Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Evtl. Virus oder Trojaner eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.01.2013, 15:35   #1
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



Vierenscanner findet nicht aber könnt ihr euch mal das Logfile anschauen? Danke

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:10:22, on 21.01.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINXP\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Dokan\DokanLibrary\mounter.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
C:\WINXP\system32\svchost.exe
D:\VLCC\VNC4\WinVNC4.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINXP\Explorer.EXE
C:\WINXP\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINXP\system32\MSTMON_N.EXE
C:\WINXP\system32\rundll32.exe
D:\PDF\vspdfprsrv.exe
D:\Real Player\RealPlay.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
D:\PDF\PDF24\pdf24.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe
D:\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\FRITZ!DSL\StCenter.EXE
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINXP\system32\wbem\wmiapsrv.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programme\avira\antivir desktop\ipmGui.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Google\Update\GoogleUpdate.exe
D:\Festplatten Test\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbit Downloader\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Quik time\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "D:\Clone CD\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINXP\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USB Webmail Notifier] D:\USBWEB~1\USB Webmail Notifier.exe
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [IR_SERVER] C:\Programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PDFPrint] D:\PDF\PDF24\pdf24.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: DokanMounter - Unknown owner - C:\Programme\Dokan\DokanLibrary\mounter.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\VLCC\VNC4\WinVNC4.exe

--
End of file - 12223 bytes

Alt 21.01.2013, 16:04   #2
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi
bitte das nächste mal Anleitungen lesen, hjt logs wollen wir nicht sehen, hjt wird nicht mehr weiterentwickelt.
wo genau liegt das Problem?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 21.01.2013, 16:51   #3
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



Tschulding hab ich nicht gesehen! Meine web.de account wurde gehackt! Jetzt weis ich noch ob was am PC war oder nur mein extrem einfaches Passwort!


Hier die logs!OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.01.2013 17:34:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 82,05% Memory free
5,34 Gb Paging File | 4,73 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 137,98 Gb Free Space | 70,65% Space Free | Partition Type: NTFS
Drive D: | 400,85 Gb Total Space | 32,81 Gb Free Space | 8,18% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 1,85 Gb Free Space | 49,50% Space Free | Partition Type: FAT32
 
Computer Name: MEDIABOX | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.21 17:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.05.22 07:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- D:\PDF\PDF24\pdf24.exe
PRC - [2012.01.18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.31 15:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.03.31 13:43:48 | 000,156,672 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.03.31 13:32:14 | 000,134,144 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011.03.21 12:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.09.04 09:15:42 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- D:\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Programme\Dokan\DokanLibrary\mounter.exe
PRC - [2008.12.06 22:28:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2008.12.06 22:21:20 | 002,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- D:\VLCC\VNC4\winvnc4.exe
PRC - [2008.07.16 16:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe
PRC - [2007.11.26 13:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007.11.26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007.11.26 13:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCD.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- D:\PDF\vspdfprsrv.exe
PRC - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2005.11.15 02:07:28 | 000,917,504 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe
PRC - [2005.11.15 02:07:28 | 000,679,936 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2004.11.25 13:11:36 | 000,151,552 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINXP\system32\MSTMON_N.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.06 11:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.01.28 18:14:07 | 000,997,888 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
MOD - [2011.01.28 17:48:37 | 000,212,992 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
MOD - [2011.01.28 17:48:15 | 011,791,360 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2011.01.28 17:48:04 | 000,771,584 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2011.01.28 17:46:56 | 000,025,600 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2011.01.28 17:46:55 | 012,428,800 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2011.01.28 17:46:45 | 001,587,200 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2011.01.28 17:46:20 | 000,676,352 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
MOD - [2011.01.28 17:46:16 | 005,449,728 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2011.01.28 17:46:11 | 000,970,752 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2011.01.28 17:46:08 | 007,867,392 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2011.01.28 17:45:57 | 011,485,184 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2011.01.28 17:41:52 | 000,315,392 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.01.28 17:41:46 | 000,434,176 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2011.01.28 17:41:45 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.08.04 14:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.08.03 20:24:04 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Programme\Dokan\DokanLibrary\mounter.exe
MOD - [2008.12.05 20:32:44 | 007,331,840 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll
MOD - [2008.12.05 20:32:44 | 002,023,424 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll
MOD - [2008.12.05 20:32:34 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2007.05.22 09:59:22 | 000,128,512 | ---- | M] () -- D:\WinRAR\WinRAR\RarExt.dll
MOD - [2006.10.26 21:30:12 | 000,131,072 | ---- | M] () -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\EnumDevLib.dll
MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- D:\PDF\vspdfprsrv.exe
MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- D:\PDF\vspdfdialogs100.bpl
MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- D:\PDF\expertpdf4core.bpl
MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- D:\PDF\vspdfcore100.bpl
MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- D:\PDF\vsvector100.bpl
MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- D:\PDF\vspdfeditor100.bpl
MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- D:\PDF\TMSlite100.bpl
MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- D:\PDF\te100.bpl
MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- D:\PDF\VirtualTree100.bpl
MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- D:\PDF\uoolep100.bpl
MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- D:\PDF\VSDesktop100.bpl
MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- D:\PDF\visage100.bpl
MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- D:\PDF\vsmisc100.bpl
MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- D:\PDF\PKIECtrl100.bpl
MOD - [2005.07.20 03:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\acAuth.dll
MOD - [2005.06.02 12:40:42 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\vsmon1.dll
MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- D:\PDF\sqlite.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.19 13:20:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.19 16:49:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Programme\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2008.12.06 22:28:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- D:\VLCC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007.11.26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.27 17:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.11.21 09:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ajc09bxj)
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.04.02 01:31:43 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.07.25 16:30:56 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2011.07.25 16:30:54 | 000,189,184 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2011.06.09 22:05:11 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.09.03 19:15:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.08.04 03:20:12 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.07.28 17:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.07.02 15:44:44 | 000,006,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINXP\system32\drivers\EMSLink_i386.sys -- (EMSLink)
DRV - [2010.05.17 13:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.09.09 07:32:51 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Temp\iMSPCLOj.sys -- (iMSPCLOj)
DRV - [2009.07.13 14:46:38 | 000,037,280 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.07.01 10:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009.07.01 10:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009.06.28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.11 03:19:48 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.04.09 13:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.13 18:29:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009.01.07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008.12.31 11:34:30 | 000,060,928 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\dokan.sys -- (Dokan)
DRV - [2008.12.07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008.06.25 23:26:36 | 000,335,104 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008.04.13 21:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.11.26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007.11.26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007.11.26 13:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINXP\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007.11.26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINXP\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007.06.17 11:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007.02.17 23:15:34 | 000,232,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINXP\system32\drivers\VMM.sys -- (vmm)
DRV - [2007.01.29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006.12.26 13:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\afc.sys -- (Afc)
DRV - [2005.12.23 13:15:32 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700obex.sys -- (W700obex)
DRV - [2005.12.23 13:14:26 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mgmt.sys -- (W700mgmt)
DRV - [2005.12.23 13:13:16 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mdm.sys -- (W700mdm)
DRV - [2005.12.23 13:13:12 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mdfl.sys -- (W700mdfl)
DRV - [2005.12.23 13:12:06 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700bus.sys -- (W700bus)
DRV - [2005.08.03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\npf.sys -- (NPF)
DRV - [2004.09.01 14:01:54 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\U2S2KXP.sys -- (U2SP)
DRV - [2003.07.18 18:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINXP\system32\MLPTDR_N.SYS -- (MLPTDR_N)
DRV - [2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (Aspi32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 90 5F D7 59 37 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: D:\Real Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: D:\Real Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: D:\Real Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\amazon downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.03 19:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.13 21:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.19 13:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.19 13:19:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.28 14:13:11 | 000,000,000 | ---D | M]
 
