Antimalware Doc entfernen klappt nciht ganz

xxxlalala · 19.07.2010, 10:59

Hallo,

da dies mein erste post hier ist, hoffe ich dass ich mich den forenregeln entsprechend verhalte.

ich beziehe mich auf die anleitung zur entfernung des antimalware doc :
http://www.trojaner-board.de/83172-a...entfernen.html

in dem thread steht, dass ich sowieso nochmal hier posten soll.
bei mir geht er allerdings nicht weg.

der virus trat zum ersten mal gesten in erscheinung, nachdem mein rechner mehrere stunden unbenutzt und angeschaltet war, mein windows security essentials hat wohl was erkannt, es waren allerdings auch schon fenster von antimalware doc offen. hier das was security essentials gemacht hat (ich sah keine andere möglichkeit als einen sceenshot zu machen):

da ich gemerkt habe dass irgendwas sehr im argen ist habe ich den computer direkt im abgesicherten modus gestartet und meinen router ausgeschaltet.
dort habe ich mbam ccscanner und auch viren scanns gemacht:
mbam log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

19.07.2010 00:10:37
mbam-log-2010-07-19 (00-10-37).txt

Scan type: Quick scan
Objects scanned: 118910
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\i\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

danach war der virus weg, konnte ihn weder irgendwo in den prozessen noch durch irgendwelche fenster ausfindig machen, allerdings findet mbam ihn nach dem neustart immernoch und löscht ihn dann auch wieder :

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.07.2010 09:14:57
mbam-log-2010-07-19 (09-14-57).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 339881
Time elapsed: 1 hour(s), 34 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W34BCG2GRJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hier noch der RSIT log von jetzt gerade :

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by i at 2010-07-19 11:54:49
Microsoft Windows 7 Professional  
System drive C: has 18 GB (30%) free of 60 GB
Total RAM: 2047 MB (64% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\i\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
"AdobeBridge"= []
"EPSON Stylus Photo R2400"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE [2007-01-10 177664]

C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-19 11:09:47 ----D---- C:\Users\i\AppData\Roaming\Yahoo!
2010-07-19 11:09:47 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-19 11:09:45 ----D---- C:\Program Files\Yahoo!
2010-07-19 11:08:35 ----D---- C:\rsit
2010-07-19 11:08:35 ----D---- C:\Program Files\trend micro
2010-07-19 01:04:42 ----A---- C:\mbam-error.txt
2010-07-13 11:52:22 ----D---- C:\REFlex
2010-07-12 10:13:50 ----A---- C:\Windows\_MSRSTRT.EXE
2010-07-11 23:58:39 ----D---- C:\Program Files\Sigma_Team
2010-07-11 23:55:16 ----D---- C:\Program Files\Sigma Team
2010-07-09 10:07:57 ----D---- C:\Program Files\MSXML 4.0
2010-07-08 23:50:54 ----D---- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
2010-07-08 23:02:16 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-08 23:00:42 ----D---- C:\ProgramData\NokiaInstallerCache
2010-07-08 22:39:04 ----D---- C:\Users\i\AppData\Roaming\Nokia
2010-07-08 22:38:02 ----D---- C:\Program Files\Common Files\PCSuite
2010-07-08 22:36:53 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-07-08 22:28:16 ----D---- C:\ProgramData\PC Suite
2010-07-08 22:28:07 ----D---- C:\Users\i\AppData\Roaming\PC Suite
2010-07-08 21:49:34 ----D---- C:\ProgramData\Nokia
2010-07-08 21:48:20 ----D---- C:\Program Files\DIFX
2010-07-08 21:47:47 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-08 21:45:22 ----A---- C:\Windows\system32\nmwcdcls.dll
2010-07-08 21:42:49 ----D---- C:\Program Files\Common Files\Nokia
2010-07-08 21:42:46 ----D---- C:\Program Files\Nokia
2010-07-08 21:40:50 ----D---- C:\ProgramData\Installations
2010-07-06 10:23:01 ----D---- C:\Program Files\Codemasters
2010-07-02 00:28:36 ----D---- C:\Users\i\AppData\Roaming\Turbine
2010-07-02 00:25:26 ----D---- C:\Windows\system32\URTTEMP
2010-07-02 00:14:45 ----D---- C:\Program Files\Turbine
2010-07-01 21:27:20 ----D---- C:\ProgramData\PMB Files
2010-07-01 21:27:07 ----D---- C:\Program Files\Pando Networks
2010-07-01 11:28:46 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2010-07-01 11:28:46 ----A---- C:\Users\i\AppData\Roaming\PnkBstrK.sys
2010-07-01 11:28:17 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-07-01 11:28:15 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-07-01 11:28:12 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-07-01 11:15:32 ----D---- C:\Program Files\EA Games
2010-06-26 12:00:27 ----D---- C:\Program Files\IronPython 2.6 for .NET 4.0
2010-06-24 03:00:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:00:42 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 10:38:10 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 10:38:09 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 10:38:07 ----A---- C:\Windows\system32\msdri.dll

