8D5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{37433D6E-F9AF-488E-869D-7260249F2683}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{379A2A16-EB7D-4024-ABAF-D12DC084EED4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{3CD4282D-7921-4C71-978D-E41E68B02695}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{480EB638-76A7-4094-94EF-1A6B24119727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{587B7E37-A678-4498-9CA0-E63C6776DECC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{5C647CD7-83AD-4093-A523-443F2BFB8334}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{630AC123-9284-4259-AE85-C134CE864F01}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{63E6143C-BBB9-41A7-B8A7-CEE8FD8B166F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{71F9E79D-E8E4-42EC-9BD2-20DED870E42F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{790FE5E6-453A-49F7-B915-D93D4D659E1C}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{7D45DE3A-904D-486F-817B-78F1E14D91BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9639F690-4D28-4990-A09E-973DAD9504C0}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{A7783587-535F-458D-AAAF-56F74FE2C6D2}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B0C64015-0693-4E61-8EF2-153062D707D6}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{BFFFA56E-A5D9-42B0-AC92-A43CBF8671A4}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{CE851C04-E1FC-43BD-8B4D-512FF75397A3}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{CF743434-8C71-42B2-AA26-4C4DDF68C533}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{D412970E-83F2-4B62-B3D6-FB488D60B9B0}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{D4AF83A7-A298-4CFA-973F-1DB8421FCFCA}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{E117BF38-A0B1-4F95-80CA-31391F2273FB}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{E4106503-5FA1-4202-A495-A766BF249CAB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E53E6766-5029-4473-B404-6A6B54572DB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1CDC54C-5686-4BAF-A76E-2F77AE56BA75}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{F5D3B397-3AF7-4627-9968-6AB1B050BFB6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{FD876DD9-1355-4B89-92F6-A6CA7A442ACC}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{0EDF04DA-E88A-4B6C-989C-EF369B206E45}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 
"TCP Query User{16A21B4E-E6CE-4F27-85A0-7579BD276D4F}D:\applied biosystems\7500 fast system\sdsshell.exe" = protocol=6 | dir=in | app=d:\applied biosystems\7500 fast system\sdsshell.exe | 
"TCP Query User{46A32858-B65F-4F5D-8FDD-100A037A4AA2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{49C2B847-5E39-41EA-9B5A-83A685F6C601}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{50DA9D83-1AFE-44AC-835A-B19F5C56DF8F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{5A57C19C-C6E8-48C1-8F2B-F125954EDF31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{622C23CC-031B-4F9D-A397-B1326028F1C0}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{731FBD91-E9D0-438D-AE99-D2DE4F78E4E6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{B521E8E8-5D1F-46AA-B1C1-57EECB91FC68}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{CDC6CAF7-59CE-4594-ADE4-FE4166159885}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | 
"TCP Query User{DDD67533-F9BE-45A9-9A66-C9070AB9D120}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=6 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | 
"TCP Query User{DDD8484E-23A2-4D16-A723-4C753A484C20}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=6 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | 
"UDP Query User{110A4731-6541-4E37-A4E0-69A13DE5C06F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{1CE0EC26-B122-4315-B2D7-6FCBA918EE7E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{1FD3C2FF-9BA3-443A-A72A-D0944C610F7B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{568F011F-C88C-429D-BC06-D65DEF3E2B4A}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | 
"UDP Query User{60FB7D84-2A2C-413A-8429-5157B4196D64}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{622521CA-E6E9-431F-9ECE-B11E27A35427}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=17 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | 
"UDP Query User{6CE11091-A3E4-49D8-AE2F-9CD8C6DF918E}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | 
"UDP Query User{74C9FF21-A374-4809-973B-06673F0427E8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{A5B7F41D-FB0D-4017-963D-3F1CC30E0AD6}D:\applied biosystems\7500 fast system\sdsshell.exe" = protocol=17 | dir=in | app=d:\applied biosystems\7500 fast system\sdsshell.exe | 
"UDP Query User{C2C57145-DD8F-4D92-A722-1CC56239F1BE}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=17 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | 
"UDP Query User{ED7FFC0B-DEB3-41F8-8292-0F4F1472080E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{EDC593FC-7D20-42A1-9791-C2C01960DD2E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E0C7BCA-4DE6-4CB3-A2D0-D0E99766BD43}" = Primer Express 3.0
"{0F0122E0-5665-4B91-9C71-85F98E20DCF2}" = Scion Image 4.0.3.2
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{359E7E50-5ED2-466A-88A6-C36F8AB59018}" = MATLAB(R) Compiler Runtime 7.8
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 (Trial)
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{487C2D48-A9E3-4F34-92BD-B6A847025C16}" = Free eXPert PDF Reader
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}" = Sound Blaster Play!
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{6F96D3F2-E938-4275-82C0-F89125B3C62D}" = MATLAB Component Runtime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7ADCF137-F6C0-4121-817D-A4AE98048794}" = Carl Zeiss AxioVision Rel. 4.8.2
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900
"{8DA83EA6-E731-4722-958D-613399AE1031}" = Nero 7 Essentials
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958B08B0-C784-4A77-8D2B-C0A58F1E14B5}" = HP Officejet 6500 E710a-f Hilfe
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FFD78AC-16E3-4C6B-B8B9-2D739CF3F66D}" = Leica LAS AF Lite
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BA0BE54D-BB87-4ED4-B5C5-5F7A8CE2B4EA}" = Scion FG Java Package for ImageJ
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C04BADDA-A8E5-4460-8385-88F2A9E2A305}" = MATLAB Component Runtime 7.6
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C51975DE-6450-4B3A-908F-5CA91494B1D3}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D4E01931-9B3F-49BD-B19B-511000A1E039}" = Samsung PC Studio II 2.0 PIMS & File Manager
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E6064576-236D-4C12-ACBD-BC8B606F9329}_is1" = CellProfiler 2.0 r10997
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = hama USB-Sound Card 7.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DivX Setup" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.1.6 (24/12/2010)
"EndNote" = EndNote
"Everything" = Everything 1.2.1.371
"FBDBServer1_is1" = Firebird 1.0.0.796
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"GENtle" = GENtle
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"ImageTool" = ImageTool
"InstallShield_{0E0C7BCA-4DE6-4CB3-A2D0-D0E99766BD43}" = Primer Express 3.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LManager" = Launch Manager
"MAGIX Filme auf CD & DVD TerraTec Edition D" = MAGIX Filme auf CD & DVD TerraTec Edition 6.0.3.7 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office 2007 Word Konverter_is1" = Office 2007 Word Konverter 1.0.1
"OpenVPN" = OpenVPN 2.1_rc15
"Opera 12.02.1578" = Opera 12.02
"Peak Drivers" = Peak Drivers
"PerlPrimer" = PerlPrimer 1.1.16
"QuickTime" = QuickTime
"realplex" = realplex
"REST 2008_is1" = REST 2008 2.0.7
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 2.0.1
"WinAce Archiver 2.0" = WinAce Archiver 2.0
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2005Setup" = Setup-Start von Microsoft Works 2005
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2012 15:11:23 | Computer Name = menkou | Source = Perflib | ID = 1010
Description = 
 
Error - 16.11.2012 19:51:17 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.11.2012 04:20:27 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 18.11.2012 06:02:58 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 18.11.2012 16:49:14 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 21.11.2012 18:12:06 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 22.11.2012 14:04:00 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 23.11.2012 08:53:15 | Computer Name = menkou | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Everything.exe, Version 1.2.1.371, Zeitstempel
 0x49b9b478, fehlerhaftes Modul Everything.exe, Version 1.2.1.371, Zeitstempel 0x49b9b478,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00005f54,  Prozess-ID 0x1298, Anwendungsstartzeit
 01cdc977a971053b.
 
Error - 23.11.2012 09:19:38 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 25.11.2012 11:51:24 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
Error - 27.11.2012 19:07:49 | Computer Name = menkou | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 27.11.2012 13:18:25 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2012 14:48:12 | Computer Name = menkou | Source = DCOM | ID = 10010
Description = 
 
Error - 27.11.2012 17:01:40 | Computer Name = menkou | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP LaserJet 6L (Kopie 3) nicht
 unter dem Namen HP LaserJet 6L (Kopie 3) freigeben. Fehler: 2114. Der Drucker kann
 nicht von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 27.11.2012 17:02:03 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2012 17:32:44 | Computer Name = menkou | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.11.2012 um 22:13:23 unerwartet heruntergefahren.
 
Error - 27.11.2012 17:33:13 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2012 19:07:48 | Computer Name = menkou | Source = DCOM | ID = 10010
Description = 
 
Error - 28.11.2012 14:19:49 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.11.2012 15:48:29 | Computer Name = menkou | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 28.11.2012 um 20:44:24 unerwartet heruntergefahren.
 