[2010.09.03 16:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Extensions
[2013.01.11 17:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions
[2012.12.02 08:56:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.01.11 17:28:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.22 16:52:32 | 000,341,143 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.17 10:34:29 | 000,036,139 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.12.19 15:26:01 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\11-suche.xml
[2011.12.19 15:26:01 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 15:26:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\gmx-suche.xml
[2011.12.19 15:26:01 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\lastminute.xml
[2010.11.19 18:47:50 | 000,001,115 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\rapidshare-filefinder.xml
[2011.12.19 15:26:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\webde-suche.xml
[2013.01.19 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.19 13:19:55 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013.01.19 13:20:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.09 19:25:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.06 09:46:10 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\mozilla firefox\plugins\npEModelPlugin.dll
[2010.10.15 10:15:10 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.11.05 10:33:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.05 10:33:27 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.11.05 10:33:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.05 10:33:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.05 10:33:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.05 10:33:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 12:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbit Downloader\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CloneCDTray] D:\Clone CD\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IR_SERVER] C:\Programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINXP\system32\MSTMON_N.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] D:\PDF\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [QuickTime Task] D:\Quik time\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB Webmail Notifier] D:\USBWEB~1\USB Webmail Notifier.exe File not found
O4 - HKLM..\Run: [vspdfprsrv.exe] D:\PDF\vspdfprsrv.exe ()
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [PC Suite Tray] D:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Skype] "C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: &Download by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in My Computer)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E37DD4E-6CF2-47B5-90A9-1BFB37D5CDC5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.03 19:38:15 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 13:45:46 | 000,000,135 | ---- | M] () - C:\AUTOEXEC.002 -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 16:15:23 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.003 -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 16:21:14 | 000,000,167 | ---- | M] () - C:\AUTOEXEC.004 -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 16:32:37 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.005 -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 16:32:37 | 000,000,158 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.13 16:32:38 | 000,000,158 | ---- | M] () - C:\autoexec.epc -- [ NTFS ]
O33 - MountPoints2\{586b4f6d-cbba-11df-a3c5-002354a34f31}\Shell\AutoRun\command - "" = L:\Glucofacts.bat
O33 - MountPoints2\{586b4f6d-cbba-11df-a3c5-002354a34f31}\Shell\open\command - "" = L:\Glucofacts.bat
O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell - "" = AutoRun
O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell\AutoRun\command - "" = C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent
O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell - "" = AutoRun
O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell - "" = AutoRun
O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell\AutoRun\command - "" = K:\DPFMate.exe
O33 - MountPoints2\{c6e33932-2efc-11e0-a576-002354a34f31}\Shell\AutoRun\command - "" = K:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINXP\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 17:33:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe
[2013.01.20 09:32:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Avira
[2013.01.20 09:27:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2013.01.20 09:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla
[2013.01.20 09:27:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.01.20 09:27:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\ssmdrv.sys
[2013.01.20 09:27:06 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avipbb.sys
[2013.01.20 09:27:06 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avgntflt.sys
[2013.01.20 09:27:06 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avkmgr.sys
[2013.01.20 09:27:02 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.01.20 09:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.19 13:19:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.19 13:15:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.01.19 13:15:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.01.19 13:15:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.01.19 13:15:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.19 13:11:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2013.01.19 13:10:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Abelssoft
[2013.01.19 13:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CheckDrive
[2013.01.19 13:10:50 | 000,000,000 | ---D | C] -- C:\Programme\CheckDrive
[2013.01.18 17:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Eigene Dateien\Amazon MP3
[2010.09.03 20:27:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.sys
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 17:30:00 | 000,001,086 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 17:29:00 | 000,001,082 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.21 17:29:00 | 000,000,268 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
[2013.01.21 17:28:52 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2013.01.21 17:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe
[2013.01.21 15:04:26 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2013.01.20 12:56:03 | 000,000,069 | ---- | M] () -- C:\WINXP\NeroDigital.ini
[2013.01.20 10:10:02 | 000,000,276 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
[2013.01.20 09:27:18 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.19 13:15:38 | 000,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.19 13:10:53 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Desktop\CheckDrive.lnk
[2013.01.17 15:20:59 | 000,793,538 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Desktop\W201-Optiktuner.rar
[2013.01.13 13:57:10 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\AVSDVDPlayer.m3u
[2013.01.13 13:52:43 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.04 11:02:31 | 000,000,083 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2013.01.03 11:52:24 | 000,017,127 | ---- | M] () -- C:\WINXP\MSTMON_N.INI
[2012.12.24 10:07:05 | 000,002,471 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NOXON DAB MediaPlayer.lnk
[1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.20 09:27:18 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.19 13:15:38 | 000,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2013.01.19 13:10:53 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Desktop\CheckDrive.lnk
[2013.01.17 15:20:58 | 000,793,538 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Desktop\W201-Optiktuner.rar
[2012.09.22 16:08:17 | 000,438,272 | ---- | C] () -- C:\WINXP\System32\PaintX.dll
[2012.09.22 15:37:43 | 000,074,240 | ---- | C] () -- C:\WINXP\cadkasdeinst01.exe
[2012.08.18 13:42:09 | 000,001,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\.recently-used.xbel
[2012.02.12 20:29:22 | 000,025,916 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat
[2012.01.31 20:32:11 | 000,000,046 | ---- | C] () -- C:\WINXP\ClonyDrives.ini
[2012.01.31 20:17:25 | 000,043,520 | ---- | C] () -- C:\WINXP\System32\CmdLineExt03.dll
[2011.10.25 18:03:56 | 000,006,656 | ---- | C] () -- C:\WINXP\System32\drivers\EMSLink_i386.sys
[2011.09.10 15:02:15 | 000,000,038 | ---- | C] () -- C:\WINXP\popcinfot.dat
[2011.09.06 19:22:01 | 000,127,085 | ---- | C] () -- C:\WINXP\System32\RTKFMSOURCE.dll
[2011.09.06 18:01:08 | 000,363,520 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll
[2011.07.19 17:11:51 | 000,000,083 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011.06.06 20:22:35 | 000,000,105 | ---- | C] () -- C:\WINXP\asciiart.ini
[2011.04.24 03:30:20 | 000,340,005 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1682526488-1801674531-1003-0.dat
[2011.04.24 03:30:17 | 000,134,626 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.19 16:49:31 | 000,000,000 | ---- | C] () -- C:\WINXP\eDrawingOfficeAutomator.INI
[2011.03.16 15:22:52 | 000,035,802 | ---- | C] () -- C:\WINXP\p69-a6b-21159.dll
[2011.03.15 19:58:33 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2011.03.15 19:58:33 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5A1597EEC2.sys
[2011.03.14 15:33:06 | 000,035,802 | ---- | C] () -- C:\WINXP\p69-a6b-Do21159.dll
[2011.03.13 16:32:40 | 000,001,556 | ---- | C] () -- C:\WINXP\wininit.ini
[2011.02.26 17:51:54 | 000,000,754 | ---- | C] () -- C:\WINXP\WORDPAD.INI
[2010.09.04 17:20:30 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.04 08:48:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\AVSDVDPlayer.m3u
[2010.09.03 20:27:27 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\inst.exe
[2010.09.03 20:27:27 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.cat
[2010.09.03 20:27:27 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.inf
[2010.09.03 16:52:09 | 000,576,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2010.09.03 16:48:36 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINXP\system32\wbem\fastprox.dll -- [2009.08.03 22:13:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.19 13:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.09.03 19:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.11.25 16:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF
[2010.11.25 18:03:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4
[2010.11.25 16:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs
[2010.09.03 19:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.09.03 18:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011.06.28 14:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaAccount
[2011.06.28 14:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.09.03 19:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.04.09 10:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2011.07.19 17:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2011.12.31 13:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Squeezebox
[2011.12.04 10:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2011.12.07 22:39:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Unreal Streaming Technologies
[2011.11.17 19:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2012.02.10 17:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.04 17:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Amazon
[2012.02.13 20:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Audacity
[2010.09.08 23:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Avimpgwmv
[2010.11.16 20:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DAEMON Tools Lite
[2011.08.13 21:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DDMSettings
[2012.07.20 14:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Digiarty
[2010.10.27 19:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Dr. DivX 2.0 OSS
[2010.09.05 01:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDFab
[2012.09.20 17:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoft
[2012.09.20 17:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.03.19 16:53:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\EDrawings
[2011.02.26 17:40:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\eXPert PDF Editor
[2011.03.16 15:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\FreeCAD
[2013.01.20 13:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\FRITZ!
[2012.09.01 09:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\GARMIN
[2010.11.20 11:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\GrabPro
[2012.08.18 13:42:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\gtk-2.0
[2011.10.23 10:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\ImgBurn
[2010.09.03 19:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Nokia
[2011.08.08 16:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Opera
[2011.08.08 19:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Orbit
[2011.06.28 13:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\PC Suite
[2010.11.20 10:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\ProgSense
[2012.01.22 20:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Sierra
[2012.02.18 01:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Software4u
[2012.10.16 17:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TeamViewer
[2011.12.04 10:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TerraTec
[2011.01.28 16:03:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TightVNC
[2011.11.17 19:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Vodafone
[2010.09.03 20:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Vso
[2010.09.03 15:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\WinBatch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.09.03 17:12:11 | 000,000,000 | ---D | M] -- C:\ATI
[2011.03.13 16:35:03 | 000,000,000 | ---D | M] -- C:\BHROOT
[2011.03.13 16:36:57 | 000,000,000 | ---D | M] -- C:\BHUNINST
[2012.10.06 08:29:40 | 000,000,000 | ---D | M] -- C:\Bilderramen
[2011.07.19 17:20:24 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2013.01.19 13:16:05 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.04.08 10:03:10 | 000,000,000 | ---D | M] -- C:\divx
[2010.09.04 10:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2010.09.03 15:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.11.20 11:13:36 | 000,000,000 | ---D | M] -- C:\downloads
[2012.09.17 18:21:28 | 000,000,000 | ---D | M] -- C:\Elektor
[2012.02.16 15:30:09 | 000,000,000 | ---D | M] -- C:\Navi App alt Iphone
[2011.01.28 19:26:13 | 000,000,000 | ---D | M] -- C:\net
[2010.09.03 16:44:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.09.06 19:22:01 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.01.21 15:04:16 | 000,000,000 | R--D | M] -- C:\Programme
[2010.09.03 16:57:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.03.24 20:49:36 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.01.31 20:59:22 | 000,000,000 | ---D | M] -- C:\Spiele
[2013.01.20 12:24:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.05.08 17:56:40 | 000,000,000 | ---D | M] -- C:\TheNeedForSpeed
[2011.12.31 13:43:38 | 000,000,000 | ---D | M] -- C:\updates
[2011.11.25 16:36:18 | 000,000,000 | ---D | M] -- C:\Virtuell DISK
[2010.09.04 18:00:26 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB
[2013.01.21 17:29:21 | 000,000,000 | ---D | M] -- C:\WINXP
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2010.09.03 15:21:46 | 000,000,065 | RH-- | C] () -- C:\WINXP\Tasks\desktop.ini
[2010.09.03 15:26:22 | 000,000,006 | -H-- | C] () -- C:\WINXP\Tasks\SA.DAT
[2010.09.04 09:20:35 | 000,000,276 | ---- | C] () -- C:\WINXP\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
[2010.09.04 09:20:36 | 000,000,268 | ---- | C] () -- C:\WINXP\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
[2010.09.26 18:28:13 | 000,001,082 | ---- | C] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job
[2010.09.26 18:28:14 | 000,001,086 | ---- | C] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 17:47:42 | 000,000,276 | ---- | C] () -- C:\WINXP\Tasks\AppleSoftwareUpdate.job
[2012.04.09 09:46:14 | 000,000,258 | ---- | C] () -- C:\WINXP\Tasks\debutShakeIcon.job
 
< MD5 for: AGP440.SYS  >
[2010.04.13 21:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2010.04.13 21:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\dllcache\eventlog.dll
[2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\explorer.exe
[2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.09.03 13:11:07 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINXP\NLDRV\001\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\dllcache\netlogon.dll
[2008.04.14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.06.03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.11\IDE\Win2K\NvAtaBus.sys
[2004.06.03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.11\IDE\WinXP\NvAtaBus.sys
 
< MD5 for: NVGTS.SYS  >
[2009.06.30 16:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.45\International\IDE\WinXP\sataraid\nvgts.sys
[2009.06.30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.45\International\IDE\WinXP\sata_ide\nvgts.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 12:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\dllcache\scecli.dll
[2008.04.14 12:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 12:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\dllcache\user32.dll
[2008.04.14 12:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 12:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\dllcache\userinit.exe
[2008.04.14 12:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 12:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\dllcache\winlogon.exe
[2008.04.14 12:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\dllcache\ws2ifsl.sys
[2008.04.14 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.09.03 19:15:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINXP\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2002.01.02 18:56:38 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav
[2002.01.02 18:56:38 | 001,093,632 | ---- | M] () -- C:\WINXP\System32\config\software.sav
[2002.01.02 18:56:38 | 000,462,848 | ---- | M] () -- C:\WINXP\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.08.18 13:42:09 | 000,001,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\.recently-used.xbel
[2013.01.21 15:25:00 | 014,155,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andy\NTUSER.DAT
[2013.01.21 17:38:53 | 000,225,280 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andy\ntuser.dat.LOG
[2013.01.21 15:24:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andy\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---




OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.01.2013 17:34:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 82,05% Memory free
5,34 Gb Paging File | 4,73 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 137,98 Gb Free Space | 70,65% Space Free | Partition Type: NTFS
Drive D: | 400,85 Gb Total Space | 32,81 Gb Free Space | 8,18% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 1,85 Gb Free Space | 49,50% Space Free | Partition Type: FAT32
 