======List of files/folders modified in the last 1 months======

2010-07-19 11:54:02 ----D---- C:\Windows\Temp
2010-07-19 11:53:53 ----D---- C:\Windows\Prefetch
2010-07-19 11:24:36 ----D---- C:\Users\i\AppData\Roaming\Media Player Classic
2010-07-19 11:24:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-19 11:24:35 ----D---- C:\Windows\system32\LogFiles
2010-07-19 11:24:35 ----D---- C:\Windows
2010-07-19 11:09:47 ----HD---- C:\ProgramData
2010-07-19 11:09:45 ----RD---- C:\Program Files
2010-07-19 11:09:37 ----D---- C:\Program Files\CCleaner
2010-07-19 11:03:18 ----D---- C:\Windows\System32
2010-07-19 11:03:18 ----D---- C:\Windows\inf
2010-07-19 11:03:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-19 04:05:17 ----D---- C:\Windows\system32\config
2010-07-19 01:29:22 ----SHD---- C:\System Volume Information
2010-07-19 01:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-19 01:14:25 ----D---- C:\Windows\system32\drivers
2010-07-19 00:53:09 ----D---- C:\Users\i\AppData\Roaming\Skype
2010-07-19 00:53:04 ----D---- C:\Users\i\AppData\Roaming\skypePM
2010-07-19 00:52:43 ----D---- C:\Windows\Tasks
2010-07-19 00:30:35 ----D---- C:\Users\i\AppData\Roaming\QuickScan
2010-07-19 00:17:27 ----D---- C:\Windows\Branding
2010-07-19 00:10:21 ----D---- C:\Users\i\AppData\Roaming\foobar2000
2010-07-18 23:57:20 ----D---- C:\Windows\system32\drivers\etc
2010-07-18 23:54:23 ----D---- C:\Windows\debug
2010-07-18 23:50:49 ----D---- C:\Windows\system32\Tasks
2010-07-17 20:44:09 ----D---- C:\Users\i\AppData\Roaming\vlc
2010-07-17 17:50:00 ----D---- C:\Program Files\JDownloader
2010-07-16 17:50:24 ----SHD---- C:\Windows\Installer
2010-07-14 19:19:06 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 19:18:05 ----D---- C:\Windows\system32\catroot2
2010-07-09 10:08:15 ----D---- C:\Windows\winsxs
2010-07-08 23:06:32 ----D---- C:\Windows\system32\catroot
2010-07-08 23:02:20 ----D---- C:\Windows\system32\DriverStore
2010-07-08 22:38:02 ----D---- C:\Program Files\Common Files
2010-07-04 12:36:31 ----D---- C:\Program Files\Adobe
2010-07-04 12:36:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 00:42:17 ----D---- C:\Users\i\AppData\Roaming\Mozilla
2010-07-02 00:27:59 ----RSD---- C:\Windows\assembly
2010-07-02 00:27:18 ----D---- C:\Windows\Registration
2010-07-02 00:26:53 ----D---- C:\Program Files\Internet Explorer
2010-07-01 10:32:25 ----D---- C:\AdobeTemp
2010-06-29 08:52:18 ----D---- C:\Program Files\Microsoft Security Essentials
2010-06-28 23:58:19 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 12:45:37 ----D---- C:\Windows\Microsoft.NET
2010-06-25 17:20:17 ----D---- C:\Users\i\AppData\Roaming\dvdcss
2010-06-25 14:46:33 ----D---- C:\Users\i\AppData\Roaming\.purple
2010-06-24 23:23:22 ----D---- C:\Windows\system32\en-US
2010-06-24 23:23:20 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 03:00:36 ----D---- C:\Windows\ehome
2010-06-24 03:00:26 ----D---- C:\Windows\AppPatch
2010-06-22 16:32:29 ----D---- C:\Windows\system32\NDF
2010-06-21 23:19:51 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-01 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1095936]
R3 usbvm321;USB2.0 0.35M WebCam; C:\Windows\System32\Drivers\usbvm321.sys [2009-11-01 205568]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 a1dplurs;a1dplurs; C:\Windows\system32\drivers\a1dplurs.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 scsiscan;SCSI Scanner Driver; C:\Windows\system32\DRIVERS\scsiscan.sys [2009-07-14 14848]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM108.sys [2007-06-28 1310720]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-01 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
S2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-02 655624]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S4 AppMgmt;Application Management; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;Offline Files; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

ich hoffe euch genug informationen geliefert zu haben um mir evtl zu helfen.
vielen dank im vorraus.
werde jetzt nochmla mbam laufen lassen mal sehen was passiert.

Larusso · 19.07.2010, 14:51

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Doppelklick auf die load.exe
Belasse die Häckchen wie sie sind.
Schließe nun alle offenen Programme.
Klicke auf Download
Bitte während dem Download nicht in das Fenster klicken.
Folge den Anweisungen auf dem Bildschirm.
Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.

xxxlalala · 19.07.2010, 15:27

hallo,
danke für die schnelle antwort.
wenn ich load.exe ausführe, ist dort kein häkchen bei malwarebytes, darunter steht Malwarebytes bereits installiert(was auch der fall ist).
er fragt mich aber wärend des laufens ob ich Malwarebytes updarten will.
klicke ich auf ok soll kommt ein fenster namens "run" und ich soll einen ordner oder eine datei angeben. wenn ich dann z.b. mbam.exe angebe startet eben dieses. load.exe minimiert sich in die taskleiste und weiter passiert nichts.

klicke ich auf cancel, erscheint die frage ob ihc 7zip installieren will. klicke ich auf ok. minimiert loader.exe und es passiert nichts weiter
klicke ich auf cancel erscheint das fenster status mit dem button "ok".
wenn ich auf ok klicke schließt sich das programm nach einer weile.

auf dem desktop ist ein ordner namens MFTools mit folgendem inhalt :
anleitung.pdf
inet.bat
inet.reg
scan.txt

die datei die in der anleitung.pdf von mir verlangt wird zu öffnen ist dort leider nicht.

ich selber würde jetzt mbam und 7zip deinstallieren. aber ich mache hier am besten gar nichts ohne anweisung.

vor der antwort hier hatte ich im abgesichertgen modus noch einen mbam durchlauf(full scan) ohne fund und noch einen quick scan im normalen modus ebenfalls ohne fund. aber das nur zur info

Larusso · 19.07.2010, 15:33

MBAM startet garnicht?
Wenn das RUN Fenster aufgeht, schreibt es normal mbam rein und startet es, das kann ein paar Sekunden dauern bis es läuft.

Sorry, ist mein Tool und gab bis jetzt nie Probleme, darum frage ich nach

Aber mir scheint mehr als würde da was geblockt, da sich auch die Tools nicht im Ordner befinden.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

xxxlalala · 19.07.2010, 15:58

doch mbam startet. es startet wenn ich mbam eingebe in das run fenster oder wenn ich mbam.exe such (mit browse). aber egal ob ich dann in mbam nen update mache, es einfach offen lasse, es schließe, oder nen update mache und es dann schließe, passiert weiter nichts.
ich hoffe das ich nciht zu ungeduldig bin oder sowas oder dass ich dein programm falsch bediene.

ich dneke ich muss die logs teilen, weil sie sonst zu lang sind zumindest hat das forum eine art zeitüberschreitung gehabt wenn ich alle auf einmal poste

hier die logs
otl.txt
ich ersetze einfach mal meinen namen mit maxmuster

Code:

