Trojaner-Board - Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick (https://www.trojaner-board.de/114496-verzeichnisse-oeffnen-verschluesselungstrojaner-stick.html)

Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick

Vor ein paar Tagen habe ich das Problem gehabt, meine Dateien auf dem USB-Stick nicht mehr öffnen zu können, das sie als .lnk Dateien verschlüsselt wurden. Bei der Suche nach ner Lösung meines Problems bin ich bei euch gelandet. Habe mir Malwarebytes Anti-Malware heruntergeladen und einen Scan durchgeführt. Hier die .log-Datei:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Torsten :: TORSTEN-PC [Administrator]

Schutz: Aktiviert

23.04.2012 21:10:38
mbam-log-2012-04-23 (21-10-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195208
Laufzeit: 7 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_express-burn.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe ihr könnt mir helfen, denn das DECRYPT-Programm meckert, dass die Dateien nicht 4k groß sind...

Habe die drei .log-Dateien nicht integrieren können...
Waren zu groß, und ich wusste nicht wie ich die anhängen kann :(

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Malware am Tag als es aufgetreten war: (23.04.12)

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.23.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

Torsten :: TORSTEN-PC [Administrator]
 

Schutz: Aktiviert
 

23.04.2012 21:10:38

mbam-log-2012-04-23 (21-10-38).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 195208

Laufzeit: 7 Minute(n), 8 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_express-burn.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Torsten\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Malware gestern:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.01.09
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

Torsten :: TORSTEN-PC [Administrator]
 

Schutz: Aktiviert
 

01.05.2012 19:24:00

mbam-log-2012-05-01 (19-24-00).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 455661

Laufzeit: 1 Stunde(n), 54 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Torsten\Downloads\DecryptHelper-0.5.2.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1ec8298604909840a25758af3b4e714f

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-23 08:07:27

# local_time=2012-04-23 10:07:27 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 100 0 172742474 0 0

# compatibility_mode=8192 67108863 100 0 96 96 0 0

# scanned=49027

# found=1

# cleaned=1

# scan_time=1900

C:\$Recycle.Bin\S-1-5-21-2580248882-1228754705-3639742418-1000\$R3CQ87D.exe        Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1ec8298604909840a25758af3b4e714f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-01 10:16:58

# local_time=2012-05-02 12:16:58 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 100 45543 173433255 0 0

# compatibility_mode=8192 67108863 100 0 690877 690877 0 0

# scanned=318078

# found=7

# cleaned=0

# scan_time=10091

C:\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6b310336-122f075d        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Documents and Settings\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6b310336-122f075d        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul        Win32/Dursg.A trojan (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Program Files\pdfforge Toolbar\SearchSettings.dll        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Program Files\pdfforge Toolbar\SearchSettings.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-7d4d9170        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Windows.old\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\24e14bc6-380af61f        multiple threats (unable to clean)        00000000000000000000000000000000        I

Zitat:

C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

also mein Problem besteht nur auf dem Stick wie gesagt.
Auf dem Rechner selbst vermiss ich nichts.
Alles auf dem Stick wird angezeigt,
aber die Verzeichnisse halt nur noch als Dateien von 1, 3 kB Größe.
Der Decrypter meckert immer dass die mindestens 4 kB groß sein müssen...

LG Torsten

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL:
OTL Logfile:

Code:

OTL logfile created on: 02.05.2012 17:25:12 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32

Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT

Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32

 

Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Torsten\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)

PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)

PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()

MOD - C:\Users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()

MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()

MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()

MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()

MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()

MOD - C:\Programme\F-Secure\FSGUI\about.dll ()

MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()

MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)

SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- system32\DRIVERS\snpstd3.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()

DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()

DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)

DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)

DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)

DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys ()

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (WinDriver) -- C:\Windows\System32\drivers\windrvr.sys (Jungo)

DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = www.telekom.de/kundencenter

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"

FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Torsten\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2012.04.23 06:19:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.27 13:58:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 23:15:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.01 15:30:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]

 

[2010.11.04 21:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Extensions

[2012.04.28 15:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions

[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.11.04 22:14:34 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2012.03.30 09:55:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.03.27 14:53:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(152)

[2011.03.11 10:45:47 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(15)

[2011.08.17 16:28:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\coralietab@mozdev.org

[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com

[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml

[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml

[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\TORSTEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RF4L1RUP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.04.24 23:15:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll

[2012.02.17 20:59:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.17 20:59:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.17 20:59:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.17 20:59:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.17 20:59:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.17 20:59:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2519CB-F5EA-4D29-9D8C-6F5702F9F080}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: AutorunsDisabled - 

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.01 15:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.05.01 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.05.01 15:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.01 15:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012.05.01 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\totalcmd

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\GHISLER

[2012.05.01 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\Torsten\Documents\Fahrtenbuch

[2012.05.01 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fahrtenbuch.de

[2012.05.01 14:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\fahrtenbuch.de

[2012.05.01 14:05:14 | 000,000,000 | ---D | C] -- C:\Fahrtenbuch 2009 Essential

[2012.04.24 23:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.24 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.23 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.23 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes

[2012.04.23 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.23 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.23 20:40:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.23 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.22 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey Software

[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey_Software

[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Frey Software

[2012.04.22 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FrMethods

[2012.04.22 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frey Software

[2012.04.22 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Frey Software

[2012.04.21 18:34:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job

[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job

[2012.05.02 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.02 17:13:52 | 000,635,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.02 17:13:52 | 000,603,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.02 17:13:52 | 000,129,580 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.02 17:13:52 | 000,107,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.05.02 15:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.02 15:03:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012.05.01 18:53:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.01 16:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Torsten\defogger_reenable

[2012.05.01 15:30:26 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012.05.01 15:15:15 | 000,000,588 | ---- | M] () -- C:\Users\Torsten\Desktop\Total Commander.lnk

[2012.05.01 14:24:18 | 000,000,813 | ---- | M] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk

[2012.04.28 15:54:38 | 000,002,771 | ---- | M] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk

[2012.04.27 17:11:11 | 000,002,821 | ---- | M] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF

[2012.04.22 01:11:17 | 000,348,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.04.10 19:31:04 | 000,002,331 | ---- | M] () -- C:\Windows\unins000.dat

[2012.04.10 19:31:00 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe

[2012.04.08 18:03:53 | 000,040,448 | ---- | M] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.01 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Torsten\defogger_reenable

[2012.05.01 15:30:26 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.05.01 15:30:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.01 15:15:15 | 000,000,588 | ---- | C] () -- C:\Users\Torsten\Desktop\Total Commander.lnk

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2012.05.01 14:24:18 | 000,000,813 | ---- | C] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk

[2012.04.23 20:41:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.22 01:19:22 | 000,002,821 | ---- | C] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk

[2012.04.22 01:19:22 | 000,002,771 | ---- | C] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk

[2012.04.10 19:31:03 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe

[2012.04.10 19:31:03 | 000,002,331 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.03.08 10:51:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.03.08 10:46:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.12.09 15:16:34 | 000,004,096 | -H-- | C] () -- C:\Users\Torsten\AppData\Local\keyfile3.drm

[2010.10.21 15:57:41 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll

[2010.10.21 15:57:41 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll

[2010.08.23 17:35:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010.06.20 18:57:24 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.06.13 18:59:43 | 000,078,187 | ---- | C] () -- C:\Windows\hpqins05.dat

[2010.06.07 19:14:13 | 000,040,448 | ---- | C] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.01 12:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.06.01 12:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.05.31 19:18:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.05.31 08:06:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.05.30 15:07:40 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat

[2010.05.30 15:06:57 | 000,203,206 | ---- | C] () -- C:\Windows\hpwins20.dat

[2010.05.30 15:06:57 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat

[2010.05.30 12:59:15 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys

[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.05.30 12:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Torsten\AppData\Local\d3d9caps.dat

 
 ========== LOP Check ==========

 

[2010.11.04 22:30:02 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Torsten-Startup.job

[2012.05.02 09:47:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

[2010.12.16 01:44:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job

[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job

[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.03.13 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\.minecraft

[2010.08.06 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Adobe

[2010.06.17 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Amazon

[2011.12.25 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Apple Computer

[2011.01.24 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\BAUMHAUS

[2010.07.16 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.02 01:00:00 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\F-Secure

[2012.04.22 01:30:47 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Frey Software

[2012.05.01 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\GHISLER

[2011.07.20 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\go

[2010.05.30 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HP

[2011.12.04 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HPAppData

[2010.07.11 20:21:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HpUpdate

[2010.05.30 12:06:04 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Identities