Computer Name: MEDIABOX | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Programme\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Orbit Downloader\Orbitdownloader\orbitdm.exe" = D:\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Orbit Downloader\Orbitdownloader\orbitnet.exe" = D:\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"D:\VLCC\TightVNC\Data\WinVNC.exe" = D:\VLCC\TightVNC\Data\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"D:\VLCC\TightVNC\tvnserver.exe" = D:\VLCC\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server
"D:\VLCC\TightVNC\vncviewer.exe" = D:\VLCC\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer
"D:\VLCC\VNC4\winvnc4.exe" = D:\VLCC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Real Player\realplay.exe" = D:\Real Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\TVersity\Media Server\MediaServer.exe" = C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Programme\YouWave_Android\vb\VBoxSDL.exe" = C:\Programme\YouWave_Android\vb\VBoxSDL.exe:*:Disabled:VBoxSDL
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"D:\explorer iphone\iDevice Manager\Software4u.IDeviceManager.exe" = D:\explorer iphone\iDevice Manager\Software4u.IDeviceManager.exe:*:Enabled:iDevice Manager
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E3DDC8-E020-5903-31AE-D6B593FE8323}" = Catalyst Control Center InstallProxy
"{0C6EC504-2794-4992-BE14-2F57378C1183}" = FreeCAD 0.7
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1D5F5901-537A-4EF4-BE9F-59F232E327BD}" = Map & Travel Navigator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{267A1D4B-FDB6-4914-AD41-FC8F3AB118B9}" = NOXON DAB Player
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BCF80C8-C84F-43C6-A721-8AF93D64EA3D}" = CAS Interface Studio 8.7.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A87B2D8-C631-4BBB-8A77-AE43D211B714}" = SolidWorks eDrawings 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5754AB15-F61B-4B9B-91AA-E286F55CFA8B}" = PDF-XChange Viewer
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6969899D-0D56-45D5-9C41-7489F2153F8C}" = USB to Serial Port Adapter(PA088) V3.0.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{841170F5-59D8-D804-D837-4629E2C692A8}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8A96B905-B786-43DC-8C8C-5E52A5966E48}" = DokanLibrary
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.7.12231.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7547D1A-40F9-4251-8D41-818FACDEAF0C}" = Leisure Suit Larry 7
"{A84873A6-D05A-48BE-BA80-19D82B742228}" = CAS Studio
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187B Wireless LAN Driver and Utility
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6C1FA8E-2658-41C3-99E9-1EB92C087A95}_is1" = DReaM 1.12b / Hamlib-1.2.10
"{C9246F7F-0BA3-45C7-8B49-A69F0273FA69}" = NOXON DAB MediaPlayer
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software  1.17.90.1
"{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AnyDVD" = AnyDVD
"ASCII Art - Machine_is1" = ASCII Art - Machine 1.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVI Screen Saver" = AVI Screen Saver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Debut" = Debut Video Capture Software
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"DivX Setup" = DivX-Setup
"DIVXCodec" = DivX Codec 3.1alpha release
"DRM Software Radio" = DRM Software Radio
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"EPC Compact" = EPC Compact
"Euro Kfz Kennzeichen" = Euro Kfz Kennzeichen
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"FLVPlayer" = FLV Player 1.3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FRITZ!DSL" = AVM FRITZ!DSL
"HyperCam 3" = HyperCam 3
"ImgBurn" = ImgBurn
"InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"IZ8BLY MT63 Terminal" = IZ8BLY MT63 Terminal
"JDownloader" = JDownloader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KONICA MINOLTA PagePro 1300W" = KONICA MINOLTA PagePro 1300W
"Logitech Media Server_is1" = Logitech Media Server 7.7.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NOXON DAB Stick" = NOXON DAB Stick V86.001.0504.2011
"NVIDIA Drivers" = NVIDIA Drivers
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Opera 12.00.1467" = Opera 12.00
"Orbit_is1" = Orbit Downloader
"Radio Decoder" = Radio Decoder
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Recuva" = Recuva
"ST5UNST #1" = Kfz-Kennzeichen free
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 7" = TeamViewer 7
"tento.XT_is1" = tento.XT v1.1
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"Video Screensaver" = Video Screensaver 1.0
"VLC media player" = VLC media player 1.1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.2.0
"WinX Free DVD to AVI Ripper_is1" = WinX Free DVD to AVI Ripper 4.3.17
"WinX Free FLV to MPEG Converter_is1" = WinX Free FLV to MPEG Converter 4.1.6
"WMCSetup" = Windows Media Connect
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flash Video Downloader 2.2" = Flash Video Downloader 2.2
"FLV Downloader" = FLV Downloader
"Glucofacts Deluxe Updater 2.0" = Glucofacts Deluxe Updater 2.0
"Video Downloader" = Video Downloader
"WinImage" = WinImage
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.01.2013 09:13:41 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 19.01.2013 18:19:55 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 19.01.2013 19:10:37 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 19.01.2013 21:56:06 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.01.2013 04:08:54 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.01.2013 04:24:59 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.01.2013 04:37:46 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.01.2013 04:53:53 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.01.2013 10:04:33 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 21.01.2013 12:29:02 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 20.01.2013 04:26:27 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 20.01.2013 04:26:27 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 20.01.2013 04:39:10 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 20.01.2013 04:39:10 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 20.01.2013 04:55:17 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 20.01.2013 04:55:17 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 21.01.2013 10:05:53 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 21.01.2013 10:05:53 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
Error - 21.01.2013 12:30:25 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1058
 
Error - 21.01.2013 12:30:25 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
 Kein Mitglied dieser Gruppe wurde jedoch gestartet.
 
 
< End of report >
         
--- --- ---
__________________

Alt 21.01.2013, 18:21   #4
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



bekomm ich noch ne antwort, warum du denkst malware auf dem PC zu haben, mit Problem beschreibung arbeitets sich schon noch besser :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 18:43   #5
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



Weil mein Mail Account gehackt wurde! Jetzt weis ich nicht ob es am Rechner lag oder an mein extrem leichten Passwort!


Alt 21.01.2013, 20:24   #6
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi
na leichte Passwörter sind nie gut, und dann noch im "idialfalle" das selbe für alle Dienste?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Evtl. Virus oder Trojaner eingefangen

Alt 22.01.2013, 14:01   #7
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



So hier die logs!