ATTFilter

OTL logfile created on: 19.07.2010 16:39:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,61 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:30 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.30 03:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.02 00:02:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.04 13:42:58 | 000,277,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.01 19:29:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.01 13:41:03 | 000,205,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:25 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009.07.14 01:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009.07.14 01:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxmuster.de/test/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 72 CA 26 B5 A2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://igoogle.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.08 22:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.08 23:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 23:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.16 17:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.10 04:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.08 23:02:26 | 000,000,000 | ---D | M]
 
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Extensions
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.19 11:25:48 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions
[2010.07.04 12:40:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 11:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.19 10:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 12:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.07.01 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\battlefieldheroespatcher@ea.com
[2010.01.24 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\copylinkurl@bluelightdev.com
[2010.05.02 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\LDSI_plashcor@gmail.com
[2010.02.25 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\linky@gemal.dk
[2010.04.11 14:55:38 | 000,000,737 | ---- | M] () -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\searchplugins\captaincrawl.xml
[2010.07.19 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.12 19:41:20 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 19:41:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 19:41:20 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 19:41:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 19:41:20 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

xxxlalala · 19.07.2010, 15:59

otl.txt teil 2

Code:

ATTFilter

 
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EPSON Stylus Photo R2400] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: digitalriver.com ([windows7] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell\AutoRun\command - "" = G:\AS2conscription.exe -- File not found
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.19 16:37:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\MFTools
[2010.07.19 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Yahoo!
[2010.07.19 11:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.17 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\panik_koljah_nmzs_-_spastik_desaster_2009
[2010.07.13 11:52:22 | 000,000,000 | ---D | C] -- C:\REFlex
[2010.07.12 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\AlienShooter2 Conscription Saves
[2010.07.11 23:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma_Team
[2010.07.11 23:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2010.07.11 23:38:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Ovi
[2010.07.09 10:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.07.08 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\NokiaAccount
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Nokia
[2010.07.08 23:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.08 23:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.07.08 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010.07.08 22:36:53 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.08 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.07.08 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.07.08 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.07.08 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.07.08 21:47:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.07.08 21:45:22 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.07.08 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.07.08 21:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010.07.08 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.07.07 12:19:11 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\nicolebilder
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\The Lord of the Rings Online
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\The Lord of the Rings Online
[2010.07.06 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010.07.06 09:46:30 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\alesschau
[2010.07.04 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\bla
[2010.07.03 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Battlefield Heroes
[2010.07.03 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\My Downloads
[2010.07.02 00:32:10 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Dungeons and Dragons Online
[2010.07.02 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Turbine
[2010.07.02 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Turbine
[2010.07.02 00:27:18 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\ApplicationHistory
[2010.07.02 00:25:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010.07.02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010.07.01 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PMB Files
[2010.07.01 21:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.07.01 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010.07.01 16:54:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PunkBuster
[2010.07.01 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010.06.30 09:22:26 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\seiteoffline
[2010.06.26 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\i\workspace
[2010.06.26 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\IronPython 2.6 for .NET 4.0
[2010.06.21 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\herkansing marko
[2010.06.21 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\internetneu
[2010.06.20 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Sidhe
[2010.06.18 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Adobe Scripts
[2010.06.17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON ColorBase
[2010.06.17 16:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.06.17 16:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010.06.17 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast Application
[2010.06.17 14:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast
[2010.06.07 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\dlll
[2010.06.06 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2010.05.30 03:00:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.05.26 22:01:27 | 001,376,079 | ---- | C] (Copyright (C) 2007-2010    Ibadov Tariel   <tariel@code-industry.net>) -- C:\Windows\System32\imgport.dll
[2010.05.26 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\ImagePrinter
[2010.05.26 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2010.05.26 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Adobe Mini Bridge CS5
[2010.05.19 10:12:35 | 000,000,000 | --SD | C] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.05.19 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\NCH Software
[2010.05.17 20:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.05.14 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.05.07 00:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.05.06 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.06 23:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.06 23:12:05 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Microsoft Help
[2010.05.06 23:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.06 23:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.06 23:10:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.06 22:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.05.04 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\Linotype.Frutiger.Next.WinALL.Commercial.FONT-TYPO
[2010.05.01 22:50:44 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Mixxx
[2010.05.01 22:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[2010.05.01 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.04.23 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.21 16:57:06 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\vlc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.19 16:41:32 | 004,194,304 | -HS- | M] () -- C:\Users\i\NTUSER.DAT
[2010.07.19 16:37:45 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 16:37:45 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 16:35:07 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.19 16:35:07 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.19 16:35:07 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.19 16:30:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.19 16:30:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.19 16:30:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 16:29:12 | 001,540,559 | -H-- | M] () -- C:\Users\i\AppData\Local\IconCache.db
[2010.07.19 16:22:25 | 000,007,627 | ---- | M] () -- C:\Users\i\AppData\Local\Resmon.ResmonCfg
[2010.07.19 15:58:38 | 000,410,680 | ---- | M] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | M] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:52 | 000,150,136 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:46:52 | 000,001,456 | ---- | M] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.19 11:45:49 | 000,222,755 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:42 | 000,035,192 | ---- | M] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:09:41 | 000,000,969 | ---- | M] () -- C:\Users\i\Desktop\CCleaner.lnk
[2010.07.19 11:08:13 | 000,339,991 | ---- | M] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | M] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:14:29 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:25 | 000,363,520 | ---- | M] () -- C:\Users\i\Desktop\rkill.com
[2010.07.16 15:53:36 | 027,810,221 | ---- | M] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:52 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.12 00:02:24 | 108,827,564 | ---- | M] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.11 23:43:14 | 000,010,752 | ---- | M] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:19 | 000,192,894 | ---- | M] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 000,015,364 | -H-- | M] () -- C:\Users\Public\Documents\.DS_Store
[2010.07.06 12:25:55 | 000,000,082 | -H-- | M] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.05 23:42:40 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.05 23:42:19 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.05 15:02:46 | 001,897,016 | ---- | M] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.05 15:02:42 | 002,035,287 | ---- | M] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.04 17:50:40 | 000,192,894 | ---- | M] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.03 12:51:42 | 000,138,056 | ---- | M] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.03 12:51:27 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.07.02 00:28:17 | 000,000,089 | ---- | M] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.06.30 10:02:47 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:42 | 000,010,235 | ---- | M] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:39:03 | 000,073,701 | -H-- | M] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.25 21:38:57 | 000,073,758 | -H-- | M] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:34:36 | 003,757,567 | ---- | M] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:34:02 | 003,757,746 | ---- | M] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.23 19:28:53 | 000,073,043 | -H-- | M] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:43 | 000,074,385 | -H-- | M] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 19:24:14 | 003,610,875 | ---- | M] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:23:30 | 003,702,399 | ---- | M] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 18:39:51 | 000,066,262 | -H-- | M] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:28 | 000,072,788 | -H-- | M] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:52 | 000,074,451 | -H-- | M] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:36:39 | 000,074,801 | -H-- | M] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:02 | 001,908,885 | ---- | M] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:32:28 | 007,713,743 | ---- | M] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:30:48 | 007,025,611 | ---- | M] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:26:50 | 000,073,310 | -H-- | M] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:26:13 | 000,072,714 | -H-- | M] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.23 18:26:04 | 000,072,850 | -H-- | M] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:17:50 | 004,725,714 | ---- | M] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:17:10 | 005,033,392 | ---- | M] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | M] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.21 11:05:45 | 001,285,120 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | M] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:12 | 000,432,716 | ---- | M] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.20 00:42:12 | 004,303,294 | ---- | M] () -- C:\Users\Public\Documents\12.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | M] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:20 | 000,010,488 | ---- | M] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 16:55:23 | 001,280,512 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:22 | 001,273,856 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:46 | 000,024,576 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 22:42:12 | 000,090,328 | -H-- | M] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.17 16:42:45 | 003,155,647 | ---- | M] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:20:36 | 000,001,036 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:20:36 | 000,001,012 | ---- | M] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.15 15:36:57 | 000,020,000 | -H-- | M] () -- C:\ProgramData\V36QQ
[2010.06.14 12:17:37 | 000,020,531 | -H-- | M] () -- C:\ProgramData\T09F8
[2010.06.12 18:53:49 | 003,686,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.06 17:19:10 | 000,053,594 | ---- | M] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 04:20:10 | 000,289,664 | ---- | M] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.29 00:01:42 | 003,459,735 | ---- | M] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.05.28 21:03:42 | 178,559,288 | ---- | M] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.05.25 19:20:55 | 000,067,718 | -H-- | M] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.14 18:00:33 | 000,002,524 | ---- | M] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.05.07 00:43:44 | 000,066,104 | ---- | M] () -- C:\Users\i\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.19 15:58:37 | 000,410,680 | ---- | C] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | C] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:51 | 000,150,136 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:45:47 | 000,222,755 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:39 | 000,035,192 | ---- | C] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:08:11 | 000,339,991 | ---- | C] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | C] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:20 | 000,363,520 | ---- | C] () -- C:\Users\i\Desktop\rkill.com
[2010.07.17 14:54:14 | 108,827,564 | ---- | C] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.16 17:59:37 | 027,810,221 | ---- | C] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.08 23:53:55 | 000,010,752 | ---- | C] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:17 | 000,192,894 | ---- | C] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 001,897,016 | ---- | C] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.06 12:26:23 | 002,035,287 | ---- | C] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.06 12:25:55 | 000,192,894 | ---- | C] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.06 12:25:55 | 000,000,082 | -H-- | C] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.02 00:28:17 | 000,000,089 | ---- | C] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.07.01 16:55:06 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.01 11:28:46 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.01 11:28:46 | 000,138,056 | ---- | C] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.01 11:28:17 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.01 11:28:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.07.01 11:28:12 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.30 10:02:47 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:40 | 000,010,235 | ---- | C] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:38:50 | 003,757,746 | ---- | C] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.25 21:38:50 | 003,757,567 | ---- | C] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:38:50 | 000,073,758 | -H-- | C] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:38:50 | 000,073,701 | -H-- | C] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.23 19:28:46 | 003,610,875 | ---- | C] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:28:46 | 000,073,043 | -H-- | C] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:37 | 003,702,399 | ---- | C] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 19:28:37 | 000,074,385 | -H-- | C] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 18:39:48 | 001,908,885 | ---- | C] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:39:48 | 000,066,262 | -H-- | C] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:21 | 003,459,735 | ---- | C] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.06.23 18:37:21 | 000,072,788 | -H-- | C] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:27 | 007,713,743 | ---- | C] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:36:27 | 007,025,611 | ---- | C] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:36:27 | 000,074,801 | -H-- | C] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:27 | 000,074,451 | -H-- | C] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:26:43 | 004,303,294 | ---- | C] () -- C:\Users\Public\Documents\12.jpg
[2010.06.23 18:26:43 | 000,073,310 | -H-- | C] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:25:55 | 005,033,392 | ---- | C] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.23 18:25:55 | 004,725,714 | ---- | C] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:25:55 | 000,072,850 | -H-- | C] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:25:55 | 000,072,714 | -H-- | C] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | C] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | C] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:11 | 000,432,716 | ---- | C] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | C] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:17 | 000,010,488 | ---- | C] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 17:06:38 | 001,285,120 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.19 16:55:08 | 001,280,512 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:21 | 001,273,856 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:45 | 000,024,576 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 20:25:50 | 178,559,288 | ---- | C] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.06.17 16:42:35 | 003,155,647 | ---- | C] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:17:37 | 000,001,036 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:17:37 | 000,001,012 | ---- | C] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.16 00:10:00 | 000,090,328 | -H-- | C] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.15 15:34:38 | 000,020,000 | -H-- | C] () -- C:\ProgramData\V36QQ
[2010.06.14 12:51:32 | 000,055,808 | -HS- | C] () -- C:\Users\i\Thumbs.db
[2010.06.06 17:19:05 | 000,053,594 | ---- | C] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 14:36:05 | 000,289,664 | ---- | C] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.25 19:20:23 | 000,067,718 | -H-- | C] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.17 23:00:18 | 000,001,456 | ---- | C] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.05.14 18:00:33 | 000,002,524 | ---- | C] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.25 23:30:50 | 000,000,038 | ---- | C] () -- C:\Windows\BookPrintXP.ini
[2010.02.03 02:21:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.11.04 19:26:06 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.11.04 19:26:05 | 000,003,072 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.11.04 19:26:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.11.04 19:26:05 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009.11.01 19:22:23 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\Windows\System32\esint54.dll
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2010.06.25 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\.purple
[2010.02.27 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Ableton
[2010.02.19 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Acreon
[2009.11.01 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Lite
[2009.11.01 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Pro
[2010.02.24 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Extensis
[2010.02.17 02:23:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\FOG Downloader
[2010.07.19 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\foobar2000
[2010.03.25 01:00:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\gtk-2.0
[2010.03.25 23:31:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Keseling
[2010.06.19 17:37:02 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Lasersoft Imaging
[2010.07.11 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 23:50:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2009.11.20 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\OpenOffice.org
[2010.07.08 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.05.14 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.07.19 00:30:35 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\QuickScan
[2010.02.16 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Router Manager
[2009.11.26 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\runic games
[2010.05.14 18:00:43 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Sony
[2010.05.21 11:09:14 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.03.04 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SteelBytes
[2009.11.02 01:20:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SystemRequirementsLab
[2010.03.02 02:47:30 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Thunderbird
[2009.12.16 23:39:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Tropico 3
[2009.10.31 22:24:50 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TrueCrypt
[2010.02.28 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TuneUp Software
[2010.07.02 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Turbine
[2010.04.16 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\uTorrent
[2010.05.19 11:32:15 | 000,000,000 | --SD | M] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.03.14 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\zenses
[2010.07.19 00:52:41 | 000,000,858 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.07.19 16:30:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 01:11:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010.07.19 16:30:31 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys
[2010.07.19 14:06:40 | 000,000,344 | ---- | M] () -- C:\rkill.log
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.05 23:42:40 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 17:25:42