[2010.05.30 12:10:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Macromedia

[2012.04.23 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Media Center Programs

[2012.04.22 01:19:24 | 000,000,000 | --SD | M] -- C:\Users\Torsten\AppData\Roaming\Microsoft

[2012.04.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Mozilla

[2011.08.13 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Software

[2011.12.04 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Swift Sound

[2012.02.26 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\OpenOffice.org

[2012.02.15 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Real

[2011.12.28 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Samsung

[2011.02.08 16:53:01 | 000,000,000 | RH-D | M] -- C:\Users\Torsten\AppData\Roaming\SecuROM

[2012.03.29 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Skype

[2011.05.28 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\skypePM

[2012.02.09 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Temp

[2012.02.15 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\vlc

[2011.06.13 15:34:08 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Windows Live Writer

[2010.08.15 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_01D06D3962F47C38BBE691.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_1ED092DF0DE30D12C174AC.exe

[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_3EE130D6F9A234DB0CB211.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_462B9F3DB2D9FFC473F402.exe

[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_52D1D2014398FFE0E4D526.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_6FEFF9B68218417F98F549.exe

[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_D30D829511B5431F32BB6F.exe

[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe

[2012.03.18 19:16:21 | 000,106,408 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.03.18 19:16:21 | 000,101,288 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.03.18 19:16:23 | 000,021,416 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.05.07 17:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\drivers\iaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 02.05.2012 17:25:12 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32

Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT

Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32

 

Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3212FE16-D060-4E6C-A7FE-C7D86BF2A4B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{444F4CA2-EAF8-4FBC-A303-B10EFD4E1315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6321E021-CC3E-40AC-A799-4F31B2B6DC27}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{71C8D550-6AF5-4BBD-9B2D-F08662D3CDD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{78399824-EA01-447A-8EE3-C2FF4F6E4142}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{84D772E1-FC61-48D0-87C1-FBBE6F3A27D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{991787D3-7AA8-43F6-AEAC-41D700E4F828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D8521F25-4087-45F7-9672-9A438B89CBFB}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{DFD919C3-4796-451C-9239-BA28EEE4B060}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030CC5FE-EB48-49CC-B2A3-A7A531DE26A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{135FF0C1-0FB1-4C73-B743-95CFFB377F2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1669EDB6-1EBC-425E-B447-A100F449FC9E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{26735393-1E5C-49C6-9309-0E8D49D9E9CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{2918876D-EB8B-4D7E-B3F0-E55E0057D568}" = protocol=6 | dir=out | app=system | 

"{2D770BEF-133F-47EB-96CE-066C840C6D2B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{2EF65799-2964-42B0-B761-55CDE215098B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4068FD12-F680-4107-AC9B-4813E7BBE8FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4785C283-5C7F-4ACE-AFA8-960BF198B649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{4DBAECE8-7875-4319-B2EE-EA7B53D0C0CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5459B201-753A-4429-837B-3714C6F6BD8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5555E088-1009-4473-889C-430503B51D43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{6EF8E597-43A7-40AC-A272-86CDC61227AE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{7249597A-044E-44D7-A6EA-ED84C3334313}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{755502A7-00C8-4D9B-A4EE-BAF5271BFF9B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{7F670B33-D79D-40B3-BD51-2E8E8934B683}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{7FE29F26-2D0F-477D-AA0A-6B8102481584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{852CBA8F-B714-490B-AD5C-3FC06CBD3293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{872BDC75-4433-4BD2-A893-24659E3F7574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{97723CFF-71AA-4ACF-A33C-2A42E0E30581}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{9DCBD528-29EA-454D-A7C1-DEA9AC95D98D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{9E379C99-15B2-4D94-BE5B-8599C7B59D6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{B5BA316B-89C5-49E2-984C-1BBCB4B94FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{BA6EB70F-F490-4273-A34D-0AED0956DAC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{BC4DE5F7-84A5-4BA5-87AB-50E826854394}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{C5ED1BDC-1D78-446A-8E91-43FA4751A62C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{CA8FF502-0E5B-4684-8373-0B66B0FC5A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CC27AD37-E19B-4106-A736-646F07A297BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{CDF384F0-B2FD-460B-A005-36FA10DC69B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{D3AB3F53-EFAF-49DE-B3A3-E8B76A9867AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D4FEE6A5-5094-473E-979F-A9743072A90F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{DC55607C-EA80-4559-909F-427AB92DBA58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{E0F4EF4A-C4F2-4735-BC3B-92B781313F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F04F5067-C543-4EC5-8567-BD1E18C5AFF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{FEA6D2CC-23D4-493A-BFFB-986ABC549DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{E0639D19-255D-4A6E-86A6-F49890E661AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{E65CB28D-8F9D-4A0E-AFF8-B6B5EE76E421}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{2F58D151-E901-49F1-B467-7246F6A78A2C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{F14EF893-C228-424E-A5CE-B5CA422B1E34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}" = SRC-Tutor II  2nd Edition

"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B1F0FE76-83C6-47F2-BD0D-40FF96E47508}_is1" = Fahrtenbuch.de Version 10

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"CCleaner" = CCleaner

"ESET Online Scanner" = ESET Online Scanner v3

"Express Manager +" = Express Manager +

"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"F-Secure Product 444" = F-Secure Internet Security 2011

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"RealPlayer 15.0" = RealPlayer

"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 

"Shop for HP Supplies" = Shop for HP Supplies

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.11

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MyFreeCodec" = MyFreeCodec

"Skat-Online V9" = Skat-Online V9

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 15:19:48 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002

Description = Programm javaw.exe, Version 6.0.320.5 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1654  Anfangszeit: 01cd27c8a25bf11a  Zeitpunkt der Beendigung:

 40

 

Error - 01.05.2012 15:23:35 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 02.05.2012 03:45:05 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 08:49:40 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 11:18:26 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002

Description = Programm OTL.exe, Version 3.2.42.2 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: b08  Anfangszeit: 01cd2874b0300656  Zeitpunkt der Beendigung:

 10

 

[ System Events ]

Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:22 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:31 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:02:00 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:02:08 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:03:41 | Computer Name = Torsten-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 02.05.2012 um 15:02:50 unerwartet heruntergefahren.

 

Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = Service Control Manager | ID = 7022

Description = 

 

 

< End of report >

--- --- ---

OTL:
OTL Logfile:

Code:

OTL logfile created on: 02.05.2012 17:25:12 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32

Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT

Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32

 

Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Torsten\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)

PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)

PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)

PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()

MOD - C:\Users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()

MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()

MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()

MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()

MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()

MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()

MOD - C:\Programme\F-Secure\FSGUI\about.dll ()

MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()

MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)

SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)

SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- system32\DRIVERS\snpstd3.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()

DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()

DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)

DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)

DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)

DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys ()

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)

DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)

DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)

DRV - (WinDriver) -- C:\Windows\System32\drivers\windrvr.sys (Jungo)

DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = www.telekom.de/kundencenter

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"

FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Torsten\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2012.04.23 06:19:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.27 13:58:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 23:15:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.01 15:30:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]

 

[2010.11.04 21:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Extensions

[2012.04.28 15:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions

[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.11.04 22:14:34 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2012.03.30 09:55:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.03.27 14:53:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(152)

[2011.03.11 10:45:47 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(15)

[2011.08.17 16:28:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\coralietab@mozdev.org

[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com

[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml

[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml

[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\TORSTEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RF4L1RUP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.04.24 23:15:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll

[2012.02.17 20:59:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.17 20:59:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.17 20:59:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.17 20:59:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.17 20:59:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.17 20:59:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2519CB-F5EA-4D29-9D8C-6F5702F9F080}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: AutorunsDisabled - 

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.01 15:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.05.01 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.05.01 15:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.01 15:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012.05.01 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\totalcmd

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\GHISLER

[2012.05.01 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\Torsten\Documents\Fahrtenbuch

[2012.05.01 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fahrtenbuch.de

[2012.05.01 14:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\fahrtenbuch.de

[2012.05.01 14:05:14 | 000,000,000 | ---D | C] -- C:\Fahrtenbuch 2009 Essential

[2012.04.24 23:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.24 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.23 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.23 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes

[2012.04.23 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.23 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.23 20:40:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.23 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.22 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey Software