14:45:14.0265 5960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:45:16.0265 5960 ============================================================
14:45:16.0265 5960 Current date / time: 2013/01/22 14:45:16.0265
14:45:16.0265 5960 SystemInfo:
14:45:16.0265 5960
14:45:16.0265 5960 OS Version: 5.1.2600 ServicePack: 3.0
14:45:16.0265 5960 Product type: Workstation
14:45:16.0265 5960 ComputerName: MEDIABOX
14:45:16.0265 5960 UserName: Andy
14:45:16.0265 5960 Windows directory: C:\WINXP
14:45:16.0265 5960 System windows directory: C:\WINXP
14:45:16.0265 5960 Processor architecture: Intel x86
14:45:16.0265 5960 Number of processors: 4
14:45:16.0265 5960 Page size: 0x1000
14:45:16.0265 5960 Boot type: Normal boot
14:45:16.0265 5960 ============================================================
14:45:19.0015 5960 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:45:19.0062 5960 Drive \Device\Harddisk5\DR11 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:45:19.0062 5960 ============================================================
14:45:19.0062 5960 \Device\Harddisk0\DR0:
14:45:19.0062 5960 MBR partitions:
14:45:19.0062 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
14:45:19.0062 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x321B4A29
14:45:19.0062 5960 \Device\Harddisk5\DR11:
14:45:19.0062 5960 MBR partitions:
14:45:19.0062 5960 \Device\Harddisk5\DR11\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x777FE0
14:45:19.0062 5960 ============================================================
14:45:19.0109 5960 C: <-> \Device\Harddisk0\DR0\Partition1
14:45:19.0156 5960 D: <-> \Device\Harddisk0\DR0\Partition2
14:45:19.0203 5960 ============================================================
14:45:19.0203 5960 Initialize success
14:45:19.0203 5960 ============================================================
14:46:03.0625 0192 ============================================================
14:46:03.0625 0192 Scan started
14:46:03.0625 0192 Mode: Manual; SigCheck; TDLFS;
14:46:03.0625 0192 ============================================================
14:46:04.0296 0192 ================ Scan system memory ========================
14:46:04.0296 0192 System memory - ok
14:46:04.0296 0192 ================ Scan services =============================
14:46:04.0406 0192 Abiosdsk - ok
14:46:04.0406 0192 abp480n5 - ok
14:46:04.0562 0192 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
14:46:04.0734 0192 ACDaemon - ok
14:46:04.0765 0192 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINXP\system32\DRIVERS\ACPI.sys
14:46:05.0609 0192 ACPI - ok
14:46:05.0625 0192 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINXP\system32\drivers\ACPIEC.sys
14:46:05.0734 0192 ACPIEC - ok
14:46:05.0734 0192 adpu160m - ok
14:46:05.0765 0192 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys
14:46:05.0906 0192 aec - ok
14:46:05.0937 0192 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINXP\system32\DRIVERS\AegisP.sys
14:46:05.0937 0192 AegisP ( UnsignedFile.Multi.Generic ) - warning
14:46:05.0937 0192 AegisP - detected UnsignedFile.Multi.Generic (1)
14:46:05.0968 0192 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINXP\system32\drivers\Afc.sys
14:46:05.0984 0192 Afc - ok
14:46:06.0000 0192 [ 4D43E74F2A1239D53929B82600F1971C ] AFD C:\WINXP\System32\drivers\afd.sys
14:46:06.0031 0192 AFD - ok
14:46:06.0031 0192 Aha154x - ok
14:46:06.0031 0192 aic78u2 - ok
14:46:06.0046 0192 aic78xx - ok
14:46:06.0062 0192 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINXP\system32\alrsvc.dll
14:46:06.0140 0192 Alerter - ok
14:46:06.0156 0192 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINXP\System32\alg.exe
14:46:06.0203 0192 ALG - ok
14:46:06.0203 0192 AliIde - ok
14:46:06.0203 0192 amsint - ok
14:46:06.0234 0192 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\WINXP\system32\Drivers\androidusb.sys
14:46:06.0250 0192 androidusb ( UnsignedFile.Multi.Generic ) - warning
14:46:06.0250 0192 androidusb - detected UnsignedFile.Multi.Generic (1)
14:46:06.0421 0192 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
14:46:06.0453 0192 AntiVirSchedulerService - ok
14:46:06.0468 0192 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:46:06.0484 0192 AntiVirService - ok
14:46:06.0515 0192 [ 133B7B6D6A3EC9E46FBE742EE1516C37 ] AnyDVD C:\WINXP\system32\Drivers\AnyDVD.sys
14:46:06.0531 0192 AnyDVD - ok
14:46:06.0593 0192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:46:06.0609 0192 Apple Mobile Device - ok
14:46:06.0625 0192 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINXP\System32\appmgmts.dll
14:46:06.0703 0192 AppMgmt - ok
14:46:06.0718 0192 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys
14:46:06.0812 0192 Arp1394 - ok
14:46:06.0812 0192 asc - ok
14:46:06.0828 0192 asc3350p - ok
14:46:06.0828 0192 asc3550 - ok
14:46:06.0859 0192 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINXP\system32\drivers\aspi32.sys
14:46:06.0890 0192 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
14:46:06.0890 0192 Aspi32 - detected UnsignedFile.Multi.Generic (1)
14:46:06.0953 0192 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:46:06.0984 0192 aspnet_state - ok
14:46:06.0984 0192 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys
14:46:07.0078 0192 AsyncMac - ok
14:46:07.0109 0192 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\DRIVERS\atapi.sys
14:46:07.0203 0192 atapi - ok
14:46:07.0203 0192 Atdisk - ok
14:46:07.0234 0192 [ 4753831A772AF0DD89111B544E1BBDD9 ] Ati HotKey Poller C:\WINXP\system32\Ati2evxx.exe
14:46:07.0312 0192 Ati HotKey Poller - ok
14:46:07.0406 0192 [ E7426973D081B6607056D1DD91BD9B01 ] ati2mtag C:\WINXP\system32\DRIVERS\ati2mtag.sys
14:46:07.0578 0192 ati2mtag - ok
14:46:07.0609 0192 [ 7E13F3F0F4C4C337A6949A18D1D23089 ] AtiHdmiService C:\WINXP\system32\drivers\AtiHdmi.sys
14:46:07.0625 0192 AtiHdmiService - ok
14:46:07.0640 0192 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys
14:46:07.0734 0192 Atmarpc - ok
14:46:07.0750 0192 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINXP\System32\audiosrv.dll
14:46:07.0843 0192 AudioSrv - ok
14:46:07.0859 0192 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys
14:46:07.0937 0192 audstub - ok
14:46:07.0968 0192 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINXP\system32\DRIVERS\avgntflt.sys
14:46:07.0984 0192 avgntflt - ok
14:46:08.0000 0192 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINXP\system32\DRIVERS\avipbb.sys
14:46:08.0015 0192 avipbb - ok
14:46:08.0031 0192 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINXP\system32\DRIVERS\avkmgr.sys
14:46:08.0046 0192 avkmgr - ok
14:46:08.0109 0192 [ 8DFA2EC772F97ED02B384DB88641B367 ] AVM IGD CTRL Service C:\Programme\FRITZ!DSL\IGDCTRL.EXE
14:46:08.0125 0192 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning
14:46:08.0125 0192 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1)
14:46:08.0156 0192 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys
14:46:08.0265 0192 Beep - ok
14:46:08.0375 0192 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINXP\system32\qmgr.dll
14:46:08.0515 0192 BITS - ok
14:46:08.0593 0192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
14:46:08.0625 0192 Bonjour Service - ok
14:46:08.0656 0192 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINXP\System32\browser.dll
14:46:08.0750 0192 Browser - ok
14:46:08.0750 0192 BT - ok
14:46:08.0765 0192 btaudio - ok
14:46:08.0781 0192 Btcsrusb - ok
14:46:08.0781 0192 BTDriver - ok
14:46:08.0828 0192 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINXP\system32\DRIVERS\BthEnum.sys
14:46:08.0937 0192 BthEnum - ok
14:46:08.0968 0192 [ CE441CCD98C5ECB10CB12FCAF97322EC ] BtHidBus C:\WINXP\system32\Drivers\BtHidBus.sys
14:46:08.0984 0192 BtHidBus - ok
14:46:09.0000 0192 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINXP\system32\DRIVERS\bthmodem.sys
14:46:09.0109 0192 BTHMODEM - ok
14:46:09.0125 0192 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINXP\system32\DRIVERS\bthpan.sys
14:46:09.0218 0192 BthPan - ok
14:46:09.0250 0192 [ F55BFD05892C321FB7470D334D6B44E1 ] BTHPORT C:\WINXP\system32\Drivers\BTHport.sys
14:46:09.0296 0192 BTHPORT - ok
14:46:09.0328 0192 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINXP\System32\bthserv.dll
14:46:09.0421 0192 BthServ - ok
14:46:09.0437 0192 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINXP\system32\Drivers\BTHUSB.sys
14:46:09.0515 0192 BTHUSB - ok
14:46:09.0546 0192 [ D3C277A51EF9E2EC972D6221F99C0B6D ] btnetBUs C:\WINXP\system32\Drivers\btnetBus.sys
14:46:09.0562 0192 btnetBUs - ok
14:46:09.0562 0192 BTWDNDIS - ok
14:46:09.0562 0192 btwhid - ok
14:46:09.0593 0192 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys
14:46:09.0687 0192 cbidf2k - ok
14:46:09.0703 0192 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINXP\system32\DRIVERS\CCDECODE.sys
14:46:09.0796 0192 CCDECODE - ok
14:46:09.0796 0192 cd20xrnt - ok
14:46:09.0812 0192 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys
14:46:09.0921 0192 Cdaudio - ok
14:46:09.0937 0192 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys
14:46:10.0031 0192 Cdfs - ok
14:46:10.0031 0192 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys
14:46:10.0125 0192 Cdrom - ok
14:46:10.0140 0192 Changer - ok
14:46:10.0156 0192 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINXP\system32\cisvc.exe
14:46:10.0250 0192 CiSvc - ok
14:46:10.0265 0192 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINXP\system32\clipsrv.exe
14:46:10.0359 0192 ClipSrv - ok
14:46:10.0375 0192 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:10.0406 0192 clr_optimization_v2.0.50727_32 - ok
14:46:10.0453 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:10.0468 0192 clr_optimization_v4.0.30319_32 - ok
14:46:10.0468 0192 CmdIde - ok
14:46:10.0484 0192 COMSysApp - ok
14:46:10.0484 0192 Cpqarray - ok
14:46:10.0500 0192 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINXP\System32\cryptsvc.dll
14:46:10.0593 0192 CryptSvc - ok
14:46:10.0593 0192 dac2w2k - ok
14:46:10.0609 0192 dac960nt - ok
14:46:10.0640 0192 [ D3D765E8455A961AE567B408F767D4F9 ] DcomLaunch C:\WINXP\system32\rpcss.dll
14:46:10.0703 0192 DcomLaunch - ok
14:46:10.0734 0192 [ 1523251B9D8A5D84DE0CD23418847824 ] de_serv C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
14:46:10.0765 0192 de_serv ( UnsignedFile.Multi.Generic ) - warning
14:46:10.0765 0192 de_serv - detected UnsignedFile.Multi.Generic (1)
14:46:10.0796 0192 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll
14:46:10.0890 0192 Dhcp - ok
14:46:10.0890 0192 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys
14:46:10.0984 0192 Disk - ok
14:46:10.0984 0192 dmadmin - ok
14:46:11.0015 0192 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINXP\system32\drivers\dmboot.sys
14:46:11.0140 0192 dmboot - ok
14:46:11.0140 0192 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINXP\system32\drivers\dmio.sys
14:46:11.0234 0192 dmio - ok
14:46:11.0265 0192 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys
14:46:11.0343 0192 dmload - ok
14:46:11.0343 0192 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINXP\System32\dmserver.dll
14:46:11.0437 0192 dmserver - ok
14:46:11.0453 0192 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys
14:46:11.0562 0192 DMusic - ok
14:46:11.0578 0192 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINXP\System32\dnsrslvr.dll
14:46:11.0671 0192 Dnscache - ok
14:46:11.0687 0192 [ 280401196287679B53D5E797C2027062 ] Dokan C:\WINXP\system32\drivers\dokan.sys
14:46:11.0703 0192 Dokan ( UnsignedFile.Multi.Generic ) - warning
14:46:11.0703 0192 Dokan - detected UnsignedFile.Multi.Generic (1)
14:46:11.0718 0192 [ FDBB00E16D0FA193E513F68918AF0F0E ] DokanMounter C:\Programme\Dokan\DokanLibrary\mounter.exe
14:46:11.0734 0192 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
14:46:11.0734 0192 DokanMounter - detected UnsignedFile.Multi.Generic (1)
14:46:11.0765 0192 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINXP\System32\dot3svc.dll
14:46:11.0859 0192 Dot3svc - ok
14:46:11.0859 0192 dpti2o - ok
14:46:11.0859 0192 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys
14:46:11.0953 0192 drmkaud - ok
14:46:11.0968 0192 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINXP\System32\eapsvc.dll
14:46:12.0062 0192 EapHost - ok
14:46:12.0109 0192 [ 075D91E4DE09A6F1EDE77C341803D454 ] ElbyCDFL C:\WINXP\system32\Drivers\ElbyCDFL.sys
14:46:12.0109 0192 ElbyCDFL - ok
14:46:12.0140 0192 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINXP\system32\Drivers\ElbyCDIO.sys
14:46:12.0156 0192 ElbyCDIO - ok
14:46:12.0187 0192 [ DFE6E822E7748C12A27CDF801A6FDC9E ] EMSLink C:\WINXP\system32\Drivers\EMSLink_i386.sys
14:46:12.0203 0192 EMSLink ( UnsignedFile.Multi.Generic ) - warning
14:46:12.0203 0192 EMSLink - detected UnsignedFile.Multi.Generic (1)
14:46:12.0234 0192 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINXP\System32\ersvc.dll
14:46:12.0312 0192 ERSvc - ok
14:46:12.0343 0192 [ F0A7D59AF279326528715B206669B86C ] Eventlog C:\WINXP\system32\services.exe
14:46:12.0375 0192 Eventlog - ok
14:46:12.0375 0192 [ ADA7241C16F3F42C7F210539FAD5F3AA ] EventSystem C:\WINXP\system32\es.dll
14:46:12.0437 0192 EventSystem - ok
14:46:12.0453 0192 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys
14:46:12.0531 0192 Fastfat - ok
14:46:12.0546 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll
14:46:12.0640 0192 FastUserSwitchingCompatibility - ok
14:46:12.0656 0192 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\drivers\Fdc.sys
14:46:12.0750 0192 Fdc - ok
14:46:12.0750 0192 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINXP\system32\drivers\Fips.sys
14:46:12.0843 0192 Fips - ok
14:46:12.0843 0192 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\drivers\Flpydisk.sys
14:46:12.0921 0192 Flpydisk - ok
14:46:12.0968 0192 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\DRIVERS\fltMgr.sys
14:46:13.0062 0192 FltMgr - ok
14:46:13.0140 0192 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:46:13.0156 0192 FontCache3.0.0.0 - ok
14:46:13.0171 0192 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys
14:46:13.0265 0192 Fs_Rec - ok
14:46:13.0281 0192 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys
14:46:13.0375 0192 Ftdisk - ok
14:46:13.0406 0192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
14:46:13.0421 0192 GEARAspiWDM - ok
14:46:13.0453 0192 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys
14:46:13.0562 0192 Gpc - ok
14:46:13.0609 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
14:46:13.0609 0192 gupdate - ok
14:46:13.0625 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
14:46:13.0625 0192 gupdatem - ok
14:46:13.0656 0192 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys
14:46:13.0750 0192 HDAudBus - ok
14:46:13.0796 0192 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:46:13.0890 0192 helpsvc - ok
14:46:13.0921 0192 [ A5AECF10BE62459533A06ED7EBF5770B ] HidBth C:\WINXP\system32\DRIVERS\hidbth.sys
14:46:14.0031 0192 HidBth - ok
14:46:14.0046 0192 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINXP\System32\hidserv.dll
14:46:14.0140 0192 HidServ - ok
14:46:14.0171 0192 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINXP\system32\DRIVERS\hidusb.sys
14:46:14.0250 0192 HidUsb - ok
14:46:14.0281 0192 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINXP\System32\kmsvc.dll
14:46:14.0375 0192 hkmsvc - ok
14:46:14.0375 0192 hpn - ok
14:46:14.0406 0192 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys
14:46:14.0453 0192 HTTP - ok
14:46:14.0484 0192 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINXP\System32\w3ssl.dll
14:46:14.0562 0192 HTTPFilter - ok
14:46:14.0578 0192 i2omgmt - ok