< End of report >

xxxlalala · 19.07.2010, 16:00

extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2010 16:39:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,61 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe (Adobe Systems, Inc.)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DBB6F9-62DD-487C-91BB-17333552BF36}" = Adobe Setup
"{15206372-2480-4698-9879-9825F12A307B}" = Adobe Premiere Pro CS4 Third Party Content
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E093855-359A-43EC-9D36-60B087C6215E}" = IronPython 2.6 for .NET 4.0
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5C963017-1A53-425B-8B2B-9495AF15382C}" = Adobe Media Encoder CS4 Importer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{701E5B2B-09A3-4EF0-81D6-455C9B8ED073}" = Adobe Setup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84C7A433-CED3-4410-9D69-0BF5486B9631}" = Sony CD Architect 5.2
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9B13886-4787-4BE5-B291-7A668CF30F1E}" = EPSON ColorBase
"{ABA38B85-6F0A-43F0-9DF6-73066B0E9054}" = Adobe Setup
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0321}" = USB2.0 0.35M WebCam
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6DDE2AE-8E63-48C4-89C5-EACD4AC6E665}" = UltraEdit 16.00
"{C71607E2-84EC-4C1F-A649-82E530920C23}" = Adobe Setup
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0ACED35-5F54-4898-97AC-C1456323A8E3}" = Adobe Media Encoder CS4 Exporter
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F5371573-B045-4A4C-9171-6D99C8FAC876}" = Adobe After Effects CS4 Third Party Content
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_126a6c50d960aa4e8761045cec9b633" = Adobe Media Encoder CS4 Exporter
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_48bbd0b5673fdf22ea2ad2f6f129e8e" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_5a8cdebdcb3cd1974a9407c51ce9b53" = Adobe Media Encoder CS4 Importer
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"foobar2000" = foobar2000 v1.0.1
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 8.0.4" = Live 8.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"SilverFast Epson" = SilverFast Epson 6.6.2r1
"SilverFast HDRStudio" = SilverFast HDRStudio 6.6.0r1
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2012)
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Zenses2" = Zenses2 Beta2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2010 23:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 00:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 01:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 02:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 03:54:08 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 04:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 07:50:28 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 07:50:49 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 07:50:49 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 10:08:07 | Computer Name = i-PC | Source = MBAMService | ID = 131073
Description = 
 
[ OSession Events ]
Error - 06.05.2010 17:29:22 | Computer Name = i-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.05.2010 16:01:14 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 17.05.2010 16:57:34 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 17.05.2010 17:46:19 | Computer Name = i-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2010 04:34:46 | Computer Name = i-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 18.05.2010 19:41:19 | Computer Name = i-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 19.05.2010 02:40:09 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:44:23 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:46:16 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:46:46 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:47:27 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
 
< End of report >

Larusso · 19.07.2010, 16:19

seltsam, was mich ja wundert ist, das auch keine tools heruntergeladen wurden. das kommt eigentlich noch vor dem run befehl und die inet.bat sollte auch nicht mehr vorhanden sein,

Danke, muss ich mir ansehen. Hab ja eh kaum was zu tun hier

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
:services
:files
:reg
:Commands
[purity]
[resethosts]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.

Schritt 3

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Entferne rechts den Haken bei
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
OTLFix Log
Defogger_disable.txt
Gmer.txt
OTL.txt

xxxlalala · 19.07.2010, 17:13

ok hier wieder der logwahnsinn :
otl fix log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 62482 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: i
->Temp folder emptied: 4137660 bytes
->Temporary Internet Files folder emptied: 209730 bytes
->Java cache emptied: 51786250 bytes
->FireFox cache emptied: 68321381 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 63546 bytes
 
User: lena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 554566 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 120,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07192010_173127

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000202CC0B297EDD9B254 not found!