Error - 28.11.2012 15:49:17 | Computer Name = menkou | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:59 on 28/11/2012 (....)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 00:03:01
-----------------------------
00:03:01.802 OS Version: Windows 6.0.6002 Service Pack 2
00:03:01.802 Number of processors: 2 586 0xF0A
00:03:01.802 ComputerName: MENKOU UserName: AnGoe
00:03:02.645 Initialize success
00:08:00.927 AVAST engine defs: 12112801
00:08:10.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:08:10.802 Disk 0 Vendor: ST916082 3.AL Size: 152627MB BusType: 3
00:08:10.849 Disk 0 MBR read successfully
00:08:10.849 Disk 0 MBR scan
00:08:10.942 Disk 0 unknown MBR code
00:08:10.974 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
00:08:11.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
00:08:11.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
00:08:11.083 Disk 0 scanning sectors +312578048
00:08:11.286 Disk 0 scanning C:\Windows\system32\drivers
00:08:49.038 Service scanning
00:10:57.207 Modules scanning
00:11:26.972 Disk 0 trace - called modules:
00:11:27.518 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:11:27.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f0faa0]
00:11:27.518 3 CLASSPNP.SYS[893c28b3] -> nt!IofCallDriver -> [0x85e18710]
00:11:27.534 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e23030]
00:11:28.704 AVAST engine scan C:\Windows
00:11:34.616 AVAST engine scan C:\Windows\system32
00:17:15.273 AVAST engine scan C:\Windows\system32\drivers
00:18:04.975 AVAST engine scan C:\Users\AnGoe
00:22:13.608 AVAST engine scan C:\ProgramData
00:24:37.081 Scan finished successfully
00:26:44.012 Disk 0 MBR has been saved successfully to "C:\Users\AnGoe\Desktop\TB_Files_121128\MBR.dat"
00:26:44.044 The log file has been saved successfully to "C:\Users\AnGoe\Desktop\TB_Files_121128\aswMBR.txt"