14:46:14.0578 0192 i2omp - ok
14:46:14.0578 0192 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys
14:46:14.0671 0192 i8042prt - ok
14:46:14.0718 0192 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:46:14.0796 0192 idsvc - ok
14:46:14.0796 0192 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys
14:46:14.0890 0192 Imapi - ok
14:46:14.0921 0192 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINXP\system32\imapi.exe
14:46:15.0000 0192 ImapiService - ok
14:46:15.0343 0192 [ 03BFF1DE5B708E92A1926BA4A33595D0 ] iMSPCLOj C:\DOKUME~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys
14:46:16.0125 0192 iMSPCLOj ( UnsignedFile.Multi.Generic ) - warning
14:46:16.0125 0192 iMSPCLOj - detected UnsignedFile.Multi.Generic (1)
14:46:16.0265 0192 [ B02A8A25192EE1C5E653628637AB6AAA ] InCDfs C:\WINXP\system32\drivers\InCDFs.sys
14:46:16.0281 0192 InCDfs - ok
14:46:16.0281 0192 [ B49BD5B663E1AF9BF3233B782B70D865 ] InCDPass C:\WINXP\system32\drivers\InCDPass.sys
14:46:16.0296 0192 InCDPass - ok
14:46:16.0312 0192 [ 8FD364EDBD97983575CEE3E8909E62B4 ] InCDrec C:\WINXP\system32\drivers\InCDrec.sys
14:46:16.0312 0192 InCDrec - ok
14:46:16.0312 0192 [ FC04E827133D54AB79CA254708F76CD0 ] incdrm C:\WINXP\system32\drivers\InCDRm.sys
14:46:16.0328 0192 incdrm - ok
14:46:16.0468 0192 [ 067020BB8ABF1F6B80361051B2806C90 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
14:46:16.0546 0192 InCDsrv - ok
14:46:16.0546 0192 ini910u - ok
14:46:16.0687 0192 [ A109FE3CA1EE4E92292B349DE1B32F7B ] IntcAzAudAddService C:\WINXP\system32\drivers\RtkHDAud.sys
14:46:16.0890 0192 IntcAzAudAddService - ok
14:46:16.0890 0192 IntelIde - ok
14:46:16.0921 0192 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\DRIVERS\Ip6Fw.sys
14:46:17.0031 0192 Ip6Fw - ok
14:46:17.0062 0192 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys
14:46:17.0156 0192 IpFilterDriver - ok
14:46:17.0156 0192 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys
14:46:17.0250 0192 IpInIp - ok
14:46:17.0250 0192 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys
14:46:17.0343 0192 IpNat - ok
14:46:17.0421 0192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe
14:46:17.0437 0192 iPod Service - ok
14:46:17.0437 0192 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys
14:46:17.0531 0192 IPSec - ok
14:46:17.0562 0192 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys
14:46:17.0609 0192 IRENUM - ok
14:46:17.0640 0192 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINXP\system32\DRIVERS\isapnp.sys
14:46:17.0750 0192 isapnp - ok
14:46:17.0765 0192 [ 71E1FC547CC488D5CD7BF0860C96F5AF ] IvtBtBUs C:\WINXP\system32\Drivers\IvtBtBus.sys
14:46:17.0781 0192 IvtBtBUs - ok
14:46:17.0828 0192 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
14:46:17.0843 0192 JavaQuickStarterService - ok
14:46:17.0859 0192 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys
14:46:17.0953 0192 Kbdclass - ok
14:46:17.0953 0192 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINXP\system32\DRIVERS\kbdhid.sys
14:46:18.0046 0192 kbdhid - ok
14:46:18.0078 0192 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys
14:46:18.0171 0192 kmixer - ok
14:46:18.0187 0192 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys
14:46:18.0234 0192 KSecDD - ok
14:46:18.0265 0192 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] LanmanServer C:\WINXP\System32\srvsvc.dll
14:46:18.0375 0192 LanmanServer - ok
14:46:18.0406 0192 [ C9B816901C1ABF28BA6C5B6CB65EB75B ] lanmanworkstation C:\WINXP\System32\wkssvc.dll
14:46:18.0437 0192 lanmanworkstation - ok
14:46:18.0437 0192 lbrtfdc - ok
14:46:18.0484 0192 [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0 C:\WINXP\system32\DRIVERS\libusb0.sys
14:46:18.0484 0192 libusb0 ( UnsignedFile.Multi.Generic ) - warning
14:46:18.0484 0192 libusb0 - detected UnsignedFile.Multi.Generic (1)
14:46:18.0531 0192 [ FAAB52B7766409D702B99FE5553DC34F ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
14:46:18.0531 0192 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:46:18.0531 0192 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:46:18.0546 0192 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINXP\System32\lmhsvc.dll
14:46:18.0640 0192 LmHosts - ok
14:46:18.0671 0192 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\WINXP\system32\DRIVERS\massfilter.sys
14:46:18.0703 0192 massfilter - ok
14:46:18.0718 0192 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINXP\System32\msgsvc.dll
14:46:18.0828 0192 Messenger - ok
14:46:18.0843 0192 [ 856E7D0EDEA8C1B11949E69936533CA6 ] MLPTDR_N C:\WINXP\system32\MLPTDR_N.sys
14:46:18.0890 0192 MLPTDR_N - ok
14:46:18.0921 0192 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys
14:46:19.0000 0192 mnmdd - ok
14:46:19.0031 0192 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINXP\system32\mnmsrvc.exe
14:46:19.0125 0192 mnmsrvc - ok
14:46:19.0140 0192 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINXP\system32\drivers\Modem.sys
14:46:19.0218 0192 Modem - ok
14:46:19.0234 0192 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys
14:46:19.0328 0192 Mouclass - ok
14:46:19.0359 0192 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys
14:46:19.0437 0192 mouhid - ok
14:46:19.0453 0192 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys
14:46:19.0531 0192 MountMgr - ok
14:46:19.0578 0192 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:46:19.0609 0192 MozillaMaintenance - ok
14:46:19.0625 0192 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINXP\system32\DRIVERS\MPE.sys
14:46:19.0703 0192 MPE - ok
14:46:19.0703 0192 mraid35x - ok
14:46:19.0718 0192 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys
14:46:19.0812 0192 MRxDAV - ok
14:46:19.0828 0192 [ D09B9F0B9960DD41E73127B7814C115F ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys
14:46:19.0906 0192 MRxSmb - ok
14:46:19.0953 0192 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINXP\system32\msdtc.exe
14:46:20.0031 0192 MSDTC - ok
14:46:20.0046 0192 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys
14:46:20.0125 0192 Msfs - ok
14:46:20.0125 0192 MSIServer - ok
14:46:20.0156 0192 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys
14:46:20.0234 0192 MSKSSRV - ok
14:46:20.0234 0192 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys
14:46:20.0312 0192 MSPCLOCK - ok
14:46:20.0328 0192 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys
14:46:20.0421 0192 MSPQM - ok
14:46:20.0437 0192 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys
14:46:20.0515 0192 mssmbios - ok
14:46:20.0531 0192 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINXP\system32\drivers\MSTEE.sys
14:46:20.0625 0192 MSTEE - ok
14:46:20.0625 0192 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINXP\system32\drivers\Mup.sys
14:46:20.0718 0192 Mup - ok
14:46:20.0734 0192 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINXP\system32\DRIVERS\NABTSFEC.sys
14:46:20.0828 0192 NABTSFEC - ok
14:46:20.0859 0192 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINXP\System32\qagentrt.dll
14:46:20.0953 0192 napagent - ok
14:46:21.0015 0192 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
14:46:21.0062 0192 NBService - ok
14:46:21.0093 0192 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys
14:46:21.0187 0192 NDIS - ok
14:46:21.0203 0192 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINXP\system32\DRIVERS\NdisIP.sys
14:46:21.0281 0192 NdisIP - ok
14:46:21.0296 0192 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys
14:46:21.0375 0192 NdisTapi - ok
14:46:21.0390 0192 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys
14:46:21.0484 0192 Ndisuio - ok
14:46:21.0484 0192 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys
14:46:21.0578 0192 NdisWan - ok
14:46:21.0578 0192 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys
14:46:21.0656 0192 NDProxy - ok
14:46:21.0656 0192 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys
14:46:21.0734 0192 NetBIOS - ok
14:46:21.0765 0192 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys
14:46:21.0875 0192 NetBT - ok
14:46:21.0890 0192 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINXP\system32\netdde.exe
14:46:21.0984 0192 NetDDE - ok
14:46:21.0984 0192 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINXP\system32\netdde.exe
14:46:22.0062 0192 NetDDEdsdm - ok
14:46:22.0078 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINXP\system32\lsass.exe
14:46:22.0171 0192 Netlogon - ok
14:46:22.0187 0192 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINXP\System32\netman.dll
14:46:22.0281 0192 Netman - ok
14:46:22.0390 0192 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:46:22.0406 0192 NetTcpPortSharing - ok
14:46:22.0421 0192 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys
14:46:22.0500 0192 NIC1394 - ok
14:46:22.0531 0192 [ 4AA50627B01C0E9C6B4C6BD3AF648F12 ] Nla C:\WINXP\System32\mswsock.dll
14:46:22.0562 0192 Nla - ok
14:46:22.0625 0192 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
14:46:22.0656 0192 NMIndexingService - ok
14:46:22.0687 0192 [ D21FEE8DB254BA762656878168AC1DB6 ] NPF C:\WINXP\system32\DRIVERS\npf.sys
14:46:22.0703 0192 NPF ( UnsignedFile.Multi.Generic ) - warning
14:46:22.0703 0192 NPF - detected UnsignedFile.Multi.Generic (1)
14:46:22.0718 0192 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys
14:46:22.0828 0192 Npfs - ok
14:46:22.0843 0192 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys
14:46:22.0937 0192 Ntfs - ok
14:46:22.0953 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINXP\system32\lsass.exe
14:46:23.0031 0192 NtLmSsp - ok
14:46:23.0046 0192 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll
14:46:23.0140 0192 NtmsSvc - ok
14:46:23.0171 0192 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys
14:46:23.0250 0192 Null - ok
14:46:23.0281 0192 [ A12EC731BB00ADAD2D016D41C1F18FA4 ] NVENETFD C:\WINXP\system32\DRIVERS\NVENETFD.sys
14:46:23.0328 0192 NVENETFD - ok
14:46:23.0343 0192 [ 5DC6A149897820DE315916B6EC984EC9 ] nvnetbus C:\WINXP\system32\DRIVERS\nvnetbus.sys
14:46:23.0375 0192 nvnetbus - ok
14:46:23.0390 0192 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\WINXP\system32\DRIVERS\nvsmu.sys
14:46:23.0421 0192 nvsmu - ok
14:46:23.0421 0192 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys
14:46:23.0500 0192 NwlnkFlt - ok
14:46:23.0500 0192 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys
14:46:23.0578 0192 NwlnkFwd - ok
14:46:23.0593 0192 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys
14:46:23.0671 0192 ohci1394 - ok
14:46:23.0687 0192 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINXP\system32\drivers\Parport.sys
14:46:23.0781 0192 Parport - ok
14:46:23.0796 0192 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys
14:46:23.0875 0192 PartMgr - ok
14:46:23.0890 0192 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys
14:46:23.0968 0192 ParVdm - ok
14:46:24.0000 0192 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINXP\system32\DRIVERS\pccsmcfd.sys
14:46:24.0031 0192 pccsmcfd - ok
14:46:24.0046 0192 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINXP\system32\DRIVERS\pci.sys
14:46:24.0140 0192 PCI - ok
14:46:24.0140 0192 PCIDump - ok
14:46:24.0140 0192 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINXP\system32\DRIVERS\pciide.sys
14:46:24.0218 0192 PCIIde - ok
14:46:24.0234 0192 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINXP\system32\drivers\Pcmcia.sys
14:46:24.0328 0192 Pcmcia - ok
14:46:24.0343 0192 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINXP\system32\Drivers\pcouffin.sys
14:46:24.0359 0192 pcouffin ( UnsignedFile.Multi.Generic ) - warning
14:46:24.0359 0192 pcouffin - detected UnsignedFile.Multi.Generic (1)
14:46:24.0359 0192 PDCOMP - ok
14:46:24.0359 0192 PDFRAME - ok
14:46:24.0359 0192 PDRELI - ok
14:46:24.0375 0192 PDRFRAME - ok
14:46:24.0375 0192 perc2 - ok
14:46:24.0375 0192 perc2hib - ok
14:46:24.0390 0192 [ F0A7D59AF279326528715B206669B86C ] PlugPlay C:\WINXP\system32\services.exe
14:46:24.0406 0192 PlugPlay - ok
14:46:24.0406 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINXP\system32\lsass.exe
14:46:24.0484 0192 PolicyAgent - ok
14:46:24.0484 0192 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys
14:46:24.0562 0192 PptpMiniport - ok
14:46:24.0562 0192 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINXP\system32\DRIVERS\processr.sys
14:46:24.0640 0192 Processor - ok
14:46:24.0656 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe
14:46:24.0734 0192 ProtectedStorage - ok
14:46:24.0734 0192 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys
14:46:24.0812 0192 PSched - ok
14:46:24.0843 0192 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
14:46:24.0859 0192 PSI_SVC_2 - ok
14:46:24.0875 0192 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys
14:46:24.0953 0192 Ptilink - ok
14:46:24.0968 0192 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINXP\system32\Drivers\PxHelp20.sys
14:46:40.0140 0192 PxHelp20 - ok
14:46:40.0140 0192 ql1080 - ok
14:46:40.0156 0192 Ql10wnt - ok
14:46:40.0156 0192 ql12160 - ok
14:46:40.0156 0192 ql1240 - ok
14:46:40.0156 0192 ql1280 - ok
14:46:40.0171 0192 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys
14:46:40.0250 0192 RasAcd - ok
14:46:40.0281 0192 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINXP\System32\rasauto.dll
14:46:40.0375 0192 RasAuto - ok
14:46:40.0390 0192 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys
14:46:40.0484 0192 Rasl2tp - ok
14:46:40.0500 0192 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINXP\System32\rasmans.dll
14:46:40.0578 0192 RasMan - ok
14:46:40.0593 0192 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys
14:46:40.0671 0192 RasPppoe - ok
14:46:40.0671 0192 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys
14:46:40.0750 0192 Raspti - ok
14:46:40.0781 0192 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys
14:46:40.0859 0192 Rdbss - ok
14:46:40.0875 0192 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys
14:46:40.0937 0192 RDPCDD - ok
14:46:40.0968 0192 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys
14:46:41.0062 0192 rdpdr - ok
14:46:41.0078 0192 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys
14:46:41.0156 0192 RDPWD - ok
14:46:41.0171 0192 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINXP\system32\sessmgr.exe
14:46:41.0281 0192 RDSessMgr - ok
14:46:41.0296 0192 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys
14:46:41.0375 0192 redbook - ok
14:46:41.0406 0192 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINXP\System32\mprdim.dll
14:46:41.0484 0192 RemoteAccess - ok
14:46:41.0500 0192 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINXP\system32\regsvc.dll
14:46:41.0593 0192 RemoteRegistry - ok
14:46:41.0625 0192 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINXP\system32\DRIVERS\rfcomm.sys
14:46:41.0703 0192 RFCOMM - ok
14:46:41.0718 0192 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINXP\system32\locator.exe
14:46:41.0796 0192 RpcLocator - ok
14:46:41.0828 0192 [ D3D765E8455A961AE567B408F767D4F9 ] RpcSs C:\WINXP\system32\rpcss.dll
14:46:41.0843 0192 RpcSs - ok
14:46:41.0859 0192 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINXP\system32\rsvp.exe
14:46:41.0937 0192 RSVP - ok
14:46:41.0984 0192 [ 59757FE605EDEEFD8AA9EAD819AA38E2 ] RTL2832UBDA C:\WINXP\system32\drivers\RTL2832UBDA.sys
14:46:42.0015 0192 RTL2832UBDA - ok
14:46:42.0015 0192 [ 5D1E47E9D6204D09FC94223C4E1E15D0 ] RTL2832UUSB C:\WINXP\system32\Drivers\RTL2832UUSB.sys
14:46:42.0031 0192 RTL2832UUSB - ok
14:46:42.0062 0192 [ ADAC790BAA89AC1FEE08DEEF67D18F5C ] RTL2832U_IRHID C:\WINXP\system32\DRIVERS\RTL2832U_IRHID.sys
14:46:42.0062 0192 RTL2832U_IRHID - ok