Registry entries deleted on Reboot...

defrogger log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:39 on 19/07/2010 (i)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

gmer
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-19 18:05:26
Windows 6.1.7600 
Running: 84zd3nru.exe; Driver: C:\Users\i\AppData\Local\Temp\pxldrpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82041AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82041104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            820413F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            8202A2D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82029898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            820411DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82041958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            820416F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            82041F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                            820421A8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     81C5A599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              81C7EF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                            section is writeable [0x8BE28340, 0x3EE1D7, 0xE8000020]
.text           peauth.sys                                                                                                          9C831C9D 28 Bytes  [44, 30, 1E, 22, 4F, 9C, 9D, ...]
.text           peauth.sys                                                                                                          9C831CC1 28 Bytes  [44, 30, 1E, 22, 4F, 9C, 9D, ...]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000049                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000075                                                                                     bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000077                                                                                     bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0018f3af945a                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x67 0x3A 0x0B 0xFD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x78 0x09 0x89 0x6A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xB7 0xD2 0x02 0xD6 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0018f3af945a (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x67 0x3A 0x0B 0xFD ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x78 0x09 0x89 0x6A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xB7 0xD2 0x02 0xD6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                                          
Reg             HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                                  0x41 0xA8 0x51 0xE3 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

xxxlalala · 19.07.2010, 17:15

nochmal otl

Code:

ATTFilter

OTL logfile created on: 19.07.2010 18:06:18 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,90 Gb Free Space | 30,59% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
PRC - [2010.06.09 01:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.30 03:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.02 00:02:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.04 13:42:58 | 000,277,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.01 19:29:02 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.01 13:41:03 | 000,205,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:25 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009.07.14 01:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009.07.14 01:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
 
 
========== Standard Registry (SafeList) ==========

xxxlalala · 19.07.2010, 17:15

otl teil 2

Code:

ATTFilter

 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxmuster.de/test/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 72 CA 26 B5 A2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://igoogle.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.08 22:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.08 23:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 23:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.16 17:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.10 04:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.08 23:02:26 | 000,000,000 | ---D | M]
 