Alt 28.11.2012, 23:39   #6
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



00:28:21.0681 0252 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:28:21.0727 0252 ============================================================
00:28:21.0727 0252 Current date / time: 2012/11/29 00:28:21.0727
00:28:21.0727 0252 SystemInfo:
00:28:21.0727 0252
00:28:21.0727 0252 OS Version: 6.0.6002 ServicePack: 2.0
00:28:21.0727 0252 Product type: Workstation
00:28:21.0727 0252 ComputerName: MENKOU
00:28:21.0727 0252 UserName: ......
00:28:21.0727 0252 Windows directory: C:\Windows
00:28:21.0727 0252 System windows directory: C:\Windows
00:28:21.0727 0252 Processor architecture: Intel x86
00:28:21.0727 0252 Number of processors: 2
00:28:21.0727 0252 Page size: 0x1000
00:28:21.0727 0252 Boot type: Normal boot
00:28:21.0727 0252 ============================================================
00:28:22.0289 0252 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:28:22.0305 0252 Drive \Device\Harddisk1\DR10 - Size: 0x775F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:28:22.0305 0252 ============================================================
00:28:22.0305 0252 \Device\Harddisk0\DR0:
00:28:22.0320 0252 MBR partitions:
00:28:22.0320 0252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
00:28:22.0320 0252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
00:28:22.0320 0252 \Device\Harddisk1\DR10:
00:28:22.0320 0252 MBR partitions:
00:28:22.0320 0252 \Device\Harddisk1\DR10\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3BAD41
00:28:22.0320 0252 ============================================================
00:28:22.0461 0252 C: <-> \Device\Harddisk0\DR0\Partition1
00:28:22.0648 0252 D: <-> \Device\Harddisk0\DR0\Partition2
00:28:22.0648 0252 ============================================================
00:28:22.0648 0252 Initialize success
00:28:22.0648 0252 ============================================================
00:28:27.0936 4928 ============================================================
00:28:27.0936 4928 Scan started
00:28:27.0936 4928 Mode: Manual;
00:28:27.0936 4928 ============================================================
00:28:28.0482 4928 ================ Scan system memory ========================
00:28:28.0482 4928 System memory - ok
00:28:28.0482 4928 ================ Scan services =============================
00:28:28.0810 4928 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:28:28.0810 4928 ACPI - ok
00:28:28.0872 4928 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:28:28.0872 4928 AdobeFlashPlayerUpdateSvc - ok
00:28:28.0919 4928 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:28:28.0919 4928 adp94xx - ok
00:28:28.0950 4928 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:28:28.0950 4928 adpahci - ok
00:28:28.0981 4928 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:28:28.0981 4928 adpu160m - ok
00:28:28.0997 4928 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:28:29.0013 4928 adpu320 - ok
00:28:29.0059 4928 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:28:29.0059 4928 AeLookupSvc - ok
00:28:29.0137 4928 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:28:29.0137 4928 AFD - ok
00:28:29.0153 4928 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:28:29.0169 4928 agp440 - ok
00:28:29.0200 4928 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:28:29.0200 4928 aic78xx - ok
00:28:29.0262 4928 [ 730E9D3BB324FB1899005AEA63C6782D ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
00:28:29.0262 4928 aksfridge - ok
00:28:29.0309 4928 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:28:29.0309 4928 ALG - ok
00:28:29.0325 4928 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
00:28:29.0325 4928 aliide - ok
00:28:29.0356 4928 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:28:29.0356 4928 amdagp - ok
00:28:29.0371 4928 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
00:28:29.0371 4928 amdide - ok
00:28:29.0403 4928 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:28:29.0403 4928 AmdK7 - ok
00:28:29.0418 4928 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:28:29.0418 4928 AmdK8 - ok
00:28:29.0527 4928 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:28:29.0527 4928 AntiVirSchedulerService - ok
00:28:29.0590 4928 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:28:29.0590 4928 AntiVirService - ok
00:28:29.0652 4928 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:28:29.0652 4928 AntiVirWebService - ok
00:28:29.0715 4928 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:28:29.0715 4928 Appinfo - ok
00:28:29.0746 4928 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
00:28:29.0746 4928 arc - ok
00:28:29.0793 4928 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:28:29.0793 4928 arcsas - ok
00:28:29.0839 4928 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:28:29.0839 4928 AsyncMac - ok
00:28:29.0871 4928 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
00:28:29.0871 4928 atapi - ok
00:28:29.0917 4928 [ 6046A55F79DE9C581B8D5E9C1366CC81 ] athr C:\Windows\system32\DRIVERS\athr.sys
00:28:29.0933 4928 athr - ok
00:28:29.0995 4928 [ 581B9BE9E92A0F3856CC85EC011EDC6F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
00:28:29.0995 4928 Ati External Event Utility - ok
00:28:30.0136 4928 [ 22D300F835600C9C634860CF2912F9CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:28:30.0151 4928 atikmdag - ok
00:28:30.0214 4928 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:28:30.0229 4928 AudioEndpointBuilder - ok
00:28:30.0229 4928 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:28:30.0229 4928 Audiosrv - ok
00:28:30.0323 4928 [ 5B0DD6940188900A4F2681092EFEA6D2 ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys
00:28:30.0323 4928 AVEO - ok
00:28:30.0370 4928 [ 59AB11F9B541C6279E0D45DFB77D7B17 ] AVerAF15 C:\Windows\system32\Drivers\AVerAF15.sys
00:28:30.0370 4928 AVerAF15 - ok
00:28:30.0432 4928 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:28:30.0432 4928 avgntflt - ok
00:28:30.0479 4928 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:28:30.0479 4928 avipbb - ok
00:28:30.0510 4928 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:28:30.0510 4928 avkmgr - ok
00:28:30.0557 4928 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
00:28:30.0557 4928 azvusb - ok
00:28:30.0588 4928 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:28:30.0588 4928 b57nd60x - ok
00:28:30.0697 4928 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
00:28:30.0697 4928 BcmSqlStartupSvc - ok
00:28:30.0744 4928 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:28:30.0744 4928 Beep - ok
00:28:30.0807 4928 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
00:28:30.0807 4928 BFE - ok
00:28:30.0900 4928 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
00:28:30.0931 4928 BITS - ok
00:28:30.0931 4928 blbdrive - ok
00:28:30.0978 4928 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:28:30.0978 4928 bowser - ok
00:28:31.0009 4928 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:28:31.0009 4928 BrFiltLo - ok
00:28:31.0025 4928 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:28:31.0025 4928 BrFiltUp - ok
00:28:31.0072 4928 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:28:31.0072 4928 Browser - ok
00:28:31.0103 4928 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:28:31.0103 4928 Brserid - ok
00:28:31.0119 4928 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:28:31.0119 4928 BrSerWdm - ok
00:28:31.0134 4928 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:28:31.0134 4928 BrUsbMdm - ok
00:28:31.0134 4928 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:28:31.0134 4928 BrUsbSer - ok
00:28:31.0197 4928 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
00:28:31.0197 4928 BthEnum - ok
00:28:31.0228 4928 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:28:31.0243 4928 BTHMODEM - ok
00:28:31.0290 4928 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:28:31.0290 4928 BthPan - ok
00:28:31.0368 4928 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
00:28:31.0368 4928 BTHPORT - ok
00:28:31.0415 4928 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
00:28:31.0415 4928 BthServ - ok
00:28:31.0462 4928 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
00:28:31.0462 4928 BTHUSB - ok
00:28:31.0493 4928 [ C879F83C1F1FC1F8C7D568CB56CFC3AB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
00:28:31.0493 4928 btwaudio - ok
00:28:31.0509 4928 [ 032D5459BB8AF9266CE95B18F9CD59B2 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
00:28:31.0509 4928 btwavdt - ok
00:28:31.0555 4928 [ 0F3408C5934752DB8316DF09FCCD7B33 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
00:28:31.0555 4928 btwrchid - ok
00:28:31.0587 4928 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:28:31.0587 4928 cdfs - ok
00:28:31.0633 4928 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:28:31.0633 4928 cdrom - ok
00:28:31.0696 4928 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
00:28:31.0696 4928 CertPropSvc - ok
00:28:31.0711 4928 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
00:28:31.0711 4928 circlass - ok
00:28:31.0758 4928 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
00:28:31.0758 4928 CLFS - ok
00:28:31.0821 4928 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:28:31.0821 4928 clr_optimization_v2.0.50727_32 - ok
00:28:31.0930 4928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:28:31.0930 4928 clr_optimization_v4.0.30319_32 - ok
00:28:31.0992 4928 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:28:31.0992 4928 CmBatt - ok
00:28:32.0008 4928 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:28:32.0008 4928 cmdide - ok
00:28:32.0039 4928 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:28:32.0039 4928 Compbatt - ok
00:28:32.0055 4928 COMSysApp - ok
00:28:32.0055 4928 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:28:32.0055 4928 crcdisk - ok
00:28:32.0133 4928 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
00:28:32.0133 4928 Creative ALchemy AL6 Licensing Service - ok
00:28:32.0179 4928 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
00:28:32.0179 4928 Creative Audio Engine Licensing Service - ok
00:28:32.0195 4928 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:28:32.0195 4928 Crusoe - ok
00:28:32.0257 4928 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:28:32.0257 4928 CryptSvc - ok
00:28:32.0320 4928 [ FF686C4620B646773C8181F1C7C5101C ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
00:28:32.0320 4928 CTAudSvcService - ok
00:28:32.0367 4928 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
00:28:32.0367 4928 CVirtA - ok
00:28:32.0429 4928 [ F432260E59AAE3284ED7E795264C16D0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
00:28:32.0491 4928 CVPND - ok
00:28:32.0523 4928 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
00:28:32.0523 4928 CVPNDRVA - ok
00:28:32.0601 4928 [ 3E26199DB3208FA1CF16CB89929537A9 ] CZCanSrv C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe
00:28:32.0601 4928 CZCanSrv - ok
00:28:32.0679 4928 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:28:32.0725 4928 DcomLaunch - ok
00:28:32.0741 4928 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:28:32.0741 4928 DfsC - ok
00:28:32.0866 4928 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
00:28:32.0944 4928 DFSR - ok
00:28:33.0006 4928 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:28:33.0006 4928 Dhcp - ok
00:28:33.0069 4928 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
00:28:33.0069 4928 disk - ok
00:28:33.0100 4928 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
00:28:33.0100 4928 DKbFltr - ok
00:28:33.0131 4928 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
00:28:33.0131 4928 DNE - ok
00:28:33.0178 4928 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:28:33.0178 4928 Dnscache - ok
00:28:33.0225 4928 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:28:33.0225 4928 dot3svc - ok
00:28:33.0287 4928 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:28:33.0287 4928 DPS - ok
00:28:33.0334 4928 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:28:33.0334 4928 drmkaud - ok
00:28:33.0396 4928 [ 4DA616313CC5924550D52FA1815D6F95 ] dvdfab C:\Windows\system32\drivers\dvdfab.sys
00:28:33.0396 4928 dvdfab - ok
00:28:33.0459 4928 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:28:33.0459 4928 DXGKrnl - ok
00:28:33.0490 4928 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:28:33.0490 4928 E1G60 - ok
00:28:33.0537 4928 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:28:33.0537 4928 EapHost - ok
00:28:33.0599 4928 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:28:33.0599 4928 Ecache - ok
00:28:33.0693 4928 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
00:28:33.0708 4928 eDataSecurity Service - ok
00:28:33.0771 4928 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:28:33.0771 4928 ehRecvr - ok
00:28:33.0817 4928 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
00:28:33.0817 4928 ehSched - ok
00:28:33.0833 4928 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
00:28:33.0833 4928 ehstart - ok
00:28:33.0895 4928 [ A7B5F3B9363F9AB1D4FE459BAF3B15D6 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