14:46:42.0125 0192 [ 2E2E3A2D1BA5E540C32558F3F37D33E3 ] RTL8187B C:\WINXP\system32\DRIVERS\RTL8187B.sys
14:46:42.0156 0192 RTL8187B - ok
14:46:42.0187 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINXP\system32\lsass.exe
14:46:42.0250 0192 SamSs - ok
14:46:42.0265 0192 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINXP\System32\SCardSvr.exe
14:46:42.0359 0192 SCardSvr - ok
14:46:42.0375 0192 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINXP\system32\schedsvc.dll
14:46:42.0500 0192 Schedule - ok
14:46:42.0515 0192 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys
14:46:42.0546 0192 Secdrv - ok
14:46:42.0578 0192 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINXP\System32\seclogon.dll
14:46:42.0640 0192 seclogon - ok
14:46:42.0656 0192 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINXP\system32\sens.dll
14:46:42.0718 0192 SENS - ok
14:46:42.0734 0192 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINXP\system32\DRIVERS\serenum.sys
14:46:42.0828 0192 serenum - ok
14:46:42.0843 0192 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINXP\system32\drivers\Serial.sys
14:46:42.0921 0192 Serial - ok
14:46:42.0984 0192 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
14:46:43.0031 0192 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
14:46:43.0031 0192 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
14:46:43.0062 0192 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\DRIVERS\sfloppy.sys
14:46:43.0125 0192 Sfloppy - ok
14:46:43.0156 0192 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINXP\System32\ipnathlp.dll
14:46:43.0250 0192 SharedAccess - ok
14:46:43.0250 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll
14:46:43.0328 0192 ShellHWDetection - ok
14:46:43.0328 0192 Simbad - ok
14:46:43.0359 0192 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINXP\system32\DRIVERS\SLIP.sys
14:46:43.0437 0192 SLIP - ok
14:46:43.0468 0192 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
14:46:43.0484 0192 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:46:43.0484 0192 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:46:43.0484 0192 Sparrow - ok
14:46:43.0515 0192 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys
14:46:43.0593 0192 splitter - ok
14:46:43.0593 0192 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINXP\system32\spoolsv.exe
14:46:43.0671 0192 Spooler - ok
14:46:43.0718 0192 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINXP\system32\Drivers\sptd.sys
14:46:43.0718 0192 Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
14:46:43.0718 0192 sptd ( LockedFile.Multi.Generic ) - warning
14:46:43.0718 0192 sptd - detected LockedFile.Multi.Generic (1)
14:46:43.0750 0192 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINXP\system32\DRIVERS\sr.sys
14:46:43.0781 0192 sr - ok
14:46:43.0812 0192 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINXP\system32\srsvc.dll
14:46:43.0859 0192 srservice - ok
14:46:43.0875 0192 [ 30EFED0C77D59AE0CACB0B5C756767ED ] Srv C:\WINXP\system32\DRIVERS\srv.sys
14:46:43.0921 0192 Srv - ok
14:46:43.0953 0192 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll
14:46:44.0000 0192 SSDPSRV - ok
14:46:44.0015 0192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINXP\system32\DRIVERS\ssmdrv.sys
14:46:44.0031 0192 ssmdrv - ok
14:46:44.0062 0192 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINXP\system32\wiaservc.dll
14:46:44.0156 0192 stisvc - ok
14:46:44.0171 0192 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINXP\system32\DRIVERS\StreamIP.sys
14:46:44.0250 0192 streamip - ok
14:46:44.0265 0192 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys
14:46:44.0359 0192 swenum - ok
14:46:44.0375 0192 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys
14:46:44.0453 0192 swmidi - ok
14:46:44.0453 0192 SwPrv - ok
14:46:44.0453 0192 symc810 - ok
14:46:44.0468 0192 symc8xx - ok
14:46:44.0468 0192 sym_hi - ok
14:46:44.0468 0192 sym_u3 - ok
14:46:44.0484 0192 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys
14:46:44.0578 0192 sysaudio - ok
14:46:44.0593 0192 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINXP\system32\smlogsvc.exe
14:46:44.0687 0192 SysmonLog - ok
14:46:44.0703 0192 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINXP\System32\tapisrv.dll
14:46:44.0796 0192 TapiSrv - ok
14:46:44.0828 0192 [ 74D4299CDC4CF748EFEF725C2206E135 ] tbhsd C:\WINXP\system32\drivers\tbhsd.sys
14:46:44.0843 0192 tbhsd - ok
14:46:44.0875 0192 [ AD978A1B783B5719720CFF204B666C8E ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys
14:46:44.0921 0192 Tcpip - ok
14:46:44.0937 0192 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys
14:46:45.0015 0192 TDPIPE - ok
14:46:45.0031 0192 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys
14:46:45.0109 0192 TDTCP - ok
14:46:45.0125 0192 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys
14:46:45.0203 0192 TermDD - ok
14:46:45.0234 0192 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINXP\System32\termsrv.dll
14:46:45.0328 0192 TermService - ok
14:46:45.0343 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINXP\System32\shsvcs.dll
14:46:45.0421 0192 Themes - ok
14:46:45.0421 0192 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINXP\system32\tlntsvr.exe
14:46:45.0468 0192 TlntSvr - ok
14:46:45.0468 0192 TosIde - ok
14:46:45.0484 0192 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINXP\system32\trkwks.dll
14:46:45.0562 0192 TrkWks - ok
14:46:45.0593 0192 [ 228D8E60BC9C5238587B0BF1654EC580 ] U2SP C:\WINXP\system32\DRIVERS\u2s2kxp.sys
14:46:45.0609 0192 U2SP - ok
14:46:45.0640 0192 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys
14:46:45.0734 0192 Udfs - ok
14:46:45.0734 0192 ultra - ok
14:46:45.0781 0192 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys
14:46:45.0781 0192 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
14:46:45.0781 0192 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
14:46:45.0796 0192 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys
14:46:45.0921 0192 Update - ok
14:46:45.0953 0192 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINXP\System32\upnphost.dll
14:46:46.0000 0192 upnphost - ok
14:46:46.0031 0192 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINXP\system32\DRIVERS\usbser_lowerflt.sys
14:46:46.0265 0192 upperdev - ok
14:46:46.0281 0192 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINXP\System32\ups.exe
14:46:46.0359 0192 UPS - ok
14:46:46.0390 0192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINXP\system32\Drivers\usbaapl.sys
14:46:46.0421 0192 USBAAPL - ok
14:46:46.0453 0192 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINXP\system32\drivers\usbaudio.sys
14:46:46.0546 0192 usbaudio - ok
14:46:46.0593 0192 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys
14:46:46.0687 0192 usbccgp - ok
14:46:46.0703 0192 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys
14:46:46.0781 0192 usbehci - ok
14:46:46.0812 0192 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys
14:46:46.0906 0192 usbhub - ok
14:46:46.0921 0192 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINXP\system32\DRIVERS\usbohci.sys
14:46:47.0000 0192 usbohci - ok
14:46:47.0015 0192 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINXP\system32\DRIVERS\usbprint.sys
14:46:47.0093 0192 usbprint - ok
14:46:47.0140 0192 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINXP\system32\DRIVERS\usbscan.sys
14:46:47.0218 0192 usbscan - ok
14:46:47.0250 0192 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINXP\system32\drivers\usbser.sys
14:46:47.0328 0192 usbser - ok
14:46:47.0328 0192 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINXP\system32\DRIVERS\usbser_lowerfltj.sys
14:46:47.0406 0192 UsbserFilt - ok
14:46:47.0421 0192 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINXP\system32\DRIVERS\USBSTOR.SYS
14:46:47.0515 0192 usbstor - ok
14:46:47.0515 0192 VComm - ok
14:46:47.0531 0192 VcommMgr - ok
14:46:47.0562 0192 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys
14:46:47.0656 0192 VgaSave - ok
14:46:47.0656 0192 ViaIde - ok
14:46:47.0718 0192 [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
14:46:47.0718 0192 VMCService ( UnsignedFile.Multi.Generic ) - warning
14:46:47.0718 0192 VMCService - detected UnsignedFile.Multi.Generic (1)
14:46:47.0765 0192 [ 590C7A3A1133E51A7E1CEF67366E75AF ] vmm C:\WINXP\system32\Drivers\vmm.sys
14:46:47.0765 0192 vmm - ok
14:46:47.0781 0192 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys
14:46:47.0859 0192 VolSnap - ok
14:46:47.0906 0192 [ F96A678DEBDCCB0B4BB7F38CB2580589 ] VPCNetS2 C:\WINXP\system32\DRIVERS\VMNetSrv.sys
14:46:47.0906 0192 VPCNetS2 - ok
14:46:47.0937 0192 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINXP\System32\vssvc.exe
14:46:47.0984 0192 VSS - ok
14:46:48.0000 0192 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINXP\system32\w32time.dll
14:46:48.0078 0192 W32Time - ok
14:46:48.0125 0192 [ B57979148638F84E54B6441F085F2584 ] W700bus C:\WINXP\system32\DRIVERS\W700bus.sys
14:46:48.0171 0192 W700bus - ok
14:46:48.0187 0192 [ 82DC8E5CC926FFE07ED5E54B98B4C652 ] W700mdfl C:\WINXP\system32\DRIVERS\W700mdfl.sys
14:46:48.0218 0192 W700mdfl - ok
14:46:48.0234 0192 [ A021DE85658CB97009EFE50EB1849672 ] W700mdm C:\WINXP\system32\DRIVERS\W700mdm.sys
14:46:48.0250 0192 W700mdm - ok
14:46:48.0250 0192 [ 1308F53761623DFE30733073A13B677B ] W700mgmt C:\WINXP\system32\DRIVERS\W700mgmt.sys
14:46:48.0281 0192 W700mgmt - ok
14:46:48.0281 0192 [ 725AED977F8B8155D8F3A424E435BE63 ] W700obex C:\WINXP\system32\DRIVERS\W700obex.sys
14:46:48.0296 0192 W700obex - ok
14:46:48.0312 0192 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys
14:46:48.0390 0192 Wanarp - ok
14:46:48.0421 0192 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINXP\system32\Drivers\wdf01000.sys
14:46:48.0468 0192 Wdf01000 - ok
14:46:48.0468 0192 WDICA - ok
14:46:48.0484 0192 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys
14:46:48.0562 0192 wdmaud - ok
14:46:48.0578 0192 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINXP\System32\webclnt.dll
14:46:48.0656 0192 WebClient - ok
14:46:48.0687 0192 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\WINXP\system32\drivers\windrvr6.sys
14:46:48.0703 0192 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning
14:46:48.0703 0192 WinDriver6 - detected UnsignedFile.Multi.Generic (1)
14:46:48.0781 0192 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll
14:46:48.0890 0192 winmgmt - ok
14:46:48.0968 0192 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 D:\VLCC\VNC4\WinVNC4.exe
14:46:49.0015 0192 WinVNC4 - ok
14:46:49.0031 0192 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINXP\system32\mspmsnsv.dll
14:46:49.0062 0192 WmdmPmSN - ok
14:46:49.0093 0192 [ 57FA31A965D8FC3172641A93618FBE9E ] Wmi C:\WINXP\System32\advapi32.dll
14:46:49.0140 0192 Wmi - ok
14:46:49.0156 0192 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINXP\system32\DRIVERS\wmiacpi.sys
14:46:49.0234 0192 WmiAcpi - ok
14:46:49.0250 0192 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINXP\system32\wbem\wmiapsrv.exe
14:46:49.0328 0192 WmiApSrv - ok
14:46:49.0390 0192 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
14:46:49.0453 0192 WMPNetworkSvc - ok
14:46:49.0484 0192 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINXP\system32\DRIVERS\wpdusb.sys
14:46:49.0484 0192 WpdUsb - ok
14:46:49.0593 0192 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:46:49.0640 0192 WPFFontCache_v0400 - ok
14:46:49.0671 0192 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINXP\System32\drivers\ws2ifsl.sys
14:46:49.0750 0192 WS2IFSL - ok
14:46:49.0765 0192 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINXP\system32\wscsvc.dll
14:46:49.0859 0192 wscsvc - ok
14:46:49.0875 0192 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINXP\system32\DRIVERS\WSTCODEC.SYS
14:46:49.0953 0192 WSTCODEC - ok
14:46:49.0984 0192 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINXP\system32\wuauserv.dll
14:46:50.0062 0192 wuauserv - ok
14:46:50.0093 0192 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINXP\system32\DRIVERS\WudfPf.sys
14:46:50.0140 0192 WudfPf - ok
14:46:50.0156 0192 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINXP\system32\DRIVERS\wudfrd.sys
14:46:50.0171 0192 WudfRd - ok
14:46:50.0203 0192 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINXP\System32\WUDFSvc.dll
14:46:50.0234 0192 WudfSvc - ok
14:46:50.0265 0192 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINXP\System32\wzcsvc.dll
14:46:50.0406 0192 WZCSVC - ok
14:46:50.0437 0192 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINXP\System32\xmlprov.dll
14:46:50.0515 0192 xmlprov - ok
14:46:50.0546 0192 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\WINXP\system32\DRIVERS\ZTEusbmdm6k.sys
14:46:50.0609 0192 ZTEusbmdm6k - ok
14:46:50.0625 0192 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\WINXP\system32\DRIVERS\ZTEusbnet.sys
14:46:50.0656 0192 ZTEusbnet - ok
14:46:50.0656 0192 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\WINXP\system32\DRIVERS\ZTEusbnmea.sys
14:46:50.0703 0192 ZTEusbnmea - ok
14:46:50.0718 0192 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\WINXP\system32\DRIVERS\ZTEusbser6k.sys
14:46:50.0734 0192 ZTEusbser6k - ok
14:46:50.0734 0192 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\WINXP\system32\DRIVERS\ZTEusbvoice.sys
14:46:50.0750 0192 ZTEusbvoice - ok
14:46:50.0765 0192 ================ Scan global ===============================
14:46:50.0796 0192 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll
14:46:50.0812 0192 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
14:46:50.0843 0192 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll
14:46:50.0859 0192 [ F0A7D59AF279326528715B206669B86C ] C:\WINXP\system32\services.exe
14:46:50.0875 0192 [Global] - ok
14:46:50.0875 0192 ================ Scan MBR ==================================
14:46:50.0890 0192 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:46:51.0359 0192 \Device\Harddisk0\DR0 - ok
14:46:51.0359 0192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR11
14:46:51.0703 0192 \Device\Harddisk5\DR11 - ok
14:46:51.0703 0192 ================ Scan VBR ==================================
14:46:51.0703 0192 [ 322E58D03A9962F8F07BEB3F98C548E7 ] \Device\Harddisk0\DR0\Partition1
14:46:51.0703 0192 \Device\Harddisk0\DR0\Partition1 - ok
14:46:51.0718 0192 [ C3459D99BA4D1C6DB383BBF9C796422D ] \Device\Harddisk0\DR0\Partition2
14:46:51.0734 0192 \Device\Harddisk0\DR0\Partition2 - ok
14:46:51.0734 0192 [ 53F018DC5C8AF3F547C563CA3205B6FF ] \Device\Harddisk5\DR11\Partition1
14:46:51.0734 0192 \Device\Harddisk5\DR11\Partition1 - ok
14:46:51.0734 0192 ============================================================
14:46:51.0734 0192 Scan finished
14:46:51.0734 0192 ============================================================
14:46:51.0859 4188 Detected object count: 19
14:46:51.0859 4188 Actual detected object count: 19
14:47:37.0109 4188 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 androidusb ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 androidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 EMSLink ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 EMSLink ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 iMSPCLOj ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 iMSPCLOj ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0109 4188 NPF ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0109 4188 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:37.0125 4188 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:37.0125 4188 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:42.0890 5956 Deinitialize success