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Extensions
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.19 11:25:48 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions
[2010.07.04 12:40:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 11:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.19 10:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 12:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.07.01 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\battlefieldheroespatcher@ea.com
[2010.01.24 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\copylinkurl@bluelightdev.com
[2010.05.02 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\LDSI_plashcor@gmail.com
[2010.02.25 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\linky@gemal.dk
[2010.04.11 14:55:38 | 000,000,737 | ---- | M] () -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\searchplugins\captaincrawl.xml
[2010.07.19 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.12 19:41:20 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 19:41:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 19:41:20 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 19:41:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 19:41:20 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.19 17:31:27 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EPSON Stylus Photo R2400] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: digitalriver.com ([windows7] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell\AutoRun\command - "" = G:\AS2conscription.exe -- File not found
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.19 17:35:16 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\MFTools
[2010.07.19 17:31:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.19 16:37:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Yahoo!
[2010.07.19 11:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.17 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\panik_koljah_nmzs_-_spastik_desaster_2009
[2010.07.13 11:52:22 | 000,000,000 | ---D | C] -- C:\REFlex
[2010.07.12 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\AlienShooter2 Conscription Saves
[2010.07.11 23:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma_Team
[2010.07.11 23:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2010.07.11 23:38:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Ovi
[2010.07.09 10:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.07.08 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\NokiaAccount
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Nokia
[2010.07.08 23:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.08 23:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.07.08 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010.07.08 22:36:53 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.08 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.07.08 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.07.08 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.07.08 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.07.08 21:47:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.07.08 21:45:22 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.07.08 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.07.08 21:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010.07.08 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.07.07 12:19:11 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\bilder
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\The Lord of the Rings Online
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\The Lord of the Rings Online
[2010.07.06 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010.07.06 09:46:30 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\alesschau
[2010.07.04 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\bla
[2010.07.03 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Battlefield Heroes
[2010.07.03 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\My Downloads
[2010.07.02 00:32:10 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Dungeons and Dragons Online
[2010.07.02 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Turbine
[2010.07.02 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Turbine
[2010.07.02 00:27:18 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\ApplicationHistory
[2010.07.02 00:25:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010.07.02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010.07.01 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PMB Files
[2010.07.01 21:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.07.01 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010.07.01 16:54:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PunkBuster
[2010.07.01 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010.06.30 09:22:26 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\seiteoffline
[2010.06.26 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\i\workspace
[2010.06.26 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\IronPython 2.6 for .NET 4.0
[2010.06.21 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\herkansing marko
[2010.06.21 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\internetneu
[2010.06.20 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Sidhe
[2010.06.18 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Adobe Scripts
[2010.06.17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON ColorBase
[2010.06.17 16:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.06.17 16:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010.06.17 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast Application
[2010.06.17 14:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast
[2010.06.07 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\dlll
[2010.06.06 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2010.05.30 03:00:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.05.26 22:01:27 | 001,376,079 | ---- | C] (Copyright (C) 2007-2010    Ibadov Tariel   <tariel@code-industry.net>) -- C:\Windows\System32\imgport.dll
[2010.05.26 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\ImagePrinter
[2010.05.26 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2010.05.26 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Adobe Mini Bridge CS5
[2010.05.19 10:12:35 | 000,000,000 | --SD | C] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.05.19 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\NCH Software
[2010.05.17 20:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.05.14 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.05.07 00:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.05.06 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.06 23:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.06 23:12:05 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Microsoft Help
[2010.05.06 23:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.06 23:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.06 23:10:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.06 22:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.05.04 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\Linotype.Frutiger.Next.WinALL.Commercial.FONT-TYPO
[2010.05.01 22:50:44 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Mixxx
[2010.05.01 22:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[2010.05.01 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.04.23 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.21 16:57:06 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\vlc
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.19 18:08:22 | 004,194,304 | -HS- | M] () -- C:\Users\i\NTUSER.DAT
[2010.07.19 17:48:02 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 17:48:02 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 17:45:10 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.19 17:45:10 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.19 17:45:10 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.19 17:42:27 | 000,293,376 | ---- | M] () -- C:\Users\i\Desktop\84zd3nru.exe
[2010.07.19 17:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.19 17:40:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.19 17:40:46 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 17:40:10 | 001,697,437 | -H-- | M] () -- C:\Users\i\AppData\Local\IconCache.db
[2010.07.19 17:40:06 | 000,000,020 | ---- | M] () -- C:\Users\i\defogger_reenable
[2010.07.19 17:38:46 | 000,050,477 | ---- | M] () -- C:\Users\i\Desktop\Defogger.exe
[2010.07.19 17:35:22 | 000,284,915 | ---- | M] () -- C:\Users\i\Desktop\Gmer.zip
[2010.07.19 17:31:27 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 16:22:25 | 000,007,627 | ---- | M] () -- C:\Users\i\AppData\Local\Resmon.ResmonCfg
[2010.07.19 15:58:38 | 000,410,680 | ---- | M] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | M] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:52 | 000,150,136 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:46:52 | 000,001,456 | ---- | M] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.19 11:45:49 | 000,222,755 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:42 | 000,035,192 | ---- | M] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:09:41 | 000,000,969 | ---- | M] () -- C:\Users\i\Desktop\CCleaner.lnk
[2010.07.19 11:08:13 | 000,339,991 | ---- | M] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | M] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:14:29 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:25 | 000,363,520 | ---- | M] () -- C:\Users\i\Desktop\rkill.com
[2010.07.16 15:53:36 | 027,810,221 | ---- | M] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:52 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.12 00:02:24 | 108,827,564 | ---- | M] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.11 23:43:14 | 000,010,752 | ---- | M] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:19 | 000,192,894 | ---- | M] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 000,015,364 | -H-- | M] () -- C:\Users\Public\Documents\.DS_Store