[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey_Software

[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Frey Software

[2012.04.22 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FrMethods

[2012.04.22 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frey Software

[2012.04.22 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Frey Software

[2012.04.21 18:34:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations

[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job

[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job

[2012.05.02 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.02 17:13:52 | 000,635,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.05.02 17:13:52 | 000,603,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.02 17:13:52 | 000,129,580 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.05.02 17:13:52 | 000,107,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.05.02 15:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.02 15:03:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012.05.01 18:53:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.01 16:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Torsten\defogger_reenable

[2012.05.01 15:30:26 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012.05.01 15:15:15 | 000,000,588 | ---- | M] () -- C:\Users\Torsten\Desktop\Total Commander.lnk

[2012.05.01 14:24:18 | 000,000,813 | ---- | M] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk

[2012.04.28 15:54:38 | 000,002,771 | ---- | M] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk

[2012.04.27 17:11:11 | 000,002,821 | ---- | M] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF

[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF

[2012.04.22 01:11:17 | 000,348,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.04.10 19:31:04 | 000,002,331 | ---- | M] () -- C:\Windows\unins000.dat

[2012.04.10 19:31:00 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe

[2012.04.08 18:03:53 | 000,040,448 | ---- | M] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.01 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Torsten\defogger_reenable

[2012.05.01 15:30:26 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2012.05.01 15:30:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012.05.01 15:26:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.01 15:15:15 | 000,000,588 | ---- | C] () -- C:\Users\Torsten\Desktop\Total Commander.lnk

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2012.05.01 14:24:18 | 000,000,813 | ---- | C] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk

[2012.04.23 20:41:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.22 01:19:22 | 000,002,821 | ---- | C] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk

[2012.04.22 01:19:22 | 000,002,771 | ---- | C] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk

[2012.04.10 19:31:03 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe

[2012.04.10 19:31:03 | 000,002,331 | ---- | C] () -- C:\Windows\unins000.dat

[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.03.08 10:51:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2011.03.08 10:46:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.12.09 15:16:34 | 000,004,096 | -H-- | C] () -- C:\Users\Torsten\AppData\Local\keyfile3.drm

[2010.10.21 15:57:41 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll

[2010.10.21 15:57:41 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll

[2010.08.23 17:35:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010.06.20 18:57:24 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.06.13 18:59:43 | 000,078,187 | ---- | C] () -- C:\Windows\hpqins05.dat

[2010.06.07 19:14:13 | 000,040,448 | ---- | C] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.01 12:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.06.01 12:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.05.31 19:18:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.05.31 08:06:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.05.30 15:07:40 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat

[2010.05.30 15:06:57 | 000,203,206 | ---- | C] () -- C:\Windows\hpwins20.dat

[2010.05.30 15:06:57 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat

[2010.05.30 12:59:15 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys

[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.05.30 12:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Torsten\AppData\Local\d3d9caps.dat

 
 ========== LOP Check ==========

 

[2010.11.04 22:30:02 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Torsten-Startup.job

[2012.05.02 09:47:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

[2010.12.16 01:44:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job

[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job

[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.03.13 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\.minecraft

[2010.08.06 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Adobe

[2010.06.17 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Amazon

[2011.12.25 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Apple Computer

[2011.01.24 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\BAUMHAUS

[2010.07.16 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.03.02 01:00:00 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\F-Secure

[2012.04.22 01:30:47 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Frey Software

[2012.05.01 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\GHISLER

[2011.07.20 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\go

[2010.05.30 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HP

[2011.12.04 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HPAppData

[2010.07.11 20:21:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HpUpdate

[2010.05.30 12:06:04 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Identities

[2010.05.30 12:10:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Macromedia

[2012.04.23 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Media Center Programs

[2012.04.22 01:19:24 | 000,000,000 | --SD | M] -- C:\Users\Torsten\AppData\Roaming\Microsoft

[2012.04.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Mozilla

[2011.08.13 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Software

[2011.12.04 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Swift Sound

[2012.02.26 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\OpenOffice.org

[2012.02.15 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Real

[2011.12.28 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Samsung

[2011.02.08 16:53:01 | 000,000,000 | RH-D | M] -- C:\Users\Torsten\AppData\Roaming\SecuROM

[2012.03.29 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Skype

[2011.05.28 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\skypePM

[2012.02.09 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Temp

[2012.02.15 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\vlc

[2011.06.13 15:34:08 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Windows Live Writer

[2010.08.15 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_01D06D3962F47C38BBE691.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_1ED092DF0DE30D12C174AC.exe

[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_3EE130D6F9A234DB0CB211.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_462B9F3DB2D9FFC473F402.exe

[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_52D1D2014398FFE0E4D526.exe

[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_6FEFF9B68218417F98F549.exe

[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_D30D829511B5431F32BB6F.exe

[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe

[2012.03.18 19:16:21 | 000,106,408 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe

[2012.03.18 19:16:21 | 000,101,288 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe

[2012.03.18 19:16:23 | 000,021,416 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe

[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.05.07 17:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\drivers\iaStor.sys

[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

OTL Extras logfile created on: 02.05.2012 17:25:12 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free

6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32

Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT

Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32

 

Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{3212FE16-D060-4E6C-A7FE-C7D86BF2A4B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{444F4CA2-EAF8-4FBC-A303-B10EFD4E1315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{6321E021-CC3E-40AC-A799-4F31B2B6DC27}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{71C8D550-6AF5-4BBD-9B2D-F08662D3CDD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{78399824-EA01-447A-8EE3-C2FF4F6E4142}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{84D772E1-FC61-48D0-87C1-FBBE6F3A27D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{991787D3-7AA8-43F6-AEAC-41D700E4F828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D8521F25-4087-45F7-9672-9A438B89CBFB}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{DFD919C3-4796-451C-9239-BA28EEE4B060}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030CC5FE-EB48-49CC-B2A3-A7A531DE26A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{135FF0C1-0FB1-4C73-B743-95CFFB377F2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{1669EDB6-1EBC-425E-B447-A100F449FC9E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{26735393-1E5C-49C6-9309-0E8D49D9E9CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{2918876D-EB8B-4D7E-B3F0-E55E0057D568}" = protocol=6 | dir=out | app=system | 

"{2D770BEF-133F-47EB-96CE-066C840C6D2B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{2EF65799-2964-42B0-B761-55CDE215098B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4068FD12-F680-4107-AC9B-4813E7BBE8FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{4785C283-5C7F-4ACE-AFA8-960BF198B649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{4DBAECE8-7875-4319-B2EE-EA7B53D0C0CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5459B201-753A-4429-837B-3714C6F6BD8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5555E088-1009-4473-889C-430503B51D43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{6EF8E597-43A7-40AC-A272-86CDC61227AE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 

"{7249597A-044E-44D7-A6EA-ED84C3334313}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{755502A7-00C8-4D9B-A4EE-BAF5271BFF9B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{7F670B33-D79D-40B3-BD51-2E8E8934B683}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{7FE29F26-2D0F-477D-AA0A-6B8102481584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 

"{852CBA8F-B714-490B-AD5C-3FC06CBD3293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{872BDC75-4433-4BD2-A893-24659E3F7574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{97723CFF-71AA-4ACF-A33C-2A42E0E30581}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{9DCBD528-29EA-454D-A7C1-DEA9AC95D98D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{9E379C99-15B2-4D94-BE5B-8599C7B59D6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 

"{B5BA316B-89C5-49E2-984C-1BBCB4B94FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 

"{BA6EB70F-F490-4273-A34D-0AED0956DAC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 

"{BC4DE5F7-84A5-4BA5-87AB-50E826854394}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{C5ED1BDC-1D78-446A-8E91-43FA4751A62C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{CA8FF502-0E5B-4684-8373-0B66B0FC5A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{CC27AD37-E19B-4106-A736-646F07A297BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{CDF384F0-B2FD-460B-A005-36FA10DC69B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{D3AB3F53-EFAF-49DE-B3A3-E8B76A9867AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D4FEE6A5-5094-473E-979F-A9743072A90F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{DC55607C-EA80-4559-909F-427AB92DBA58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 

"{E0F4EF4A-C4F2-4735-BC3B-92B781313F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{F04F5067-C543-4EC5-8567-BD1E18C5AFF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{FEA6D2CC-23D4-493A-BFFB-986ABC549DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"TCP Query User{E0639D19-255D-4A6E-86A6-F49890E661AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{E65CB28D-8F9D-4A0E-AFF8-B6B5EE76E421}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{2F58D151-E901-49F1-B467-7246F6A78A2C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{F14EF893-C228-424E-A5CE-B5CA422B1E34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}" = SRC-Tutor II  2nd Edition

"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B1F0FE76-83C6-47F2-BD0D-40FF96E47508}_is1" = Fahrtenbuch.de Version 10

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind

"CCleaner" = CCleaner

"ESET Online Scanner" = ESET Online Scanner v3

"Express Manager +" = Express Manager +

"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"F-Secure Product 444" = F-Secure Internet Security 2011

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"RealPlayer 15.0" = RealPlayer

"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 

"Shop for HP Supplies" = Shop for HP Supplies

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.11

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MyFreeCodec" = MyFreeCodec

"Skat-Online V9" = Skat-Online V9

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 15:19:48 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002

Description = Programm javaw.exe, Version 6.0.320.5 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1654  Anfangszeit: 01cd27c8a25bf11a  Zeitpunkt der Beendigung:

 40

 

Error - 01.05.2012 15:23:35 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 02.05.2012 03:45:05 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 08:49:40 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 02.05.2012 11:18:26 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002

Description = Programm OTL.exe, Version 3.2.42.2 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: b08  Anfangszeit: 01cd2874b0300656  Zeitpunkt der Beendigung:

 10

 

[ System Events ]

Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:22 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:00:31 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:02:00 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:02:08 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681

Description = 

 

Error - 02.05.2012 09:03:41 | Computer Name = Torsten-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 02.05.2012 um 15:02:50 unerwartet heruntergefahren.