Alt 23.01.2013, 13:40   #8
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 15:05   #9
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



So fertig!




Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-23.01 - Andy 23.01.2013  15:39:49.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3583.2856 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Andy\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\5A1597EEC2.sys
c:\dokumente und einstellungen\Andy\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Temporary Internet Files\noxondabstickupdate.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\winxp\IsUn0407.exe
c:\winxp\iun6002.exe
c:\winxp\ntdll.dl
c:\winxp\system32\drivers\npf.sys
c:\winxp\system32\Packet.dll
c:\winxp\system32\pthreadVC.dll
c:\winxp\system32\WanPacket.dll
c:\winxp\system32\win32.dll
c:\winxp\system32\wpcap.dll
c:\winxp\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-23 bis 2013-01-23  ))))))))))))))))))))))))))))))
.
.
2013-01-20 08:32 . 2013-01-20 08:32	--------	d-----w-	c:\dokumente und einstellungen\Andy\Anwendungsdaten\Avira
2013-01-20 08:27 . 2013-01-20 08:27	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
2013-01-20 08:27 . 2012-11-27 09:01	83944	----a-w-	c:\winxp\system32\drivers\avgntflt.sys
2013-01-20 08:27 . 2012-11-22 14:51	36552	----a-w-	c:\winxp\system32\drivers\avkmgr.sys
2013-01-20 08:27 . 2012-11-22 14:50	134336	----a-w-	c:\winxp\system32\drivers\avipbb.sys
2013-01-20 08:27 . 2013-01-20 08:27	--------	d-----w-	c:\programme\Avira
2013-01-20 08:27 . 2013-01-20 08:27	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-19 12:15 . 2013-01-19 12:15	--------	d-----w-	c:\programme\iPod
2013-01-19 12:15 . 2013-01-19 12:15	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-19 12:15 . 2013-01-19 12:15	--------	d-----w-	c:\programme\iTunes
2013-01-19 12:11 . 2013-01-19 12:11	--------	d-----w-	c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2013-01-19 12:10 . 2013-01-19 12:13	--------	d-----w-	c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Abelssoft
2013-01-19 12:10 . 2013-01-19 12:10	--------	d-----w-	c:\programme\CheckDrive
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 11:57 . 2012-04-07 14:15	697864	----a-w-	c:\winxp\system32\FlashPlayerApp.exe
2013-01-19 11:57 . 2011-05-18 20:02	74248	----a-w-	c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-12-08 10:40 . 2011-03-15 18:58	2516	--sha-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2013-01-19 12:20 . 2013-01-19 12:19	262552	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sh--r-	c:\winxp\system32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\winxp\system32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\winxp\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-03 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2008-12-06 2387968]
"DAEMON Tools Lite"="d:\daemon tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-04 202256]
"QuickTime Task"="d:\quik time\QTTask.exe" [2010-08-10 421888]
"CloneCDTray"="d:\clone cd\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\winxp\system32\MSTMON_N.EXE" [2004-11-25 151552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"vspdfprsrv.exe"="d:\pdf\vspdfprsrv.exe" [2006-05-04 998912]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"PDFPrint"="d:\pdf\PDF24\pdf24.exe" [2012-05-22 160872]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Andy\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2010-9-3 917504]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
REALTEK RTL8187B Wireless LAN Utility.lnk - c:\programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe [2010-9-3 880640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Realtek\\RTL8187B Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Opera\\opera.exe"=
"d:\\Orbit Downloader\\Orbitdownloader\\orbitdm.exe"=
"d:\\Orbit Downloader\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\VLCC\\TightVNC\\Data\\WinVNC.exe"=
"d:\\VLCC\\VNC4\\winvnc4.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"d:\\Real Player\\realplay.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
"3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\winxp\system32\drivers\BtHidBus.sys [07.01.2009 23:39 20744]
R0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [03.09.2010 19:15 691696]
R1 avkmgr;avkmgr;c:\winxp\system32\drivers\avkmgr.sys [20.01.2013 09:27 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2013 09:27 85280]
R2 Dokan;Dokan;c:\winxp\system32\drivers\dokan.sys [31.12.2008 11:34 60928]
R2 DokanMounter;DokanMounter;c:\programme\Dokan\DokanLibrary\mounter.exe [31.12.2008 11:34 20992]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 17:20 9216]
R3 pcouffin;VSO Software pcouffin;c:\winxp\system32\drivers\pcouffin.sys [03.09.2010 20:27 47360]
R3 RTL2832UBDA;NOXON DAB Stick BDA Driver;c:\winxp\system32\drivers\RTL2832UBDA.sys [06.09.2011 19:22 189184]
R3 RTL2832UUSB;NOXON DAB Stick USB Driver;c:\winxp\system32\drivers\RTL2832UUSB.sys [06.09.2011 19:22 33536]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\winxp\system32\drivers\EMSLink_i386.sys [25.10.2011 18:03 6656]
S2 MLPTDR_N;MLPTDR_N;c:\winxp\system32\MLPTDR_N.SYS [18.07.2003 18:44 18848]
S3 androidusb;ADB Interface Driver;c:\winxp\system32\drivers\androidusb.sys [26.12.2011 10:55 25728]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\winxp\system32\drivers\btnetBus.sys [07.12.2008 12:44 30088]
S3 iMSPCLOj;iMSPCLOj;\??\c:\dokume~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys --> c:\dokume~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\winxp\system32\drivers\IvtBtBus.sys [02.07.2008 14:58 26248]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\winxp\system32\drivers\libusb0.sys [09.11.2011 16:44 28672]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winxp\system32\drivers\massfilter.sys [17.11.2011 19:08 7680]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\winxp\system32\drivers\RTL2832U_IRHID.sys [06.09.2011 19:22 37280]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\winxp\system32\drivers\RTL8187B.sys [03.09.2010 16:29 335104]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\winxp\system32\drivers\ZTEusbnet.sys [17.11.2011 19:10 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\winxp\system32\drivers\zteusbvoice.sys [17.11.2011 19:10 105344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 21:18	451872	----a-w-	c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-04-09 c:\winxp\Tasks\debutShakeIcon.job
- c:\programme\NCH Software\Debut\debut.exe [2012-04-09 08:32]
.
2013-01-23 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 17:28]
.
2013-01-23 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 17:28]
.
2013-01-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2013-01-20 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\programme\FRITZ!DSL\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Skype - c:\dokumente und einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe
HKLM-Run-USB Webmail Notifier - d:\usbweb~1\USB Webmail Notifier.exe
HKLM-Run-IR_SERVER - c:\programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DVD Identifier_is1 - d:\dvd cd anlyse\DVD Identifier\Uninst\unins000.exe
AddRemove-EPC Compact - c:\winxp\ISUN0407.EXE
AddRemove-FRITZ!DSL - c:\winxp\IsUn0407.exe
AddRemove-Radio Decoder - c:\winxp\iun6002.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-23 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\winxp\system32\Ati2evxx.dll
c:\winxp\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1032)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\programme\FRITZ!DSL\avmcsock.dll
c:\programme\FRITZ!DSL\avmufc.dll
.
- - - - - - - > 'explorer.exe'(5016)
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
d:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia\Nokia PC Suite 7\NGSCM.DLL
d:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
d:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\programme\Microsoft Virtual PC\VPCShExH.DLL
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\winxp\system32\Ati2evxx.exe
c:\winxp\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\FRITZ!DSL\IGDCTRL.EXE
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
d:\vlcc\VNC4\WinVNC4.exe
c:\winxp\RTHDCPL.EXE
c:\winxp\system32\rundll32.exe
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\winxp\system32\wbem\wmiapsrv.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programme\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-23  15:49:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-23 14:49
.
Vor Suchlauf: 23 Verzeichnis(se), 147.944.521.728 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 154.033.790.976 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1A24F7BDA49011F7B589DA0D33972C68
         