[2010.07.06 12:25:55 | 000,000,082 | -H-- | M] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.05 23:42:40 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.05 23:42:19 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.05 15:02:46 | 001,897,016 | ---- | M] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.05 15:02:42 | 002,035,287 | ---- | M] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.04 17:50:40 | 000,192,894 | ---- | M] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.03 12:51:42 | 000,138,056 | ---- | M] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.03 12:51:27 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.07.02 00:28:17 | 000,000,089 | ---- | M] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.06.30 10:02:47 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:42 | 000,010,235 | ---- | M] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:39:03 | 000,073,701 | -H-- | M] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.25 21:38:57 | 000,073,758 | -H-- | M] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:34:36 | 003,757,567 | ---- | M] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:34:02 | 003,757,746 | ---- | M] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.23 19:28:53 | 000,073,043 | -H-- | M] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:43 | 000,074,385 | -H-- | M] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 19:24:14 | 003,610,875 | ---- | M] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:23:30 | 003,702,399 | ---- | M] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 18:39:51 | 000,066,262 | -H-- | M] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:28 | 000,072,788 | -H-- | M] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:52 | 000,074,451 | -H-- | M] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:36:39 | 000,074,801 | -H-- | M] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:02 | 001,908,885 | ---- | M] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:32:28 | 007,713,743 | ---- | M] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:30:48 | 007,025,611 | ---- | M] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:26:50 | 000,073,310 | -H-- | M] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:26:13 | 000,072,714 | -H-- | M] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.23 18:26:04 | 000,072,850 | -H-- | M] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:17:50 | 004,725,714 | ---- | M] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:17:10 | 005,033,392 | ---- | M] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | M] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.21 11:05:45 | 001,285,120 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | M] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:12 | 000,432,716 | ---- | M] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.20 00:42:12 | 004,303,294 | ---- | M] () -- C:\Users\Public\Documents\12.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | M] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:20 | 000,010,488 | ---- | M] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 16:55:23 | 001,280,512 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:22 | 001,273,856 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:46 | 000,024,576 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 22:42:12 | 000,090,328 | -H-- | M] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.17 16:42:45 | 003,155,647 | ---- | M] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:20:36 | 000,001,036 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:20:36 | 000,001,012 | ---- | M] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.15 15:36:57 | 000,020,000 | -H-- | M] () -- C:\ProgramData\V36QQ
[2010.06.14 12:17:37 | 000,020,531 | -H-- | M] () -- C:\ProgramData\T09F8
[2010.06.12 18:53:49 | 003,686,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.06 17:19:10 | 000,053,594 | ---- | M] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 04:20:10 | 000,289,664 | ---- | M] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.29 00:01:42 | 003,459,735 | ---- | M] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.05.28 21:03:42 | 178,559,288 | ---- | M] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.05.25 19:20:55 | 000,067,718 | -H-- | M] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.14 18:00:33 | 000,002,524 | ---- | M] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.05.07 00:43:44 | 000,066,104 | ---- | M] () -- C:\Users\i\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.07.19 17:42:25 | 000,293,376 | ---- | C] () -- C:\Users\i\Desktop\84zd3nru.exe
[2010.07.19 17:39:45 | 000,000,020 | ---- | C] () -- C:\Users\i\defogger_reenable
[2010.07.19 17:38:45 | 000,050,477 | ---- | C] () -- C:\Users\i\Desktop\Defogger.exe
[2010.07.19 17:35:21 | 000,284,915 | ---- | C] () -- C:\Users\i\Desktop\Gmer.zip
[2010.07.19 15:58:37 | 000,410,680 | ---- | C] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | C] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:51 | 000,150,136 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:45:47 | 000,222,755 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:39 | 000,035,192 | ---- | C] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:08:11 | 000,339,991 | ---- | C] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | C] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:20 | 000,363,520 | ---- | C] () -- C:\Users\i\Desktop\rkill.com
[2010.07.17 14:54:14 | 108,827,564 | ---- | C] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.16 17:59:37 | 027,810,221 | ---- | C] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.08 23:53:55 | 000,010,752 | ---- | C] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:17 | 000,192,894 | ---- | C] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 001,897,016 | ---- | C] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.06 12:26:23 | 002,035,287 | ---- | C] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.06 12:25:55 | 000,192,894 | ---- | C] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.06 12:25:55 | 000,000,082 | -H-- | C] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.02 00:28:17 | 000,000,089 | ---- | C] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.07.01 16:55:06 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.01 11:28:46 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.01 11:28:46 | 000,138,056 | ---- | C] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.01 11:28:17 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.01 11:28:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.07.01 11:28:12 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.30 10:02:47 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:40 | 000,010,235 | ---- | C] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:38:50 | 003,757,746 | ---- | C] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.25 21:38:50 | 003,757,567 | ---- | C] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:38:50 | 000,073,758 | -H-- | C] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:38:50 | 000,073,701 | -H-- | C] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.23 19:28:46 | 003,610,875 | ---- | C] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:28:46 | 000,073,043 | -H-- | C] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:37 | 003,702,399 | ---- | C] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 19:28:37 | 000,074,385 | -H-- | C] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 18:39:48 | 001,908,885 | ---- | C] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:39:48 | 000,066,262 | -H-- | C] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:21 | 003,459,735 | ---- | C] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.06.23 18:37:21 | 000,072,788 | -H-- | C] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:27 | 007,713,743 | ---- | C] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:36:27 | 007,025,611 | ---- | C] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:36:27 | 000,074,801 | -H-- | C] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:27 | 000,074,451 | -H-- | C] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:26:43 | 004,303,294 | ---- | C] () -- C:\Users\Public\Documents\12.jpg
[2010.06.23 18:26:43 | 000,073,310 | -H-- | C] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:25:55 | 005,033,392 | ---- | C] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.23 18:25:55 | 004,725,714 | ---- | C] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:25:55 | 000,072,850 | -H-- | C] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:25:55 | 000,072,714 | -H-- | C] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | C] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | C] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:11 | 000,432,716 | ---- | C] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | C] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:17 | 000,010,488 | ---- | C] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 17:06:38 | 001,285,120 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.19 16:55:08 | 001,280,512 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:21 | 001,273,856 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:45 | 000,024,576 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 20:25:50 | 178,559,288 | ---- | C] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.06.17 16:42:35 | 003,155,647 | ---- | C] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:17:37 | 000,001,036 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:17:37 | 000,001,012 | ---- | C] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.16 00:10:00 | 000,090,328 | -H-- | C] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.15 15:34:38 | 000,020,000 | -H-- | C] () -- C:\ProgramData\V36QQ
[2010.06.14 12:51:32 | 000,055,808 | -HS- | C] () -- C:\Users\i\Thumbs.db
[2010.06.06 17:19:05 | 000,053,594 | ---- | C] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 14:36:05 | 000,289,664 | ---- | C] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.25 19:20:23 | 000,067,718 | -H-- | C] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.17 23:00:18 | 000,001,456 | ---- | C] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.05.14 18:00:33 | 000,002,524 | ---- | C] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.25 23:30:50 | 000,000,038 | ---- | C] () -- C:\Windows\BookPrintXP.ini
[2010.02.03 02:21:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.11.04 19:26:06 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.11.04 19:26:05 | 000,003,072 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.11.04 19:26:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.11.04 19:26:05 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\Windows\System32\esint54.dll
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2010.06.25 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\.purple
[2010.02.27 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Ableton
[2010.02.19 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Acreon
[2009.11.01 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Lite
[2009.11.01 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Pro
[2010.02.24 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Extensis
[2010.02.17 02:23:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\FOG Downloader
[2010.07.19 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\foobar2000
[2010.03.25 01:00:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\gtk-2.0
[2010.03.25 23:31:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Keseling
[2010.06.19 17:37:02 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Lasersoft Imaging
[2010.07.11 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 23:50:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2009.11.20 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\OpenOffice.org
[2010.07.08 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.05.14 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.07.19 00:30:35 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\QuickScan
[2010.02.16 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Router Manager
[2009.11.26 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\runic games
[2010.05.14 18:00:43 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Sony
[2010.05.21 11:09:14 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.03.04 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SteelBytes
[2009.11.02 01:20:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SystemRequirementsLab
[2010.03.02 02:47:30 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Thunderbird
[2009.12.16 23:39:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Tropico 3
[2009.10.31 22:24:50 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TrueCrypt
[2010.02.28 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TuneUp Software
[2010.07.02 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Turbine
[2010.04.16 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\uTorrent
[2010.05.19 11:32:15 | 000,000,000 | --SD | M] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.03.14 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\zenses
[2010.07.19 00:52:41 | 000,001,354 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Larusso · 19.07.2010, 17:39