00:28:33.0895 4928 eLockService - ok
00:28:33.0942 4928 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:28:33.0942 4928 elxstor - ok
00:28:34.0005 4928 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:28:34.0036 4928 EMDMgmt - ok
00:28:34.0083 4928 [ 207E2DDA01AAC6AD64F0368CA59FC179 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
00:28:34.0083 4928 eNet Service - ok
00:28:34.0145 4928 [ A7B084BFBBD582A843D2F5C35220F962 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
00:28:34.0145 4928 eRecoveryService - ok
00:28:34.0207 4928 [ 06484E97D22F06DE8DE0F8E2BEC6FA9E ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
00:28:34.0207 4928 eSettingsService - ok
00:28:34.0239 4928 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
00:28:34.0254 4928 EventSystem - ok
00:28:34.0332 4928 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
00:28:34.0332 4928 exfat - ok
00:28:34.0348 4928 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:28:34.0348 4928 fastfat - ok
00:28:34.0379 4928 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:28:34.0379 4928 fdc - ok
00:28:34.0426 4928 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:28:34.0426 4928 fdPHost - ok
00:28:34.0457 4928 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:28:34.0457 4928 FDResPub - ok
00:28:34.0488 4928 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:28:34.0488 4928 FileInfo - ok
00:28:34.0535 4928 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:28:34.0535 4928 Filetrace - ok
00:28:34.0722 4928 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
00:28:34.0785 4928 FirebirdServerMAGIXInstance - ok
00:28:34.0816 4928 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:28:34.0816 4928 flpydisk - ok
00:28:34.0863 4928 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:28:34.0863 4928 FltMgr - ok
00:28:34.0941 4928 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
00:28:34.0941 4928 FolderSize - ok
00:28:35.0019 4928 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
00:28:35.0065 4928 FontCache - ok
00:28:35.0143 4928 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:28:35.0143 4928 FontCache3.0.0.0 - ok
00:28:35.0175 4928 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:28:35.0175 4928 Fs_Rec - ok
00:28:35.0206 4928 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:28:35.0206 4928 gagp30kx - ok
00:28:35.0253 4928 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
00:28:35.0253 4928 ggflt - ok
00:28:35.0284 4928 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
00:28:35.0284 4928 ggsemc - ok
00:28:35.0331 4928 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
00:28:35.0362 4928 gpsvc - ok
00:28:35.0424 4928 [ 7676DEC43BB23B2A88BBB6E6963F1D46 ] GrabsterSeries.X86 C:\Windows\system32\DRIVERS\GrabsterSeries.X86.SYS
00:28:35.0424 4928 GrabsterSeries.X86 - ok
00:28:35.0518 4928 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9876aa347e0fb C:\Program Files\Google\Update\GoogleUpdate.exe
00:28:35.0518 4928 gupdate1c9876aa347e0fb - ok
00:28:35.0533 4928 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:28:35.0533 4928 gupdatem - ok
00:28:35.0596 4928 [ A9D587E31DBEE3E9BD97FEFECE0BA874 ] hardlock C:\Windows\system32\drivers\hardlock.sys
00:28:35.0596 4928 hardlock - ok
00:28:35.0611 4928 hasplms - ok
00:28:35.0658 4928 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:28:35.0658 4928 HdAudAddService - ok
00:28:35.0721 4928 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:28:35.0721 4928 HDAudBus - ok
00:28:35.0752 4928 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:28:35.0752 4928 HidBth - ok
00:28:35.0767 4928 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:28:35.0767 4928 HidIr - ok
00:28:35.0799 4928 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
00:28:35.0799 4928 hidserv - ok
00:28:35.0830 4928 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:28:35.0830 4928 HidUsb - ok
00:28:35.0877 4928 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:28:35.0877 4928 hkmsvc - ok
00:28:35.0892 4928 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:28:35.0892 4928 HpCISSs - ok
00:28:35.0939 4928 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:28:35.0939 4928 HSFHWAZL - ok
00:28:36.0001 4928 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:28:36.0001 4928 HSF_DPV - ok
00:28:36.0033 4928 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:28:36.0033 4928 HSXHWAZL - ok
00:28:36.0095 4928 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:28:36.0095 4928 HTTP - ok
00:28:36.0142 4928 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:28:36.0142 4928 i2omp - ok
00:28:36.0220 4928 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:28:36.0220 4928 i8042prt - ok
00:28:36.0298 4928 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
00:28:36.0298 4928 IAANTMON - ok
00:28:36.0360 4928 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
00:28:36.0376 4928 ialm - ok
00:28:36.0407 4928 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:28:36.0407 4928 iaStor - ok
00:28:36.0423 4928 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:28:36.0438 4928 iaStorV - ok
00:28:36.0516 4928 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:28:36.0532 4928 IDriverT - ok
00:28:36.0594 4928 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:28:36.0641 4928 idsvc - ok
00:28:36.0672 4928 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:28:36.0672 4928 iirsp - ok
00:28:36.0719 4928 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
00:28:36.0735 4928 IKEEXT - ok
00:28:36.0797 4928 [ 544F76E71F026099A563C202E2E4A341 ] InCDfs C:\Windows\system32\drivers\InCDFs.sys
00:28:36.0797 4928 InCDfs - ok
00:28:36.0813 4928 [ 13708047B3988AC50E81E524AC32EDBE ] InCDPass C:\Windows\system32\drivers\InCDPass.sys
00:28:36.0813 4928 InCDPass - ok
00:28:36.0828 4928 [ 182EDEE6CFAEAF5174AE6E6D714CF778 ] InCDrec C:\Windows\system32\drivers\InCDrec.sys
00:28:36.0828 4928 InCDrec - ok
00:28:36.0844 4928 [ 367F3D160E7129F057838A341A5339B2 ] incdrm C:\Windows\system32\drivers\InCDRm.sys
00:28:36.0844 4928 incdrm - ok
00:28:36.0922 4928 [ 9911DF610834B7F06374FB59F3C250A9 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
00:28:36.0969 4928 InCDsrv - ok
00:28:36.0984 4928 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Windows\system32\drivers\int15.sys
00:28:37.0000 4928 int15 - ok
00:28:37.0093 4928 [ 9438FE15DA89C6AACE8A79DB2C6F60C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:28:37.0109 4928 IntcAzAudAddService - ok
00:28:37.0156 4928 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
00:28:37.0156 4928 intelide - ok
00:28:37.0187 4928 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:28:37.0187 4928 intelppm - ok
00:28:37.0234 4928 InterBaseGuardian - ok
00:28:37.0234 4928 InterBaseServer - ok
00:28:37.0281 4928 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:28:37.0281 4928 IPBusEnum - ok
00:28:37.0312 4928 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:28:37.0312 4928 IpFilterDriver - ok
00:28:37.0374 4928 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:28:37.0374 4928 iphlpsvc - ok
00:28:37.0374 4928 IpInIp - ok
00:28:37.0421 4928 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:28:37.0421 4928 IPMIDRV - ok
00:28:37.0468 4928 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:28:37.0468 4928 IPNAT - ok
00:28:37.0515 4928 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
00:28:37.0515 4928 irda - ok
00:28:37.0546 4928 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:28:37.0546 4928 IRENUM - ok
00:28:37.0561 4928 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
00:28:37.0577 4928 Irmon - ok
00:28:37.0593 4928 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:28:37.0593 4928 isapnp - ok
00:28:37.0639 4928 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:28:37.0639 4928 iScsiPrt - ok
00:28:37.0655 4928 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:28:37.0655 4928 iteatapi - ok
00:28:37.0671 4928 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:28:37.0671 4928 iteraid - ok
00:28:37.0702 4928 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:28:37.0702 4928 kbdclass - ok
00:28:37.0717 4928 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:28:37.0717 4928 kbdhid - ok
00:28:37.0733 4928 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
00:28:37.0733 4928 KeyIso - ok
00:28:37.0795 4928 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:28:37.0795 4928 KSecDD - ok
00:28:37.0858 4928 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:28:37.0873 4928 KtmRm - ok
00:28:37.0905 4928 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
00:28:37.0920 4928 LanmanServer - ok
00:28:37.0951 4928 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:28:37.0951 4928 LanmanWorkstation - ok
00:28:38.0045 4928 [ 5032826225E3294CF5583441DDB06D8B ] Leica Microsystems Data Container V1 D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe
00:28:38.0045 4928 Leica Microsystems Data Container V1 - ok
00:28:38.0092 4928 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:28:38.0092 4928 LHidFilt - ok
00:28:38.0170 4928 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:28:38.0170 4928 LightScribeService - ok
00:28:38.0217 4928 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:28:38.0217 4928 lltdio - ok
00:28:38.0248 4928 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:28:38.0248 4928 lltdsvc - ok
00:28:38.0279 4928 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:28:38.0295 4928 lmhosts - ok
00:28:38.0295 4928 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:28:38.0295 4928 LMouFilt - ok
00:28:38.0326 4928 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:28:38.0341 4928 LSI_FC - ok
00:28:38.0341 4928 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:28:38.0341 4928 LSI_SAS - ok
00:28:38.0373 4928 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:28:38.0373 4928 LSI_SCSI - ok
00:28:38.0419 4928 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:28:38.0419 4928 luafv - ok
00:28:38.0451 4928 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
00:28:38.0451 4928 LUsbFilt - ok
00:28:38.0497 4928 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:28:38.0497 4928 Mcx2Svc - ok
00:28:38.0529 4928 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:28:38.0529 4928 mdmxsdk - ok
00:28:38.0560 4928 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
00:28:38.0560 4928 megasas - ok
00:28:38.0591 4928 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:28:38.0591 4928 MMCSS - ok
00:28:38.0607 4928 MobilityService - ok
00:28:38.0669 4928 [ C4FEE5E6C41B3C5A7257B33AD624BB10 ] mod7700 C:\Windows\system32\Drivers\mod7700.sys
00:28:38.0669 4928 mod7700 - ok
00:28:38.0731 4928 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:28:38.0731 4928 Modem - ok
00:28:38.0747 4928 [ 370E88453EC0D7BEA6EB24BE8D865DBE ] MODRC C:\Windows\system32\DRIVERS\modrc.sys
00:28:38.0747 4928 MODRC - ok
00:28:38.0794 4928 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:28:38.0794 4928 monitor - ok
00:28:38.0841 4928 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:28:38.0841 4928 mouclass - ok
00:28:38.0856 4928 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:28:38.0856 4928 mouhid - ok
00:28:38.0887 4928 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:28:38.0887 4928 MountMgr - ok
00:28:38.0950 4928 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:28:38.0965 4928 MozillaMaintenance - ok
00:28:38.0997 4928 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
00:28:39.0012 4928 mpio - ok
00:28:39.0043 4928 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:28:39.0043 4928 mpsdrv - ok
00:28:39.0090 4928 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
00:28:39.0106 4928 MpsSvc - ok
00:28:39.0153 4928 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:28:39.0153 4928 Mraid35x - ok
00:28:39.0215 4928 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:28:39.0215 4928 MRxDAV - ok
00:28:39.0246 4928 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:28:39.0246 4928 mrxsmb - ok
00:28:39.0293 4928 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:28:39.0293 4928 mrxsmb10 - ok
00:28:39.0309 4928 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:28:39.0309 4928 mrxsmb20 - ok
00:28:39.0324 4928 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys
00:28:39.0324 4928 msahci - ok
00:28:39.0355 4928 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:28:39.0355 4928 msdsm - ok
00:28:39.0387 4928 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:28:39.0387 4928 MSDTC - ok
00:28:39.0418 4928 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:28:39.0418 4928 Msfs - ok
00:28:39.0449 4928 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:28:39.0449 4928 msisadrv - ok
00:28:39.0480 4928 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:28:39.0480 4928 MSiSCSI - ok
00:28:39.0496 4928 msiserver - ok
00:28:39.0543 4928 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:28:39.0543 4928 MSKSSRV - ok
00:28:39.0543 4928 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:28:39.0543 4928 MSPCLOCK - ok