 

Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = Service Control Manager | ID = 7022

Description = 

 

 

< End of report >

--- --- ---

[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801937

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de

IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - user.js - File not found

[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com

[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml

[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml

O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.

O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun

O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found.

HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90463F81-D63A-4255-B12B-64F060292FEB}\ not found.

Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com folder moved successfully.

C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml moved successfully.

C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B106B661-3E1B-4015-AF5C-195E909F35C6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}\ not found.

Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.

File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Torsten

->Temp folder emptied: 26083312 bytes

->Temporary Internet Files folder emptied: 2508042 bytes

->Java cache emptied: 26947772 bytes

->FireFox cache emptied: 94091873 bytes

->Flash cache emptied: 8073 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70947 bytes

RecycleBin emptied: 93201946 bytes

 

Total Files Cleaned = 232,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Torsten

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05022012_202700
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

21:09:35.0888 4636        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

21:09:36.0046 4636        ============================================================

21:09:36.0046 4636        Current date / time: 2012/05/02 21:09:36.0046

21:09:36.0046 4636        SystemInfo:

21:09:36.0046 4636        

21:09:36.0046 4636        OS Version: 6.0.6002 ServicePack: 2.0

21:09:36.0046 4636        Product type: Workstation

21:09:36.0046 4636        ComputerName: TORSTEN-PC

21:09:36.0047 4636        UserName: Torsten

21:09:36.0047 4636        Windows directory: C:\Windows

21:09:36.0047 4636        System windows directory: C:\Windows

21:09:36.0047 4636        Processor architecture: Intel x86

21:09:36.0047 4636        Number of processors: 2

21:09:36.0047 4636        Page size: 0x1000

21:09:36.0047 4636        Boot type: Normal boot

21:09:36.0047 4636        ============================================================

21:09:37.0351 4636        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:09:37.0379 4636        Drive \Device\Harddisk4\DR4 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:09:37.0380 4636        Drive \Device\Harddisk5\DR5 - Size: 0x79400000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:09:37.0381 4636        ============================================================

21:09:37.0381 4636        \Device\Harddisk0\DR0:

21:09:37.0381 4636        MBR partitions:

21:09:37.0381 4636        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4804F000

21:09:37.0401 4636        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4804F83F, BlocksNum 0x2807682

21:09:37.0401 4636        \Device\Harddisk4\DR4:

21:09:37.0401 4636        MBR partitions:

21:09:37.0401 4636        \Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92

21:09:37.0401 4636        \Device\Harddisk5\DR5:

21:09:37.0402 4636        MBR partitions:

21:09:37.0402 4636        ============================================================

21:09:37.0524 4636        C: <-> \Device\Harddisk0\DR0\Partition0

21:09:37.0524 4636        D: <-> \Device\Harddisk0\DR0\Partition1

21:09:37.0525 4636        ============================================================

21:09:37.0525 4636        Initialize success

21:09:37.0525 4636        ============================================================

21:09:48.0844 4516        ============================================================

21:09:48.0844 4516        Scan started

21:09:48.0844 4516        Mode: Manual; SigCheck; TDLFS; 

21:09:48.0844 4516        ============================================================

21:09:49.0508 4516        ACEDRV06        (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\ACEDRV06.sys

21:09:49.0594 4516        ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning

21:09:49.0594 4516        ACEDRV06 - detected UnsignedFile.Multi.Generic (1)

21:09:49.0732 4516        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:09:49.0763 4516        ACPI - ok

21:09:49.0847 4516        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

21:09:49.0856 4516        AdobeARMservice - ok

21:09:49.0912 4516        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

21:09:49.0925 4516        AdobeFlashPlayerUpdateSvc - ok

21:09:49.0970 4516        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:09:49.0991 4516        adp94xx - ok

21:09:50.0045 4516        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:09:50.0060 4516        adpahci - ok

21:09:50.0082 4516        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:09:50.0096 4516        adpu160m - ok

21:09:50.0122 4516        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:09:50.0135 4516        adpu320 - ok

21:09:50.0165 4516        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

21:09:50.0183 4516        AeLookupSvc - ok

21:09:50.0242 4516        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:09:50.0258 4516        AFD - ok

21:09:50.0288 4516        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:09:50.0300 4516        agp440 - ok

21:09:50.0326 4516        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:09:50.0339 4516        aic78xx - ok

21:09:50.0356 4516        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

21:09:50.0380 4516        ALG - ok

21:09:50.0394 4516        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:09:50.0406 4516        aliide - ok

21:09:50.0421 4516        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:09:50.0433 4516        amdagp - ok

21:09:50.0448 4516        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:09:50.0460 4516        amdide - ok

21:09:50.0476 4516        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:09:50.0500 4516        AmdK7 - ok

21:09:50.0510 4516        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:09:50.0530 4516        AmdK8 - ok

21:09:50.0558 4516        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys

21:09:50.0586 4516        androidusb - ok

21:09:50.0610 4516        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

21:09:50.0622 4516        Appinfo - ok

21:09:50.0748 4516        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:09:50.0757 4516        Apple Mobile Device - ok

21:09:50.0779 4516        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:09:50.0789 4516        arc - ok

21:09:50.0805 4516        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:09:50.0817 4516        arcsas - ok

21:09:50.0853 4516        ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys

21:09:50.0858 4516        ASPI ( UnsignedFile.Multi.Generic ) - warning

21:09:50.0858 4516        ASPI - detected UnsignedFile.Multi.Generic (1)

21:09:50.0865 4516        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:09:50.0888 4516        AsyncMac - ok

21:09:50.0906 4516        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:09:50.0919 4516        atapi - ok

21:09:50.0983 4516        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

21:09:51.0004 4516        AudioEndpointBuilder - ok

21:09:51.0008 4516        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

21:09:51.0030 4516        Audiosrv - ok

21:09:51.0063 4516        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:09:51.0087 4516        Beep - ok

21:09:51.0140 4516        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

21:09:51.0169 4516        BFE - ok

21:09:51.0252 4516        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

21:09:51.0292 4516        BITS - ok

21:09:51.0321 4516        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:09:51.0353 4516        blbdrive - ok

21:09:51.0472 4516        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

21:09:51.0491 4516        Bonjour Service - ok

21:09:51.0528 4516        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:09:51.0545 4516        bowser - ok

21:09:51.0570 4516        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:09:51.0595 4516        BrFiltLo - ok

21:09:51.0606 4516        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:09:51.0631 4516        BrFiltUp - ok

21:09:51.0654 4516        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

21:09:51.0685 4516        Browser - ok

21:09:51.0707 4516        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:09:51.0761 4516        Brserid - ok

21:09:51.0775 4516        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:09:51.0821 4516        BrSerWdm - ok

21:09:51.0838 4516        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:09:51.0871 4516        BrUsbMdm - ok

21:09:51.0885 4516        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:09:51.0918 4516        BrUsbSer - ok

21:09:51.0931 4516        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:09:51.0964 4516        BTHMODEM - ok

21:09:51.0988 4516        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:09:52.0007 4516        cdfs - ok

21:09:52.0028 4516        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:09:52.0043 4516        cdrom - ok

21:09:52.0058 4516        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

21:09:52.0073 4516        CertPropSvc - ok

21:09:52.0082 4516        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:09:52.0102 4516        circlass - ok