--- --- ---

Alt 24.01.2013, 17:17   #10
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi
öffne mal bitte c: qoobox
rechtsklick, quarantain, packe es mit winrar, oder zip, lade es dann hoch:
Trojaner-Board Upload Channel
teile mir bitte mit, wenn fertig.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 17:51   #11
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



Is upgeloadet! Danke noch für die Hilfe!

Alt 24.01.2013, 21:44   #12
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hatt leider net geklappt
File-Upload.net - Ihr kostenloser File Hoster!
da mal bitte hochladen, link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 15:34   #13
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi,
danke
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 20:40   #14
biertoni
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



Hab es mal trüber laufen lassen! Das mit der Openbox Software kann ich nicht ganz verstehen die Software war damals beim Sat receiver dabei und ist zum Programm und sendelisten editiren! Hab die Software seit ca.2008 und mitlerweile am 3PC hab aber jetzt trotzdem mal in quarantäne geschoben!

Hier der Log


Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.25.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Andy :: MEDIABOX [Administrator]

Schutz: Deaktiviert

25.01.2013 20:02:54
mbam-log-2013-01-25 (20-02-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402304
Laufzeit: 1 Stunde(n), 25 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
D:\System Volume Information\_restore{7EC18A29-9B24-4EC2-B058-65800773F519}\RP525\A0123537.exe (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Daten pyranja PC\Bilder Videos alter PC\gags\NICETOHAVE\STRESSZOLDO.EXE (Joke.Stressreducer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Daten pyranja PC\openb0x\Neuer Ordner\pobedit091_nagra_au\getkeys.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Daten pyranja PC\openb0x\Neuer Ordner\pobedit091_nagra_au\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Daten pyranja PC\Openbox\Pobedit 0.909\Pobedit 0.909\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Koscom zu Openbox\Koscom zu Openbox 1\PB_0.922\PB 0.922\POBEDIT.EXE (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Koscom zu Openbox\Koscom zu Openbox 1\Wechsel koscom zu openbox\PB_0.922\PB 0.922\POBEDIT.EXE (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Koscom zu Openbox\PB_0.922\PB 0.922\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Koscom zu Openbox\Wechsel koscom zu openbox\PB_0.922\PB 0.922\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 29.01.2013, 12:07   #15
markusg
/// Malware-holic
 
Evtl. Virus oder Trojaner eingefangen - Standard

Evtl. Virus oder Trojaner eingefangen



hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Evtl. Virus oder Trojaner eingefangen
antivir, avira, bho, bonjour, converter, desktop, downloader, echtzeit-scanner, excel, festplatte, google, hijack, hijackthis, hkus\s-1-5-18, home, internet explorer, logfile, mozilla, mp3, real player, realtek, scan, software, system, trojaner, virus, windows, windows xp



Ähnliche Themen: Evtl. Virus oder Trojaner eingefangen


  1. DHL Virus oder Trojaner warscheinlich eingefangen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2015 (79)
  2. Virus oder Trojaner eingefangen
    Log-Analyse und Auswertung - 18.01.2013 (1)
  3. Virus oder Trojaner auf dem Computer führt zu Problemen, evtl. Conficker
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (25)
  4. habe mir evtl. Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (29)
  5. Evtl. Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (0)
  6. Evtl Virus eingefangen
    Log-Analyse und Auswertung - 16.03.2011 (6)
  7. Trojaner oder Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (5)
  8. Evtl virus eingefangen?
    Log-Analyse und Auswertung - 06.06.2010 (2)
  9. Evtl Virus eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2009 (19)
  10. evtl. Virus oder Trojaner???
    Log-Analyse und Auswertung - 11.05.2009 (4)
  11. Virus oder Trojaner evtl. Trojan Agent oderUserinti.exe
    Log-Analyse und Auswertung - 09.03.2009 (1)
  12. Virus oder Trojaner eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 06.02.2009 (3)
  13. Virus oder Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 08.01.2009 (0)
  14. Fieser Virus oder Trojaner eingefangen :(
    Mülltonne - 22.07.2008 (0)
  15. Trojianer oder Virus ??? evtl.
    Plagegeister aller Art und deren Bekämpfung - 15.12.2007 (0)
  16. Virus oder trojaner über codec eingefangen
    Log-Analyse und Auswertung - 12.10.2006 (2)
  17. Merkwürdiges Problem! Evtl.Virus oder Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2004 (0)

Zum Thema Evtl. Virus oder Trojaner eingefangen - Vierenscanner findet nicht aber könnt ihr euch mal das Logfile anschauen? Danke Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:22, on 21.01.2013 Platform: Windows XP SP3 (WinNT 5.01.2600) - Evtl. Virus oder Trojaner eingefangen...
Archiv
Du betrachtest: Evtl. Virus oder Trojaner eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.