00:28:39.0558 4928 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:28:39.0558 4928 MSPQM - ok
00:28:39.0589 4928 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:28:39.0589 4928 MsRPC - ok
00:28:39.0621 4928 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:28:39.0621 4928 mssmbios - ok
00:28:39.0683 4928 MSSQL$MSSMLBIZ - ok
00:28:39.0745 4928 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
00:28:39.0761 4928 MSSQLServerADHelper - ok
00:28:39.0792 4928 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:28:39.0792 4928 MSTEE - ok
00:28:39.0870 4928 [ 55478E7136C752F3D6F7DE187383ADE7 ] MTBService_1.8.1.7 C:\Program Files\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe
00:28:39.0870 4928 MTBService_1.8.1.7 - ok
00:28:39.0886 4928 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
00:28:39.0886 4928 Mup - ok
00:28:39.0933 4928 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
00:28:39.0933 4928 napagent - ok
00:28:39.0979 4928 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:28:39.0979 4928 NativeWifiP - ok
00:28:40.0042 4928 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
00:28:40.0089 4928 NBService - ok
00:28:40.0151 4928 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:28:40.0167 4928 NDIS - ok
00:28:40.0213 4928 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:28:40.0213 4928 NdisTapi - ok
00:28:40.0245 4928 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:28:40.0245 4928 Ndisuio - ok
00:28:40.0291 4928 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:28:40.0291 4928 NdisWan - ok
00:28:40.0354 4928 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:28:40.0354 4928 NDProxy - ok
00:28:40.0354 4928 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:28:40.0354 4928 NetBIOS - ok
00:28:40.0401 4928 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:28:40.0401 4928 netbt - ok
00:28:40.0432 4928 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
00:28:40.0432 4928 Netlogon - ok
00:28:40.0479 4928 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:28:40.0494 4928 Netman - ok
00:28:40.0541 4928 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:28:40.0557 4928 netprofm - ok
00:28:40.0603 4928 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:28:40.0603 4928 NetTcpPortSharing - ok
00:28:40.0681 4928 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
00:28:40.0697 4928 NETw3v32 - ok
00:28:40.0791 4928 [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
00:28:40.0806 4928 NETw4v32 - ok
00:28:40.0822 4928 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:28:40.0822 4928 nfrd960 - ok
00:28:40.0869 4928 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:28:40.0869 4928 NlaSvc - ok
00:28:40.0915 4928 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
00:28:40.0915 4928 NMIndexingService - ok
00:28:40.0962 4928 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:28:40.0962 4928 Npfs - ok
00:28:40.0993 4928 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
00:28:40.0993 4928 NSCIRDA - ok
00:28:41.0040 4928 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:28:41.0040 4928 nsi - ok
00:28:41.0071 4928 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:28:41.0071 4928 nsiproxy - ok
00:28:41.0149 4928 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:28:41.0149 4928 Ntfs - ok
00:28:41.0181 4928 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
00:28:41.0181 4928 NTIDrvr - ok
00:28:41.0181 4928 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:28:41.0181 4928 ntrigdigi - ok
00:28:41.0212 4928 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:28:41.0212 4928 Null - ok
00:28:41.0227 4928 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:28:41.0227 4928 nvraid - ok
00:28:41.0243 4928 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:28:41.0243 4928 nvstor - ok
00:28:41.0259 4928 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:28:41.0259 4928 nv_agp - ok
00:28:41.0259 4928 NwlnkFlt - ok
00:28:41.0274 4928 NwlnkFwd - ok
00:28:41.0368 4928 [ B36BAFB2C54953771680EA25B03419F0 ] O&O DriveLED C:\Program Files\OO Software\DriveLED\oodlag.exe
00:28:41.0383 4928 O&O DriveLED - ok
00:28:41.0430 4928 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:28:41.0430 4928 ohci1394 - ok
00:28:41.0446 4928 [ 911B1F6512D954EDF468D536790465CF ] OODrvled C:\Windows\system32\DRIVERS\OODrvled.sys
00:28:41.0446 4928 OODrvled - ok
00:28:41.0524 4928 [ C076C1B24728D2183622A15F66E86C2F ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
00:28:41.0524 4928 OpenVPNService - ok
00:28:41.0555 4928 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:28:41.0555 4928 ose - ok
00:28:41.0617 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:28:41.0633 4928 p2pimsvc - ok
00:28:41.0649 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
00:28:41.0649 4928 p2psvc - ok
00:28:41.0680 4928 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:28:41.0680 4928 Parport - ok
00:28:41.0711 4928 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:28:41.0711 4928 partmgr - ok
00:28:41.0742 4928 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:28:41.0742 4928 Parvdm - ok
00:28:41.0789 4928 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:28:41.0789 4928 PcaSvc - ok
00:28:41.0836 4928 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
00:28:41.0836 4928 pci - ok
00:28:41.0851 4928 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
00:28:41.0851 4928 pciide - ok
00:28:41.0867 4928 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:28:41.0867 4928 pcmcia - ok
00:28:41.0929 4928 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
00:28:41.0929 4928 pcouffin - ok
00:28:41.0961 4928 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:28:41.0992 4928 PEAUTH - ok
00:28:42.0085 4928 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:28:42.0117 4928 pla - ok
00:28:42.0179 4928 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:28:42.0179 4928 PlugPlay - ok
00:28:42.0226 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:28:42.0226 4928 PNRPAutoReg - ok
00:28:42.0257 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:28:42.0257 4928 PNRPsvc - ok
00:28:42.0288 4928 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:28:42.0288 4928 PolicyAgent - ok
00:28:42.0335 4928 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:28:42.0335 4928 PptpMiniport - ok
00:28:42.0351 4928 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
00:28:42.0351 4928 Processor - ok
00:28:42.0366 4928 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
00:28:42.0366 4928 ProfSvc - ok
00:28:42.0382 4928 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:28:42.0397 4928 ProtectedStorage - ok
00:28:42.0429 4928 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:28:42.0429 4928 PSched - ok
00:28:42.0460 4928 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
00:28:42.0460 4928 PSDFilter - ok
00:28:42.0475 4928 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys
00:28:42.0475 4928 PSDNServ - ok
00:28:42.0507 4928 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys
00:28:42.0507 4928 psdvdisk - ok
00:28:42.0553 4928 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
00:28:42.0569 4928 PSI - ok
00:28:42.0631 4928 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:28:42.0631 4928 ql2300 - ok
00:28:42.0647 4928 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:28:42.0647 4928 ql40xx - ok
00:28:42.0694 4928 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:28:42.0694 4928 QWAVE - ok
00:28:42.0741 4928 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:28:42.0741 4928 QWAVEdrv - ok
00:28:42.0772 4928 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:28:42.0772 4928 RasAcd - ok
00:28:42.0819 4928 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:28:42.0819 4928 RasAuto - ok
00:28:42.0865 4928 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:28:42.0865 4928 Rasl2tp - ok
00:28:42.0912 4928 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
00:28:42.0912 4928 RasMan - ok
00:28:42.0943 4928 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:28:42.0943 4928 RasPppoe - ok
00:28:42.0975 4928 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:28:42.0975 4928 RasSstp - ok
00:28:43.0021 4928 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:28:43.0021 4928 rdbss - ok
00:28:43.0037 4928 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:28:43.0037 4928 RDPCDD - ok
00:28:43.0068 4928 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:28:43.0068 4928 rdpdr - ok
00:28:43.0084 4928 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:28:43.0084 4928 RDPENCDD - ok
00:28:43.0131 4928 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:28:43.0131 4928 RDPWD - ok
00:28:43.0177 4928 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:28:43.0177 4928 RemoteAccess - ok
00:28:43.0224 4928 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:28:43.0224 4928 RemoteRegistry - ok
00:28:43.0255 4928 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:28:43.0255 4928 RFCOMM - ok
00:28:43.0333 4928 [ 2DE0A33A7E58BEDC8D70B1940E0FFE28 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
00:28:43.0333 4928 RichVideo - ok
00:28:43.0365 4928 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:28:43.0365 4928 RpcLocator - ok
00:28:43.0427 4928 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
00:28:43.0427 4928 RpcSs - ok
00:28:43.0474 4928 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:28:43.0474 4928 rspndr - ok
00:28:43.0489 4928 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
00:28:43.0505 4928 RTL8169 - ok
00:28:43.0505 4928 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
00:28:43.0505 4928 SamSs - ok
00:28:43.0521 4928 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:28:43.0521 4928 sbp2port - ok
00:28:43.0614 4928 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:28:43.0661 4928 SBSDWSCService - ok
00:28:43.0723 4928 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:28:43.0723 4928 SCardSvr - ok
00:28:43.0786 4928 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
00:28:43.0786 4928 Schedule - ok
00:28:43.0833 4928 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:28:43.0833 4928 SCPolicySvc - ok
00:28:43.0864 4928 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:28:43.0879 4928 sdbus - ok
00:28:43.0911 4928 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:28:43.0911 4928 SDRSVC - ok
00:28:43.0942 4928 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:28:43.0942 4928 secdrv - ok
00:28:43.0989 4928 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:28:43.0989 4928 seclogon - ok
00:28:44.0082 4928 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
00:28:44.0113 4928 Secunia PSI Agent - ok
00:28:44.0176 4928 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
00:28:44.0191 4928 Secunia Update Agent - ok
00:28:44.0254 4928 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
00:28:44.0254 4928 seehcri - ok
00:28:44.0285 4928 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
00:28:44.0301 4928 SENS - ok
00:28:44.0301 4928 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:28:44.0301 4928 Serenum - ok
00:28:44.0332 4928 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
00:28:44.0332 4928 Serial - ok
00:28:44.0347 4928 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:28:44.0347 4928 sermouse - ok
00:28:44.0394 4928 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:28:44.0394 4928 SessionEnv - ok
00:28:44.0425 4928 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:28:44.0425 4928 sffdisk - ok
00:28:44.0441 4928 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:28:44.0457 4928 sffp_mmc - ok
00:28:44.0503 4928 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:28:44.0503 4928 sffp_sd - ok
00:28:44.0519 4928 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:28:44.0519 4928 sfloppy - ok
00:28:44.0535 4928 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:28:44.0550 4928 SharedAccess - ok
00:28:44.0597 4928 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:28:44.0597 4928 ShellHWDetection - ok
00:28:44.0613 4928 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:28:44.0613 4928 sisagp - ok
00:28:44.0628 4928 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:28:44.0628 4928 SiSRaid2 - ok
00:28:44.0644 4928 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:28:44.0644 4928 SiSRaid4 - ok
00:28:44.0706 4928 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
00:28:44.0722 4928 SkypeUpdate - ok
00:28:44.0847 4928 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
00:28:44.0940 4928 slsvc - ok
00:28:45.0003 4928 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:28:45.0003 4928 SLUINotify - ok
00:28:45.0049 4928 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:28:45.0049 4928 Smb - ok
00:28:45.0081 4928 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:28:45.0081 4928 SNMPTRAP - ok
00:28:45.0159 4928 [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
00:28:45.0190 4928 SNP2UVC - ok
00:28:45.0330 4928 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
00:28:45.0330 4928 Sony PC Companion - ok
00:28:45.0361 4928 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:28:45.0361 4928 spldr - ok