21:09:52.0141 4516        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:09:52.0154 4516        CLFS - ok

21:09:52.0209 4516        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:09:52.0221 4516        clr_optimization_v2.0.50727_32 - ok

21:09:52.0294 4516        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:09:52.0307 4516        clr_optimization_v4.0.30319_32 - ok

21:09:52.0318 4516        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:09:52.0330 4516        cmdide - ok

21:09:52.0346 4516        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

21:09:52.0360 4516        Compbatt - ok

21:09:52.0363 4516        COMSysApp - ok

21:09:52.0384 4516        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:09:52.0395 4516        crcdisk - ok

21:09:52.0404 4516        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:09:52.0428 4516        Crusoe - ok

21:09:52.0445 4516        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

21:09:52.0465 4516        CryptSvc - ok

21:09:52.0533 4516        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

21:09:52.0560 4516        DcomLaunch - ok

21:09:52.0598 4516        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:09:52.0613 4516        DfsC - ok

21:09:52.0773 4516        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

21:09:52.0827 4516        DFSR - ok

21:09:52.0979 4516        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

21:09:53.0006 4516        Dhcp - ok

21:09:53.0057 4516        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:09:53.0074 4516        disk - ok

21:09:53.0126 4516        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

21:09:53.0144 4516        Dnscache - ok

21:09:53.0189 4516        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

21:09:53.0217 4516        dot3svc - ok

21:09:53.0248 4516        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

21:09:53.0281 4516        Dot4 - ok

21:09:53.0298 4516        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

21:09:53.0328 4516        Dot4Print - ok

21:09:53.0339 4516        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

21:09:53.0371 4516        dot4usb - ok

21:09:53.0395 4516        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

21:09:53.0428 4516        DPS - ok

21:09:53.0459 4516        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:09:53.0484 4516        drmkaud - ok

21:09:53.0557 4516        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:09:53.0587 4516        DXGKrnl - ok

21:09:53.0636 4516        e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

21:09:53.0669 4516        e1express - ok

21:09:53.0707 4516        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:09:53.0740 4516        E1G60 - ok

21:09:53.0751 4516        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

21:09:53.0777 4516        EapHost - ok

21:09:53.0833 4516        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:09:53.0852 4516        Ecache - ok

21:09:53.0921 4516        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

21:09:53.0939 4516        ehRecvr - ok

21:09:53.0964 4516        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

21:09:53.0981 4516        ehSched - ok

21:09:53.0987 4516        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

21:09:54.0002 4516        ehstart - ok

21:09:54.0035 4516        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:09:54.0058 4516        elxstor - ok

21:09:54.0124 4516        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

21:09:54.0150 4516        EMDMgmt - ok

21:09:54.0181 4516        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

21:09:54.0212 4516        ErrDev - ok

21:09:54.0240 4516        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

21:09:54.0270 4516        EventSystem - ok

21:09:54.0328 4516        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:09:54.0346 4516        exfat - ok

21:09:54.0486 4516        F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys

21:09:54.0503 4516        F-Secure Gatekeeper - ok

21:09:54.0545 4516        F-Secure Gatekeeper Handler Starter (744930b68b68dae55c5977dae3953236) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

21:09:54.0562 4516        F-Secure Gatekeeper Handler Starter - ok

21:09:54.0592 4516        F-Secure HIPS   (adf12d222dcc220229f9f46cdac1d668) C:\Program Files\F-Secure\HIPS\drivers\fshs.sys

21:09:54.0608 4516        F-Secure HIPS - ok

21:09:54.0638 4516        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:09:54.0663 4516        fastfat - ok

21:09:54.0679 4516        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:09:54.0710 4516        fdc - ok

21:09:54.0757 4516        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

21:09:54.0789 4516        fdPHost - ok

21:09:54.0794 4516        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

21:09:54.0848 4516        FDResPub - ok

21:09:54.0873 4516        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:09:54.0890 4516        FileInfo - ok

21:09:54.0911 4516        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:09:54.0942 4516        Filetrace - ok

21:09:54.0958 4516        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:09:54.0989 4516        flpydisk - ok

21:09:55.0015 4516        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:09:55.0027 4516        FltMgr - ok

21:09:55.0114 4516        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

21:09:55.0134 4516        FontCache - ok

21:09:55.0223 4516        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

21:09:55.0232 4516        FontCache3.0.0.0 - ok

21:09:55.0253 4516        fsbts           (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys

21:09:55.0263 4516        fsbts - ok

21:09:55.0386 4516        FSDFWD          (d49cdf34eb4cb1de1acd33b7147be8e9) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe

21:09:55.0405 4516        FSDFWD - ok

21:09:55.0454 4516        FSES            (f83475d1843e0d7ca0d8dbb93250ebc9) C:\Windows\system32\drivers\fses.sys

21:09:55.0464 4516        FSES - ok

21:09:55.0495 4516        FSFW            (581bf8dfc691b7d3be0cb0c49bba4755) C:\Windows\system32\drivers\fsdfw.sys

21:09:55.0506 4516        FSFW - ok

21:09:55.0573 4516        FSMA            (e558a4679046589969ef9c79bbed6bd1) C:\Program Files\F-Secure\Common\FSMA32.EXE

21:09:55.0586 4516        FSMA - ok

21:09:55.0615 4516        FSORSPClient    (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

21:09:55.0629 4516        FSORSPClient - ok

21:09:55.0659 4516        fsvista         (667af2f3f0f5d8ae7cfd60bb2ce4d600) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys

21:09:55.0672 4516        fsvista - ok

21:09:55.0690 4516        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

21:09:55.0707 4516        Fs_Rec - ok

21:09:55.0728 4516        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:09:55.0744 4516        gagp30kx - ok

21:09:55.0771 4516        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:09:55.0783 4516        GEARAspiWDM - ok

21:09:55.0849 4516        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

21:09:55.0885 4516        gpsvc - ok

21:09:55.0959 4516        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

21:09:55.0973 4516        gupdate - ok

21:09:56.0033 4516        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

21:09:56.0052 4516        HdAudAddService - ok

21:09:56.0099 4516        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:09:56.0133 4516        HDAudBus - ok

21:09:56.0160 4516        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:09:56.0214 4516        HidBth - ok

21:09:56.0223 4516        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:09:56.0277 4516        HidIr - ok

21:09:56.0327 4516        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

21:09:56.0345 4516        hidserv - ok

21:09:56.0369 4516        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:09:56.0393 4516        HidUsb - ok

21:09:56.0420 4516        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

21:09:56.0453 4516        hkmsvc - ok

21:09:56.0477 4516        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:09:56.0493 4516        HpCISSs - ok

21:09:56.0570 4516        hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

21:09:56.0578 4516        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

21:09:56.0579 4516        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

21:09:56.0621 4516        hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

21:09:56.0628 4516        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

21:09:56.0628 4516        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

21:09:56.0687 4516        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:09:56.0710 4516        HTTP - ok

21:09:56.0748 4516        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:09:56.0763 4516        i2omp - ok

21:09:56.0821 4516        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:09:56.0846 4516        i8042prt - ok

21:09:56.0920 4516        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:09:56.0940 4516        iaStorV - ok

21:09:57.0086 4516        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

21:09:57.0120 4516        idsvc - ok

21:09:57.0146 4516        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:09:57.0161 4516        iirsp - ok

21:09:57.0219 4516        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

21:09:57.0251 4516        IKEEXT - ok

21:09:57.0280 4516        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

21:09:57.0295 4516        intelide - ok

21:09:57.0310 4516        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:09:57.0342 4516        intelppm - ok

21:09:57.0364 4516        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

21:09:57.0397 4516        IPBusEnum - ok

21:09:57.0406 4516        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:09:57.0426 4516        IpFilterDriver - ok

21:09:57.0454 4516        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

21:09:57.0466 4516        iphlpsvc - ok

21:09:57.0469 4516        IpInIp - ok

21:09:57.0485 4516        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:09:57.0505 4516        IPMIDRV - ok

21:09:57.0526 4516        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:09:57.0546 4516        IPNAT - ok

21:09:57.0685 4516        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

21:09:57.0705 4516        iPod Service - ok

21:09:57.0752 4516        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:09:57.0775 4516        IRENUM - ok

21:09:57.0786 4516        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:09:57.0799 4516        isapnp - ok

21:09:57.0836 4516        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:09:57.0851 4516        iScsiPrt - ok

21:09:57.0869 4516        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:09:57.0880 4516        iteatapi - ok

21:09:57.0891 4516        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:09:57.0903 4516        iteraid - ok