Wie läuft der Rechner ?

xxxlalala · 19.07.2010, 17:48

soweit läuft er wie immer.
heißt das das man davon ausgehen kann das es soweit bereinigt ist ?
das wäre fantastisch. danke sehr
wie gefährlich war das jetzt eigetnlich ? und ist das ein relativ neuer oder besonders ausgefuchster virus ? ich hatte sonst nie ernsthafte probleme, bzw wurde immer durch meine antivirus firewall lösung (beides windows

) gut beschützt.

Larusso · 19.07.2010, 18:06

Ganz druch sind wir noch nicht

Schritt 1

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
Kaspersky.txt
OTL.txt
Extras.txt

xxxlalala · 20.07.2010, 10:45

also hier die logs
kasperski der hat das als eine html datei gespeichert ich kopier einfach mal daraus

Code:

ATTFilter

KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, July 20, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 19, 2010 08:34:33
Records in database: 4229589
Scan settings
scan using the following database 	extended
Scan archives 	yes
Scan e-mail databases 	yes
Scan area 	My Computer
C:\
D:\
E:\
F:\
G:\
O:\
Scan statistics
Objects scanned 	219272
Threats found 	0
Infected objects found 	0
Suspicious objects found 	0
Scan duration 	03:44:43

No threats found. Scanned area is clean.
Selected area has been scanned.

otl teil1

Code:

ATTFilter

OTL logfile created on: 20.07.2010 10:42:19 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,68 Gb Free Space | 30,23% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
Drive G: | 82,49 Gb Total Space | 13,77 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 29,28 Gb Total Space | 9,92 Gb Free Space | 33,88% Space Free | Partition Type: FAT32
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
PRC - [2010.06.28 23:58:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.28 23:58:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.09 01:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010.03.06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.30 03:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.02 00:02:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.04 13:42:58 | 000,277,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.01 19:29:02 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.01 13:41:03 | 000,205,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:25 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009.07.14 01:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009.07.14 01:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxmuster.de/test/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 72 CA 26 B5 A2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://igoogle.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.08 22:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.08 23:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 23:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.16 17:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.10 04:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.08 23:02:26 | 000,000,000 | ---D | M]
 
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Extensions
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.20 00:20:18 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions
[2010.07.04 12:40:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 11:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.19 10:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 12:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.07.01 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\battlefieldheroespatcher@ea.com
[2010.01.24 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\copylinkurl@bluelightdev.com
[2010.05.02 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\LDSI_plashcor@gmail.com
[2010.02.25 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\linky@gemal.dk
[2010.04.11 14:55:38 | 000,000,737 | ---- | M] () -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\searchplugins\captaincrawl.xml
[2010.07.20 00:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.12 19:41:20 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 19:41:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 19:41:20 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 19:41:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 19:41:20 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

19.07.2010, 17:39	#12
Larusso /// Selecta Jahrusso	Antimalware Doc entfernen klappt nciht ganz Wie läuft der Rechner ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Antimalware Doc entfernen klappt nciht ganz

Plagegeister aller Art und deren Bekämpfung: Antimalware Doc entfernen klappt nciht ganz