00:28:45.0393 4928 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
00:28:45.0408 4928 Spooler - ok
00:28:45.0439 4928 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:28:45.0439 4928 SQLBrowser - ok
00:28:45.0471 4928 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:28:45.0471 4928 SQLWriter - ok
00:28:45.0517 4928 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:28:45.0517 4928 srv - ok
00:28:45.0564 4928 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:28:45.0564 4928 srv2 - ok
00:28:45.0564 4928 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:28:45.0564 4928 srvnet - ok
00:28:45.0611 4928 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:28:45.0611 4928 SSDPSRV - ok
00:28:45.0658 4928 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
00:28:45.0658 4928 ssmdrv - ok
00:28:45.0720 4928 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:28:45.0720 4928 SstpSvc - ok
00:28:45.0783 4928 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
00:28:45.0783 4928 stisvc - ok
00:28:45.0829 4928 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:28:45.0829 4928 swenum - ok
00:28:45.0876 4928 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
00:28:45.0892 4928 swprv - ok
00:28:45.0923 4928 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:28:45.0923 4928 Symc8xx - ok
00:28:45.0939 4928 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:28:45.0939 4928 Sym_hi - ok
00:28:45.0954 4928 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:28:45.0954 4928 Sym_u3 - ok
00:28:45.0985 4928 [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:28:45.0985 4928 SynTP - ok
00:28:46.0048 4928 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
00:28:46.0048 4928 SysMain - ok
00:28:46.0079 4928 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:28:46.0095 4928 TabletInputService - ok
00:28:46.0126 4928 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\Windows\system32\DRIVERS\tap0801.sys
00:28:46.0126 4928 tap0801 - ok
00:28:46.0173 4928 [ 1E89DE7A4FB7A854EBB241D0AA8996DD ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
00:28:46.0173 4928 tap0901 - ok
00:28:46.0219 4928 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:28:46.0219 4928 TapiSrv - ok
00:28:46.0251 4928 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:28:46.0266 4928 TBS - ok
00:28:46.0313 4928 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:28:46.0329 4928 Tcpip - ok
00:28:46.0360 4928 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:28:46.0375 4928 Tcpip6 - ok
00:28:46.0407 4928 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:28:46.0407 4928 tcpipreg - ok
00:28:46.0453 4928 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:28:46.0453 4928 TDPIPE - ok
00:28:46.0485 4928 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:28:46.0485 4928 TDTCP - ok
00:28:46.0516 4928 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:28:46.0516 4928 tdx - ok
00:28:46.0563 4928 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:28:46.0563 4928 TermDD - ok
00:28:46.0609 4928 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
00:28:46.0625 4928 TermService - ok
00:28:46.0656 4928 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
00:28:46.0656 4928 Themes - ok
00:28:46.0672 4928 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:28:46.0687 4928 THREADORDER - ok
00:28:46.0719 4928 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
00:28:46.0719 4928 tifm21 - ok
00:28:46.0765 4928 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:28:46.0765 4928 TrkWks - ok
00:28:46.0812 4928 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:28:46.0828 4928 TrustedInstaller - ok
00:28:46.0859 4928 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:28:46.0875 4928 tssecsrv - ok
00:28:46.0937 4928 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:28:46.0937 4928 tunmp - ok
00:28:46.0984 4928 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:28:46.0984 4928 tunnel - ok
00:28:47.0046 4928 [ 5E9619DA2C4B0A1B6DEB3568F3996CC0 ] twtyfilt C:\Windows\system32\drivers\twtyfilt.sys
00:28:47.0046 4928 twtyfilt - ok
00:28:47.0077 4928 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:28:47.0077 4928 uagp35 - ok
00:28:47.0109 4928 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:28:47.0124 4928 udfs - ok
00:28:47.0155 4928 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:28:47.0155 4928 UI0Detect - ok
00:28:47.0187 4928 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:28:47.0187 4928 uliagpkx - ok
00:28:47.0218 4928 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:28:47.0218 4928 uliahci - ok
00:28:47.0233 4928 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:28:47.0233 4928 UlSata - ok
00:28:47.0249 4928 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:28:47.0249 4928 ulsata2 - ok
00:28:47.0296 4928 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:28:47.0296 4928 umbus - ok
00:28:47.0343 4928 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:28:47.0343 4928 upnphost - ok
00:28:47.0358 4928 urvpndrv - ok
00:28:47.0405 4928 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:28:47.0405 4928 usbaudio - ok
00:28:47.0467 4928 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:28:47.0467 4928 usbccgp - ok
00:28:47.0499 4928 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:28:47.0499 4928 usbcir - ok
00:28:47.0545 4928 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:28:47.0545 4928 usbehci - ok
00:28:47.0561 4928 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:28:47.0561 4928 usbhub - ok
00:28:47.0577 4928 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:28:47.0577 4928 usbohci - ok
00:28:47.0670 4928 [ 010506E59F95B02E091D158A523F8B4C ] USBPNPA C:\Windows\system32\drivers\CM108.sys
00:28:47.0686 4928 USBPNPA - ok
00:28:47.0733 4928 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:28:47.0733 4928 usbprint - ok
00:28:47.0764 4928 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:28:47.0764 4928 usbscan - ok
00:28:47.0811 4928 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:28:47.0811 4928 USBSTOR - ok
00:28:47.0842 4928 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:28:47.0842 4928 usbuhci - ok
00:28:47.0889 4928 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:28:47.0889 4928 usbvideo - ok
00:28:47.0951 4928 [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
00:28:47.0951 4928 USB_RNDIS - ok
00:28:47.0982 4928 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
00:28:47.0982 4928 UxSms - ok
00:28:48.0029 4928 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
00:28:48.0029 4928 vds - ok
00:28:48.0060 4928 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:28:48.0060 4928 vga - ok
00:28:48.0091 4928 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
00:28:48.0091 4928 VgaSave - ok
00:28:48.0107 4928 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:28:48.0107 4928 viaagp - ok
00:28:48.0123 4928 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:28:48.0123 4928 ViaC7 - ok
00:28:48.0138 4928 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
00:28:48.0138 4928 viaide - ok
00:28:48.0185 4928 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:28:48.0185 4928 volmgr - ok
00:28:48.0232 4928 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:28:48.0232 4928 volmgrx - ok
00:28:48.0279 4928 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:28:48.0279 4928 volsnap - ok
00:28:48.0310 4928 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:28:48.0310 4928 vsmraid - ok
00:28:48.0357 4928 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
00:28:48.0372 4928 VSS - ok
00:28:48.0419 4928 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
00:28:48.0435 4928 W32Time - ok
00:28:48.0450 4928 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:28:48.0450 4928 WacomPen - ok
00:28:48.0497 4928 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:28:48.0497 4928 Wanarp - ok
00:28:48.0497 4928 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:28:48.0497 4928 Wanarpv6 - ok
00:28:48.0559 4928 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:28:48.0559 4928 wcncsvc - ok
00:28:48.0591 4928 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:28:48.0591 4928 WcsPlugInService - ok
00:28:48.0606 4928 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
00:28:48.0606 4928 Wd - ok
00:28:48.0669 4928 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:28:48.0669 4928 Wdf01000 - ok
00:28:48.0700 4928 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:28:48.0715 4928 WdiServiceHost - ok
00:28:48.0715 4928 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:28:48.0715 4928 WdiSystemHost - ok
00:28:48.0762 4928 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
00:28:48.0778 4928 WebClient - ok
00:28:48.0809 4928 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:28:48.0809 4928 Wecsvc - ok
00:28:48.0856 4928 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:28:48.0856 4928 wercplsupport - ok
00:28:48.0903 4928 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
00:28:48.0903 4928 WerSvc - ok
00:28:48.0965 4928 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:28:48.0981 4928 winachsf - ok
00:28:49.0043 4928 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:28:49.0059 4928 WinDefend - ok
00:28:49.0059 4928 WinHttpAutoProxySvc - ok
00:28:49.0137 4928 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:28:49.0137 4928 Winmgmt - ok
00:28:49.0215 4928 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
00:28:49.0261 4928 WinRM - ok
00:28:49.0293 4928 WisINT15 - ok
00:28:49.0355 4928 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:28:49.0386 4928 Wlansvc - ok
00:28:49.0417 4928 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:28:49.0417 4928 WmiAcpi - ok
00:28:49.0449 4928 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:28:49.0449 4928 wmiApSrv - ok
00:28:49.0542 4928 [ E8781CF1A4262881897444D22921A3A6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
00:28:49.0542 4928 WMIService - ok
00:28:49.0636 4928 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:28:49.0667 4928 WMPNetworkSvc - ok
00:28:49.0714 4928 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:28:49.0714 4928 WPCSvc - ok
00:28:49.0761 4928 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:28:49.0761 4928 WPDBusEnum - ok
00:28:49.0807 4928 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:28:49.0807 4928 WpdUsb - ok
00:28:49.0948 4928 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:28:49.0995 4928 WPFFontCache_v0400 - ok
00:28:50.0041 4928 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:28:50.0041 4928 ws2ifsl - ok
00:28:50.0073 4928 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
00:28:50.0073 4928 wscsvc - ok
00:28:50.0073 4928 WSearch - ok
00:28:50.0104 4928 [ 2584DF81CC9F7E7BD3545691106F8CAE ] WSVD C:\Windows\system32\drivers\WSVD.sys
00:28:50.0119 4928 WSVD - ok
00:28:50.0213 4928 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:28:50.0275 4928 wuauserv - ok
00:28:50.0322 4928 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:28:50.0322 4928 WUDFRd - ok
00:28:50.0369 4928 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:28:50.0369 4928 wudfsvc - ok
00:28:50.0385 4928 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
00:28:50.0385 4928 XAudio - ok
00:28:50.0431 4928 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
00:28:50.0431 4928 XAudioService - ok
00:28:50.0494 4928 [ 8098180B3F6C430A4E60333BC036F936 ] {95808DC4-FA4A-4c74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
00:28:50.0509 4928 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
00:28:50.0509 4928 ================ Scan global ===============================
00:28:50.0541 4928 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:28:50.0587 4928 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:28:50.0603 4928 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:28:50.0665 4928 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:28:50.0681 4928 [Global] - ok
00:28:50.0681 4928 ================ Scan MBR ==================================
00:28:50.0697 4928 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
00:28:53.0115 4928 \Device\Harddisk0\DR0 - ok
00:28:53.0130 4928 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR10
00:28:53.0130 4928 \Device\Harddisk1\DR10 - ok
00:28:53.0130 4928 ================ Scan VBR ==================================
00:28:53.0193 4928 [ 3A469FFE687AEB959AF09E1180256F53 ] \Device\Harddisk0\DR0\Partition1
00:28:53.0193 4928 \Device\Harddisk0\DR0\Partition1 - ok
00:28:53.0208 4928 [ DA96A0720743CC20CE3BA2FC15E53FD5 ] \Device\Harddisk0\DR0\Partition2
00:28:53.0208 4928 \Device\Harddisk0\DR0\Partition2 - ok
00:28:53.0208 4928 [ 07AB1AAD9C73B7F3642A04E6F7CB6EB2 ] \Device\Harddisk1\DR10\Partition1
00:28:53.0208 4928 \Device\Harddisk1\DR10\Partition1 - ok
00:28:53.0208 4928 ============================================================
00:28:53.0208 4928 Scan finished
00:28:53.0208 4928 ============================================================
00:28:53.0224 5764 Detected object count: 0
00:28:53.0224 5764 Actual detected object count: 0