21:09:57.0914 4516        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:09:57.0926 4516        kbdclass - ok

21:09:57.0942 4516        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

21:09:57.0965 4516        kbdhid - ok

21:09:58.0009 4516        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:09:58.0026 4516        KeyIso - ok

21:09:58.0062 4516        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

21:09:58.0087 4516        KSecDD - ok

21:09:58.0154 4516        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

21:09:58.0191 4516        KtmRm - ok

21:09:58.0237 4516        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

21:09:58.0257 4516        LanmanServer - ok

21:09:58.0292 4516        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

21:09:58.0313 4516        LanmanWorkstation - ok

21:09:58.0325 4516        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:09:58.0357 4516        lltdio - ok

21:09:58.0384 4516        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

21:09:58.0418 4516        lltdsvc - ok

21:09:58.0424 4516        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

21:09:58.0479 4516        lmhosts - ok

21:09:58.0504 4516        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:09:58.0515 4516        LSI_FC - ok

21:09:58.0531 4516        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:09:58.0542 4516        LSI_SAS - ok

21:09:58.0566 4516        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:09:58.0576 4516        LSI_SCSI - ok

21:09:58.0589 4516        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:09:58.0609 4516        luafv - ok

21:09:58.0631 4516        MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

21:09:58.0641 4516        MBAMProtector - ok

21:09:58.0749 4516        MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

21:09:58.0767 4516        MBAMService - ok

21:09:58.0938 4516        McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe

21:09:58.0951 4516        McComponentHostService - ok

21:09:58.0964 4516        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

21:09:58.0977 4516        Mcx2Svc - ok

21:09:58.0991 4516        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:09:59.0003 4516        megasas - ok

21:09:59.0051 4516        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:09:59.0069 4516        MegaSR - ok

21:09:59.0096 4516        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

21:09:59.0125 4516        MMCSS - ok

21:09:59.0136 4516        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:09:59.0167 4516        Modem - ok

21:09:59.0173 4516        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:09:59.0205 4516        monitor - ok

21:09:59.0215 4516        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:09:59.0224 4516        mouclass - ok

21:09:59.0241 4516        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:09:59.0260 4516        mouhid - ok

21:09:59.0267 4516        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:09:59.0277 4516        MountMgr - ok

21:09:59.0340 4516        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

21:09:59.0350 4516        MozillaMaintenance - ok

21:09:59.0385 4516        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:09:59.0396 4516        mpio - ok

21:09:59.0412 4516        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:09:59.0429 4516        mpsdrv - ok

21:09:59.0482 4516        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

21:09:59.0503 4516        MpsSvc - ok

21:09:59.0539 4516        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:09:59.0550 4516        Mraid35x - ok

21:09:59.0585 4516        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:09:59.0599 4516        MRxDAV - ok

21:09:59.0638 4516        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:09:59.0651 4516        mrxsmb - ok

21:09:59.0690 4516        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:09:59.0704 4516        mrxsmb10 - ok

21:09:59.0725 4516        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:09:59.0738 4516        mrxsmb20 - ok

21:09:59.0799 4516        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

21:09:59.0813 4516        msahci - ok

21:09:59.0944 4516        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:09:59.0961 4516        msdsm - ok

21:09:59.0977 4516        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

21:10:00.0013 4516        MSDTC - ok

21:10:00.0043 4516        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:10:00.0074 4516        Msfs - ok

21:10:00.0087 4516        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:10:00.0102 4516        msisadrv - ok

21:10:00.0141 4516        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

21:10:00.0174 4516        MSiSCSI - ok

21:10:00.0179 4516        msiserver - ok

21:10:00.0204 4516        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:10:00.0236 4516        MSKSSRV - ok

21:10:00.0251 4516        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:10:00.0283 4516        MSPCLOCK - ok

21:10:00.0297 4516        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:10:00.0328 4516        MSPQM - ok

21:10:00.0359 4516        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:10:00.0379 4516        MsRPC - ok

21:10:00.0390 4516        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:10:00.0406 4516        mssmbios - ok

21:10:00.0415 4516        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:10:00.0446 4516        MSTEE - ok

21:10:00.0461 4516        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:10:00.0478 4516        Mup - ok

21:10:00.0530 4516        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

21:10:00.0559 4516        napagent - ok

21:10:00.0599 4516        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:10:00.0618 4516        NativeWifiP - ok

21:10:00.0677 4516        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:10:00.0704 4516        NDIS - ok

21:10:00.0730 4516        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:10:00.0754 4516        NdisTapi - ok

21:10:00.0768 4516        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:10:00.0799 4516        Ndisuio - ok

21:10:00.0833 4516        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:10:00.0858 4516        NdisWan - ok

21:10:00.0871 4516        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:10:00.0896 4516        NDProxy - ok

21:10:00.0922 4516        Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll

21:10:00.0929 4516        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

21:10:00.0929 4516        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

21:10:00.0944 4516        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:10:00.0975 4516        NetBIOS - ok

21:10:01.0010 4516        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:10:01.0037 4516        netbt - ok

21:10:01.0075 4516        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:10:01.0093 4516        Netlogon - ok

21:10:01.0135 4516        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

21:10:01.0170 4516        Netman - ok

21:10:01.0201 4516        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

21:10:01.0237 4516        netprofm - ok

21:10:01.0329 4516        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:10:01.0345 4516        NetTcpPortSharing - ok

21:10:01.0359 4516        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:10:01.0374 4516        nfrd960 - ok

21:10:01.0398 4516        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

21:10:01.0433 4516        NlaSvc - ok

21:10:01.0511 4516        nmwcd           (e380bbcad640304737650367ddfa2366) C:\Windows\system32\drivers\nmwcd.sys

21:10:01.0534 4516        nmwcd - ok

21:10:01.0550 4516        nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys

21:10:01.0575 4516        nmwcdc - ok

21:10:01.0593 4516        nmwcdcm         (9c9ff3ec04021234d6f440acbd3b70c1) C:\Windows\system32\drivers\nmwcdcm.sys

21:10:01.0614 4516        nmwcdcm - ok

21:10:01.0643 4516        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:10:01.0669 4516        Npfs - ok

21:10:01.0674 4516        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

21:10:01.0707 4516        nsi - ok

21:10:01.0712 4516        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:10:01.0743 4516        nsiproxy - ok

21:10:01.0842 4516        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:10:01.0884 4516        Ntfs - ok

21:10:01.0909 4516        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:10:01.0962 4516        ntrigdigi - ok

21:10:01.0971 4516        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:10:02.0002 4516        Null - ok

21:10:02.0815 4516        nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:10:03.0153 4516        nvlddmkm - ok

21:10:03.0292 4516        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:10:03.0305 4516        nvraid - ok

21:10:03.0324 4516        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:10:03.0336 4516        nvstor - ok

21:10:03.0359 4516        nvsvc           (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe

21:10:03.0371 4516        nvsvc - ok

21:10:03.0385 4516        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:10:03.0398 4516        nv_agp - ok

21:10:03.0401 4516        NwlnkFlt - ok

21:10:03.0406 4516        NwlnkFwd - ok

21:10:03.0425 4516        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

21:10:03.0444 4516        ohci1394 - ok

21:10:03.0515 4516        ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:10:03.0529 4516        ose - ok

21:10:03.0616 4516        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:10:03.0646 4516        p2pimsvc - ok

21:10:03.0654 4516        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:10:03.0683 4516        p2psvc - ok

21:10:03.0706 4516        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:10:03.0760 4516        Parport - ok

21:10:03.0781 4516        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:10:03.0798 4516        partmgr - ok

21:10:03.0809 4516        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:10:03.0842 4516        Parvdm - ok

21:10:03.0862 4516        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

21:10:03.0874 4516        PcaSvc - ok

21:10:03.0898 4516        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:10:03.0910 4516        pci - ok

21:10:03.0940 4516        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

21:10:03.0949 4516        pciide - ok

21:10:03.0972 4516        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:10:03.0982 4516        pcmcia - ok

21:10:04.0059 4516        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:10:04.0104 4516        PEAUTH - ok

21:10:04.0233 4516        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

21:10:04.0276 4516        pla - ok

21:10:04.0397 4516        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

21:10:04.0423 4516        PlugPlay - ok

21:10:04.0448 4516        Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll

21:10:04.0454 4516        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

21:10:04.0454 4516        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

21:10:04.0517 4516        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:10:04.0546 4516        PNRPAutoReg - ok

21:10:04.0554 4516        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

21:10:04.0583 4516        PNRPsvc - ok

21:10:04.0623 4516        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

21:10:04.0654 4516        PolicyAgent - ok

21:10:04.0717 4516        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:10:04.0748 4516        PptpMiniport - ok

21:10:04.0763 4516        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

21:10:04.0795 4516        Processor - ok

21:10:04.0813 4516        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

21:10:04.0830 4516        ProfSvc - ok

21:10:04.0854 4516        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:10:04.0865 4516        ProtectedStorage - ok

21:10:04.0903 4516        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:10:04.0919 4516        PSched - ok

21:10:05.0168 4516        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:10:05.0202 4516        ql2300 - ok

21:10:05.0252 4516        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:10:05.0264 4516        ql40xx - ok

21:10:05.0306 4516        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

21:10:05.0322 4516        QWAVE - ok

21:10:05.0338 4516        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:10:05.0351 4516        QWAVEdrv - ok

21:10:05.0366 4516        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:10:05.0390 4516        RasAcd - ok

21:10:05.0409 4516        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

21:10:05.0436 4516        RasAuto - ok

21:10:05.0451 4516        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:10:05.0475 4516        Rasl2tp - ok

21:10:05.0505 4516        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

21:10:05.0528 4516        RasMan - ok

21:10:05.0553 4516        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:10:05.0575 4516        RasPppoe - ok

21:10:05.0606 4516        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:10:05.0620 4516        RasSstp - ok

21:10:05.0657 4516        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:10:05.0678 4516        rdbss - ok

21:10:05.0686 4516        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:10:05.0710 4516        RDPCDD - ok

21:10:05.0737 4516        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:10:05.0762 4516        rdpdr - ok

21:10:05.0766 4516        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:10:05.0790 4516        RDPENCDD - ok

21:10:05.0845 4516        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

21:10:05.0860 4516        RDPWD - ok

21:10:05.0905 4516        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

21:10:05.0930 4516        RemoteAccess - ok

21:10:05.0957 4516        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

21:10:05.0978 4516        RemoteRegistry - ok

21:10:05.0998 4516        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

21:10:06.0011 4516        RpcLocator - ok

21:10:06.0054 4516        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

21:10:06.0089 4516        RpcSs - ok

21:10:06.0116 4516        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:10:06.0148 4516        rspndr - ok

21:10:06.0198 4516        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

21:10:06.0215 4516        SamSs - ok

21:10:06.0231 4516        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:10:06.0246 4516        sbp2port - ok

21:10:06.0269 4516        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

21:10:06.0297 4516        SCardSvr - ok

21:10:06.0359 4516        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

21:10:06.0388 4516        Schedule - ok

21:10:06.0414 4516        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

21:10:06.0439 4516        SCPolicySvc - ok

21:10:06.0472 4516        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

21:10:06.0492 4516        SDRSVC - ok

21:10:06.0506 4516        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:10:06.0560 4516        secdrv - ok

21:10:06.0566 4516        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

21:10:06.0599 4516        seclogon - ok

21:10:06.0614 4516        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

21:10:06.0635 4516        SENS - ok

21:10:06.0658 4516        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

21:10:06.0678 4516        Serenum - ok

21:10:06.0702 4516        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

21:10:06.0722 4516        Serial - ok

21:10:06.0729 4516        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:10:06.0748 4516        sermouse - ok

21:10:06.0768 4516        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

21:10:06.0790 4516        SessionEnv - ok

21:10:06.0797 4516        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:10:06.0812 4516        sffdisk - ok

21:10:06.0819 4516        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:10:06.0838 4516        sffp_mmc - ok

21:10:06.0853 4516        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:10:06.0873 4516        sffp_sd - ok

21:10:06.0889 4516        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:10:06.0922 4516        sfloppy - ok

21:10:06.0961 4516        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

21:10:06.0983 4516        SharedAccess - ok

21:10:07.0021 4516        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

21:10:07.0037 4516        ShellHWDetection - ok

21:10:07.0052 4516        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:10:07.0064 4516        sisagp - ok

21:10:07.0070 4516        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:10:07.0082 4516        SiSRaid2 - ok

21:10:07.0101 4516        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:10:07.0113 4516        SiSRaid4 - ok

21:10:07.0366 4516        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

21:10:07.0486 4516        slsvc - ok

21:10:07.0621 4516        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

21:10:07.0649 4516        SLUINotify - ok

21:10:07.0696 4516        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:10:07.0721 4516        Smb - ok

21:10:07.0746 4516        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

21:10:07.0763 4516        SNMPTRAP - ok

21:10:07.0784 4516        SNPSTD3 - ok

21:10:07.0810 4516        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:10:07.0826 4516        spldr - ok

21:10:07.0860 4516        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

21:10:07.0880 4516        Spooler - ok

21:10:07.0938 4516        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:10:07.0958 4516        srv - ok

21:10:08.0002 4516        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:10:08.0020 4516        srv2 - ok

21:10:08.0063 4516        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:10:08.0080 4516        srvnet - ok

21:10:08.0136 4516        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys

21:10:08.0153 4516        ssadbus - ok

21:10:08.0171 4516        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys

21:10:08.0186 4516        ssadmdfl - ok

21:10:08.0206 4516        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys

21:10:08.0225 4516        ssadmdm - ok

21:10:08.0253 4516        ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys

21:10:08.0271 4516        ssadserd - ok

21:10:08.0298 4516        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

21:10:08.0333 4516        SSDPSRV - ok

21:10:08.0377 4516        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

21:10:08.0397 4516        SstpSvc - ok

21:10:08.0563 4516        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

21:10:08.0613 4516        stisvc - ok

21:10:08.0635 4516        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:10:08.0650 4516        swenum - ok

21:10:08.0688 4516        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

21:10:08.0718 4516        swprv - ok

21:10:08.0729 4516        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:10:08.0744 4516        Symc8xx - ok

21:10:08.0756 4516        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:10:08.0770 4516        Sym_hi - ok

21:10:08.0781 4516        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:10:08.0796 4516        Sym_u3 - ok

21:10:08.0843 4516        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

21:10:08.0866 4516        SysMain - ok

21:10:08.0898 4516        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

21:10:08.0911 4516        TabletInputService - ok

21:10:08.0940 4516        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

21:10:08.0958 4516        TapiSrv - ok

21:10:08.0970 4516        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

21:10:08.0992 4516        TBS - ok

21:10:09.0085 4516        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

21:10:09.0110 4516        Tcpip - ok

21:10:09.0120 4516        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

21:10:09.0151 4516        Tcpip6 - ok

21:10:09.0190 4516        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:10:09.0203 4516        tcpipreg - ok

21:10:09.0218 4516        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:10:09.0242 4516        TDPIPE - ok

21:10:09.0261 4516        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:10:09.0284 4516        TDTCP - ok

21:10:09.0324 4516        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:10:09.0344 4516        tdx - ok

21:10:09.0363 4516        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:10:09.0376 4516        TermDD - ok

21:10:09.0420 4516        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

21:10:09.0446 4516        TermService - ok

21:10:09.0498 4516        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

21:10:09.0517 4516        Themes - ok

21:10:09.0549 4516        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

21:10:09.0581 4516        THREADORDER - ok

21:10:09.0593 4516        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

21:10:09.0627 4516        TrkWks - ok

21:10:09.0668 4516        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

21:10:09.0693 4516        TrustedInstaller - ok

21:10:09.0714 4516        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:10:09.0745 4516        tssecsrv - ok

21:10:09.0768 4516        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:10:09.0785 4516        tunmp - ok

21:10:09.0791 4516        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:10:09.0808 4516        tunnel - ok

21:10:09.0829 4516        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:10:09.0839 4516        uagp35 - ok

21:10:09.0865 4516        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:10:09.0881 4516        udfs - ok

21:10:09.0902 4516        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

21:10:09.0923 4516        UI0Detect - ok

21:10:09.0932 4516        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:10:09.0942 4516        uliagpkx - ok

21:10:09.0969 4516        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:10:09.0981 4516        uliahci - ok

21:10:10.0002 4516        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:10:10.0011 4516        UlSata - ok

21:10:10.0025 4516        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:10:10.0035 4516        ulsata2 - ok

21:10:10.0047 4516        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:10:10.0068 4516        umbus - ok

21:10:10.0119 4516        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

21:10:10.0142 4516        upnphost - ok

21:10:10.0174 4516        upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

21:10:10.0189 4516        upperdev - ok

21:10:10.0223 4516        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:10:10.0239 4516        usbccgp - ok