okay, geschafft. Nur aus reinem Interesse, was sieht man den in diesen einzelnen Log-files.

Noch einen schönen Abend bzw. Gute Nacht

Alt 29.11.2012, 08:32   #7
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,



Zitat:
Zitat von Wilms Beitrag anzeigen
okay, geschafft. Nur aus reinem Interesse, was sieht man den in diesen einzelnen Log-files.
Die Logdateien zeigen u. a. bestimmte Bereiche deines Systems an, in denen sich Malware gerne einnistet, um z. B. bei jedem Systemstart direkt und indirekt ausgeführt zu werden.




Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 29.11.2012, 23:56   #8
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Hallo,

so hier die Combofix-Dateien

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-29.02 - .......... 30.11.2012   0:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1128 [GMT 1:00]
ausgeführt von:: c:\users\..........\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dapeton.pad
c:\programdata\gifnocsm.pad
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-29  ))))))))))))))))))))))))))))))
.
.
2012-11-29 22:51 . 2012-11-29 22:51	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{76A9D8F6-5089-446C-8063-00FA5268A1C1}\offreg.dll
2012-11-28 23:07 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{76A9D8F6-5089-446C-8063-00FA5268A1C1}\mpengine.dll
2012-11-27 17:28 . 2012-11-27 17:28	--------	d-----w-	c:\program files\7-Zip
2012-11-23 12:40 . 2012-11-23 12:40	--------	d-----w-	c:\program files\FolderSize
2012-11-23 12:40 . 2012-11-23 13:18	--------	d-----w-	c:\program files\Everything
2012-11-17 13:32 . 2012-11-17 13:32	--------	d-----w-	c:\users\..........\.imagej
2012-11-17 10:46 . 2012-09-25 16:19	75776	----a-w-	c:\windows\system32\synceng.dll
2012-11-17 10:45 . 2012-10-12 14:29	2047488	----a-w-	c:\windows\system32\win32k.sys
2012-11-04 09:32 . 2012-11-20 06:17	96224	----a-w-	c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-04 09:32 . 2012-11-20 06:17	157272	----a-w-	c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-11-04 09:32 . 2012-11-20 06:17	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 16:17 . 2012-10-17 16:12	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-18 16:17 . 2012-10-17 16:12	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-09 17:05 . 2012-04-03 19:54	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:05 . 2011-05-16 20:09	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2011-05-16 21:53	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 17:46	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-20 06:17 . 2011-06-23 22:23	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime St.....dardeinträge werden nicht .....gezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18	1519824	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\.....tiVir Desktop\avgnt.exe" [2012-10-18 348664]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-10-25 162408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57	40368	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-06-20 11:18	1568976	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-10-18 16:17	348664	----a-w-	c:\program files\Avira\.....tiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamAppSTI.exe]
2009-01-04 14:26	28672	----a-w-	c:\program files\AVEO USB2.0 PC Camera\CamAppSTI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 15:33	457216	----a-w-	c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 12:08	49208	----a-w-	c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IA.....otif]
2007-07-12 15:36	178712	----a-w-	c:\program files\Intel\Intel Matrix Storage M.....ager\IA.....otif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel .....d Hardware Abstraction Layer]
2008-02-29 01:12	76304	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L.....guageShortcut]
2007-02-07 15:21	54832	----a-w-	c:\program files\CyberLink\PowerDVD\L.....guage\L.....guage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM.....ager]
2007-06-15 05:45	850704	----a-w-	c:\progra~1\LAUNCH~1\LM.....ager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-10-25 21:10	162408	----a-w-	c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
2007-04-24 10:49	45056	----a-w-	c:\windows\PLFSet.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-08-05 16:01	77824	----a-w-	c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-29 00:29	4472832	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-10-23 19:00	815104	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolP.....el]
2008-05-05 07:30	221300	------w-	c:\program files\Creative\Sound Blaster Play\Volume P.....el\VolP.....lu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 20:48	57344	----a-w-	c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\Sym.....tec.....tiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\Sym.....tecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalService.....dNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "gepl.....te Tasks" Ordners
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 17:26]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20]
.
2012-11-29 c:\windows\Tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job
- c:\windows\system32\msfeedssync.exe [2012-02-05 13:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://spiegel-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland
IE: Bild ..... &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite ..... &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\.....tiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\..........\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\
FF - prefs.js: browser.startup.homepage - tagesschau.de
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-17 18:13; toolbar@ask.com; c:\users\..........\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com
FF - ExtSQL: !HIDDEN! 2009-09-01 17:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssist.....tExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
MSConfigStartUp-Cm108Sound - cm108.cpl
MSConfigStartUp-RemoTerm - c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe
MSConfigStartUp-Sony Ericsson PC Comp.....ion - c:\program files\Sony Ericsson\Sony Ericsson PC Comp.....ion\PCComp.....ion.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit sc..... 2012-11-30 00:48
Windows 6.0.6002 Service Pack 2 NTFS
.
Sc.....ne versteckte Prozesse... 
.
Sc.....ne versteckte Autostarteinträge... 
.
Sc.....ne versteckte Dateien... 
.
Sc..... erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseGuardi.....]
"ImagePath"="c:\program files\Firebird\bin\ibguard -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseServer]
"ImagePath"="c:\program files\Firebird\bin\ibserver -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-30  00:53:58
ComboFix-quar.....tined-files.txt  2012-11-29 23:53
.
Vor Suchlauf: 16 Verzeichnis(se), 21.528.264.704 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 22.480.666.624 Bytes frei
.
- - End Of File - - 85223EA0FBE7E0B918486C6E5FE672B1
         
--- --- ---

Vielleicht sollte ich noch erwähnen, dass, ich momentan häufiger einen Bluescreen bekomme, was aber vermutlich eher mit meinem angeschlossenen Monitor zu tun hat (Windows wurde aufgrundeines Anzeigenfehlers....) als mit einem Trojaner. Glaube ich... hoffe ich.. oder?

Viele Grüße und bis bald

Alt 30.11.2012, 08:55   #9
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,


gibt es noch Probleme, die auf Malware hindeuten?

Die Ursache eines BSOD kann sehr zahlreiche Ursachen haben.


Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 30.11.2012, 22:01   #10
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Hi,

na, er ist extrem langsam und der Bluescreen taucht mittlerweile regelmäßig auf. Ich befürchte fast, wenn das so weiter geht macht der Rechner es nicht mehr lange. Ansonsten fällt mir gerade nichts ein.

hier die neue OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.11.2012 21:26:10 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\......\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,62% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 20,92 Gb Free Space | 30,04% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS
 
Computer Name: MENKOU | User Name: ...... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe
PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe
PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe
PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe
PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7)
SRV - [2012.11.20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1)
SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer)
SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\......\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab)
DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled)
DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt)
DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)
DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/"
FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.26 21:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M]
 
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Extensions
[2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions
[2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}
[2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
[2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com
[2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged
[2012.11.15 21:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions
[2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com
[2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2012.11.15 21:46:43 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.26 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.20 07:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.11.20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.11.30 00:48:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\......\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\......\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.30 00:54:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.30 00:54:00 | 000,000,000 | ---D | C] -- C:\Users\......\AppData\Local\temp
[2012.11.30 00:35:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.30 00:35:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.30 00:35:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.30 00:35:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.30 00:35:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.30 00:33:27 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\......\Desktop\ComboFix.exe
[2012.11.29 00:28:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\......\Desktop\tdsskiller.exe
[2012.11.29 00:01:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\......\Desktop\aswMBR.exe
[2012.11.28 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\TB_Files_121128
[2012.11.28 23:39:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe
[2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.11.23 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\FolderSize
[2012.11.23 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012.11.23 13:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2012.11.17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\......\.imagej
[2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\TB
[2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\PhD_retreat_endgültige Versionen
[2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\PhD-draft
[2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\......\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\......\Desktop\*.tmp files -> C:\Users\......\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.30 21:29:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job
[2012.11.30 21:19:52 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.30 21:19:52 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.30 21:19:52 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.30 21:19:52 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.30 21:14:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.30 21:12:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 21:12:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 21:12:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.11.30 01:32:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.30 01:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.30 00:48:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.30 00:37:20 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\......\Desktop\ComboFix.exe
[2012.11.30 00:35:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.29 23:25:10 | 256,594,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.29 00:31:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\......\Desktop\tdsskiller.exe
[2012.11.29 00:05:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\......\Desktop\aswMBR.exe
[2012.11.29 00:02:20 | 000,050,477 | ---- | M] () -- C:\Users\......\Desktop\Defogger.exe
[2012.11.26 23:19:13 | 000,222,720 | ---- | M] () -- C:\Users\......\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 21:57:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 18:45:18 | 000,420,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe
[2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\......\defogger_reenable
[2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\......\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\......\Desktop\*.tmp files -> C:\Users\......\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.30 00:35:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.30 00:35:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.30 00:35:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.30 00:35:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.30 00:35:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.28 23:58:42 | 000,050,477 | ---- | C] () -- C:\Users\......\Desktop\Defogger.exe
[2012.11.26 21:57:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\......\defogger_reenable
[2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\......\.recently-used.xbel
[2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll
[2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe
[2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini
[2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini
[2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\......\AppData\Local\keyfile3.drm
[2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5
[2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\......\ntuser.pol
[2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\......\PCPanel2.ini
[2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\......\.perlprimer
[2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\......\AppData\Local\d3d9caps.dat
[2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\......\AppData\Roaming\pcouffin.cat
[2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\......\AppData\Roaming\pcouffin.inf
[2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\......\AppData\Roaming\wklnhst.dat
[2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.16 00:49:06 | 000,222,720 | ---- | C] () -- C:\Users\......\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.23 22:11:08 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Amazon
[2012.08.27 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Carl Zeiss
[2012.11.28 23:43:40 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\EndNote
[2010.12.05 14:50:47 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\eXPert PDF Editor
[2011.05.19 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\FILEminimizerPictures
[2008.07.28 04:21:45 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\FrostWire
[2011.01.10 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\GraphPad Software
[2011.12.21 21:59:13 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\gtk-2.0
[2008.03.02 01:00:06 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\ICQ
[2011.05.19 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\IrfanView
[2009.12.07 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\ISI ResearchSoft
[2011.05.21 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Leica Microsystems
[2009.08.10 22:47:54 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Opera
[2012.05.16 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Sony
[2008.05.11 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Thinstall
[2012.01.08 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Thunderbird
[2008.11.30 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Toolbars
[2011.08.05 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Ulead Systems
[2010.12.25 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Hast du denn schon etwas Auffälliges entdecken können? Und besteht potentiell die Gefahr, dass ich durch, z.B. einen USB-Stick, andere Rechner infizieren kann.

Viele Grüße und ein schönes Wochenende

Wilms

Alt 01.12.2012, 09:50   #11
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,



Zitat:
Zitat von Wilms Beitrag anzeigen
Hast du denn schon etwas Auffälliges entdecken können?
ComboFix hat zwei schädlcihe Dateien erkannt und gelöscht.

Wie gesagt, der Bluescreen kann auch von einem fehlerhalten Treiber stammen (nur ein Beispiel).



Zitat:
Zitat von Wilms Beitrag anzeigen
Und besteht potentiell die Gefahr, dass ich durch, z.B. einen USB-Stick, andere Rechner infizieren kann.
Theoretisch ist das natürlich möglich, auch wenn ich keine Infektion dafür auf deinem Rechner sehe.







Schritt 1
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 02.12.2012, 00:27   #12
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Hi,

hier die Logs von MBAM und ESET. SecurityCheck habe ich heute leider nicht mehr geschafft. Ich hole das morgen nach.

Vg

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.01.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
.... :: MENKOU [Administrator]

01.12.2012 16:23:53
mbam-log-2012-12-01 (16-23-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234976
Laufzeit: 12 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e6c8b3870fd8064c99c994811f29b9bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-01 06:48:07
# local_time=2012-12-01 07:48:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 3886306 3886306 0 0
# compatibility_mode=5892 16776573 100 100 144700 191909399 0 0
# compatibility_mode=8192 67108863 100 0 3836 3836 0 0
# scanned=222992
# found=5
# cleaned=0
# scan_time=11016
D:\...\...\.....\... - 110529\IT\Programme\Outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\programm 2010\Foxit PDF\SoftonicDownloader_fuer_foxit-pdf-reader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\programm 2010\godfather\SoftonicDownloader_fuer_the-godfather.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\programm 2010\outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
D:\Programme\programm 2010\Recuva\SoftonicDownloader_fuer_recuva.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Hallo,

so hier die fehlende SecurityCheck Log. Ich musste das Programm 2x laufen lassen, da ich beim ersten Mal vergessen habe zu speichern. Ich hoffe, dass ist kein Problem.

Viele Grüße

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware Version 1.65.1.1000
Java(TM) 6 Update 30
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Scion FG Java Package for ImageJ
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (17.0)
Mozilla Thunderbird (3.1.20) Thunderbird out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Empowering Technology eSettings Service capuserv.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Alt 02.12.2012, 12:16   #13
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,



Lösche die folgenden Dateien per Hand:

D:\...\...\.....\... - 110529\IT\Programme\Outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe
D:\Programme\programm 2010\Foxit PDF\SoftonicDownloader_fuer_foxit-pdf-reader.exe
D:\Programme\programm 2010\godfather\SoftonicDownloader_fuer_the-godfather.exe
D:\Programme\programm 2010\outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe
D:\Programme\programm 2010\Recuva\SoftonicDownloader_fuer_recuva.exe





Du bist auch so ein Kandidat, der die Software fälschlicherweise bei Softonic herunterlädt.
Softonic ist für Adware und unerwünschte Software bekannt, also schlage ich vor, dass du dir in Zukunft Software direkt beim Hersteller herunterladest.
Finger weg von Softonic!






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.






Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Software / Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
  • Bitte besuche diese Seite von Adobe.
  • Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
  • Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
  • Installiere die neuste Version auf deinem Computer.





Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 4
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 5
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 6
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 7
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Schließe die sich öffnende Textdatei.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.





Schritt 8
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.12.2012, 19:27   #14
Wilms
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Hallo,

erst Mal "Vielen Dank" Matthias, das ist echt super nett, wie ihr einem hier helft. Das hat schon was von Feuerwehr rettet alte Dame mit Katze vom brennendem Baum. Hätte garnicht gewusst, an wen ich mich sonst hätte wenden sollen.


"Du bist auch so ein Kandidat, der die Software fälschlicherweise bei Softonic herunterlädt.
Softonic ist für Adware und unerwünschte Software bekannt, also schlage ich vor, dass du dir in Zukunft Software direkt beim Hersteller herunterladest.
Finger weg von Softonic!"

jaaa... ich kann mir schon vorstellen, dass jemand, der sich mit Computern gut auskennt, schon mal die Haare zu berge stehen, wenn man sieht, was unsereiner so macht aber ganz ehrlich, bei den vielen Minen, die hier auf Gelegenheits-User warten, kann man nicht alles auf dem Schirm haben. Ich bin ja schon froh, dass mein Fahrad nicht gepfändet und meine Arbeits-Kollegen nicht mit wüsten Mails belästigt wurden.

"You learn it the hard way... "hier" in the internet" ... und manche Gaunerstücke sind ja auch echt gut gemacht.... um so wichtiger, dass es Foren wie das TB gibt.

So, ich hätte noch eine Frage. Ich denke ich werde mir die Vollversion von Malewarebytes zulegen. Ist denn bei der Software auch ein Browserschutz dabei oder ist das garnicht nötig? Und ist die Vollversion dann auch für 2 Rechner gültig?

So genug.

Matthias, nimms mir nicht übel, wenn ich hoffe, dass ich mich nicht mehr sobald bei dir melden muss.

Machet jut.

Wilms

Alt 04.12.2012, 15:19   #15
M-K-D-B
/// TB-Ausbilder
 
Zugriff auf web.de-Postfach verweigert - Botnetz - Standard

Zugriff auf web.de-Postfach verweigert - Botnetz



Servus,



Zitat:
Zitat von Wilms Beitrag anzeigen
So, ich hätte noch eine Frage. Ich denke ich werde mir die Vollversion von Malewarebytes zulegen. Ist denn bei der Software auch ein Browserschutz dabei oder ist das garnicht nötig? Und ist die Vollversion dann auch für 2 Rechner gültig?
Die Pro Version überwacht alle Prozesse, somit auch den Browser.


Für wie viele Rechner die Pro Version gültig ist, kann ich nicht 100% ig sagen, ich vermute aber nur für einen.





Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu Zugriff auf web.de-Postfach verweigert - Botnetz
application/pdf:, avira, avira searchfree toolbar, bot, checkliste, daten, folge, gelöscht, gesperrt, guten, hohe, internet, kostenlose, kunde, laden, malwarebytes, microsoft office 2003, missbraucht, nodrives, picasa, quarantäne, safer networking, scan, scanner, schützen, secunia psi, sonntag, trojaner, unterbinden, verdacht, verschickt, virenscan, virenscanner, wirklich, zugriff



Ähnliche Themen: Zugriff auf web.de-Postfach verweigert - Botnetz


  1. Gdata Fund : Zugriff verweigert
    Log-Analyse und Auswertung - 10.01.2015 (19)
  2. Fehler 5: Zugriff verweigert
    Log-Analyse und Auswertung - 16.08.2014 (1)
  3. GMX warnt: Hacker haben Zugriff auf Ihr GMX Postfach
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (17)
  4. Nvcpl.dll zugriff verweigert
    Log-Analyse und Auswertung - 04.07.2012 (7)
  5. NOD32 URL, Zugriff verweigert
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (17)
  6. Zugriff auf Antivirenseiten etc. verweigert....
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (5)
  7. Gdata Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 13.12.2008 (3)
  8. Zugriff verweigert - als Admin unter C:\
    Log-Analyse und Auswertung - 16.06.2008 (4)
  9. Windows verweigert Zugriff
    Alles rund um Windows - 08.11.2007 (4)
  10. Laufwerk C:\ : zugriff verweigert!
    Alles rund um Windows - 27.08.2007 (3)
  11. Zugriff verweigert
    Alles rund um Windows - 12.08.2007 (6)
  12. PCI Brückengerät Zugriff verweigert
    Netzwerk und Hardware - 21.04.2007 (1)
  13. Zugriff auf zlclient.exe verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 10.08.2006 (1)
  14. Zugriff verweigert -- Problem
    Plagegeister aller Art und deren Bekämpfung - 15.12.2005 (3)
  15. Zugriff verweigert
    Antiviren-, Firewall- und andere Schutzprogramme - 27.12.2004 (1)
  16. Virus - Zugriff verweigert! Was nun?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2003 (8)

Zum Thema Zugriff auf web.de-Postfach verweigert - Botnetz - Guten Abend, ich habe folgendes Problem. Als ich vor kurzem auf mein Postfach zugegriffen habe ist mir aufgefallen, dass ich ganze viele E-Mails verschickt haben soll (was ich nicht habe) - Zugriff auf web.de-Postfach verweigert - Botnetz...
Archiv
Du betrachtest: Zugriff auf web.de-Postfach verweigert - Botnetz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.