21:10:10.0259 4516        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:10:10.0293 4516        usbcir - ok

21:10:10.0314 4516        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:10:10.0329 4516        usbehci - ok

21:10:10.0364 4516        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:10:10.0381 4516        usbhub - ok

21:10:10.0391 4516        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:10:10.0424 4516        usbohci - ok

21:10:10.0431 4516        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:10:10.0450 4516        usbprint - ok

21:10:10.0479 4516        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:10:10.0494 4516        usbscan - ok

21:10:10.0519 4516        UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

21:10:10.0534 4516        UsbserFilt - ok

21:10:10.0545 4516        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:10:10.0561 4516        USBSTOR - ok

21:10:10.0565 4516        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:10:10.0581 4516        usbuhci - ok

21:10:10.0601 4516        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

21:10:10.0618 4516        UxSms - ok

21:10:10.0662 4516        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

21:10:10.0684 4516        vds - ok

21:10:10.0714 4516        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:10:10.0737 4516        vga - ok

21:10:10.0744 4516        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:10:10.0768 4516        VgaSave - ok

21:10:10.0779 4516        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:10:10.0791 4516        viaagp - ok

21:10:10.0801 4516        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:10:10.0825 4516        ViaC7 - ok

21:10:10.0836 4516        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:10:10.0848 4516        viaide - ok

21:10:10.0855 4516        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:10:10.0867 4516        volmgr - ok

21:10:10.0915 4516        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:10:10.0932 4516        volmgrx - ok

21:10:10.0976 4516        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:10:10.0992 4516        volsnap - ok

21:10:11.0013 4516        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:10:11.0026 4516        vsmraid - ok

21:10:11.0107 4516        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

21:10:11.0143 4516        VSS - ok

21:10:11.0194 4516        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

21:10:11.0221 4516        W32Time - ok

21:10:11.0260 4516        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:10:11.0313 4516        WacomPen - ok

21:10:11.0329 4516        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:10:11.0354 4516        Wanarp - ok

21:10:11.0358 4516        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:10:11.0383 4516        Wanarpv6 - ok

21:10:11.0421 4516        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

21:10:11.0447 4516        wcncsvc - ok

21:10:11.0486 4516        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

21:10:11.0513 4516        WcsPlugInService - ok

21:10:11.0525 4516        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:10:11.0541 4516        Wd - ok

21:10:11.0589 4516        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:10:11.0615 4516        Wdf01000 - ok

21:10:11.0651 4516        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

21:10:11.0685 4516        WdiServiceHost - ok

21:10:11.0688 4516        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

21:10:11.0723 4516        WdiSystemHost - ok

21:10:11.0747 4516        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

21:10:11.0769 4516        WebClient - ok

21:10:11.0821 4516        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

21:10:11.0842 4516        Wecsvc - ok

21:10:11.0862 4516        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

21:10:11.0889 4516        wercplsupport - ok

21:10:11.0910 4516        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

21:10:11.0938 4516        WerSvc - ok

21:10:12.0021 4516        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

21:10:12.0041 4516        WinDefend - ok

21:10:12.0108 4516        WinDriver       (596b3dda2527219c01fbc40ca60987ca) C:\Windows\system32\Drivers\windrvr.sys

21:10:12.0117 4516        WinDriver ( UnsignedFile.Multi.Generic ) - warning

21:10:12.0117 4516        WinDriver - detected UnsignedFile.Multi.Generic (1)

21:10:12.0122 4516        WinHttpAutoProxySvc - ok

21:10:12.0181 4516        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

21:10:12.0208 4516        Winmgmt - ok

21:10:12.0328 4516        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

21:10:12.0368 4516        WinRM - ok

21:10:12.0436 4516        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

21:10:12.0462 4516        Wlansvc - ok

21:10:12.0509 4516        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

21:10:12.0533 4516        WmiAcpi - ok

21:10:12.0580 4516        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

21:10:12.0606 4516        wmiApSrv - ok

21:10:12.0735 4516        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

21:10:12.0765 4516        WMPNetworkSvc - ok

21:10:12.0781 4516        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

21:10:12.0802 4516        WPCSvc - ok

21:10:12.0839 4516        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

21:10:12.0852 4516        WPDBusEnum - ok

21:10:12.0885 4516        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:10:12.0896 4516        WpdUsb - ok

21:10:13.0027 4516        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

21:10:13.0047 4516        WPFFontCache_v0400 - ok

21:10:13.0068 4516        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:10:13.0087 4516        ws2ifsl - ok

21:10:13.0137 4516        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

21:10:13.0154 4516        wscsvc - ok

21:10:13.0158 4516        WSearch - ok

21:10:13.0310 4516        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

21:10:13.0360 4516        wuauserv - ok

21:10:13.0525 4516        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:10:13.0557 4516        WUDFRd - ok

21:10:13.0591 4516        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

21:10:13.0625 4516        wudfsvc - ok

21:10:13.0640 4516        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

21:10:13.0788 4516        \Device\Harddisk0\DR0 - ok

21:10:13.0793 4516        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4

21:10:13.0938 4516        \Device\Harddisk4\DR4 - ok

21:10:13.0944 4516        MBR (0x1B8)     (3ef4844650b69d790a968f53a285cf9d) \Device\Harddisk5\DR5

21:10:23.0109 4516        \Device\Harddisk5\DR5 - ok

21:10:23.0113 4516        Boot (0x1200)   (82389c3b3017a8b1e2046b9280855d7e) \Device\Harddisk0\DR0\Partition0

21:10:23.0115 4516        \Device\Harddisk0\DR0\Partition0 - ok

21:10:23.0118 4516        Boot (0x1200)   (3fdf902778cd9802f5f9055a31d8cbc9) \Device\Harddisk0\DR0\Partition1

21:10:23.0119 4516        \Device\Harddisk0\DR0\Partition1 - ok

21:10:23.0124 4516        Boot (0x1200)   (76c5873152a0fc74d2ec51582862df81) \Device\Harddisk4\DR4\Partition0

21:10:23.0125 4516        \Device\Harddisk4\DR4\Partition0 - ok

21:10:23.0126 4516        ============================================================

21:10:23.0126 4516        Scan finished

21:10:23.0126 4516        ============================================================

21:10:23.0137 4276        Detected object count: 7

21:10:23.0137 4276        Actual detected object count: 7

21:10:52.0538 4276        ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0538 4276        ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0540 4276        ASPI ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0540 4276        ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0541 4276        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0541 4276        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0543 4276        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0543 4276        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0546 4276        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0546 4276        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0547 4276        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0547 4276        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:10:52.0549 4276        WinDriver ( UnsignedFile.Multi.Generic ) - skipped by user

21:10:52.0549 4276        WinDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-05-02.03 - Torsten 03.05.2012   0:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1892 [GMT 2:00]

ausgeführt von:: c:\users\Torsten\Downloads\ComboFix.exe

AV: F-Secure Internet Security 2011 10.50 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: F-Secure Internet Security 2011 10.50 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Internet Security 2011 10.50 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll

c:\users\Torsten\Documents\~WRL0005.tmp

c:\windows\IsUn0407.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\muzapp.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_WinDriver

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-02 bis 2012-05-02  ))))))))))))))))))))))))))))))

.

.

2012-05-02 22:06 . 2012-05-02 22:11        --------        d-----w-        c:\users\Torsten\AppData\Local\temp

2012-05-02 22:06 . 2012-05-02 22:06        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-02 18:27 . 2012-05-02 18:27        --------        d-----w-        C:\_OTL

2012-05-01 13:36 . 2012-05-01 13:36        --------        d-----w-        c:\program files\Common Files\Java

2012-05-01 13:35 . 2012-05-01 13:35        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-05-01 13:26 . 2012-05-01 13:26        --------        d-----w-        c:\programdata\McAfee Security Scan

2012-05-01 13:26 . 2012-05-01 13:26        --------        d-----w-        c:\programdata\McAfee

2012-05-01 13:26 . 2012-05-01 13:26        --------        d-----w-        c:\program files\McAfee Security Scan

2012-05-01 13:26 . 2012-05-01 13:37        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-01 13:15 . 2012-05-01 13:15        --------        d-----w-        C:\totalcmd

2012-05-01 13:15 . 2012-05-01 13:15        --------        d-----w-        c:\users\Torsten\AppData\Roaming\GHISLER

2012-05-01 13:15 . 2012-04-27 06:00        545        ----a-w-        c:\windows\UC.PIF

2012-05-01 13:15 . 2012-04-27 06:00        545        ----a-w-        c:\windows\RAR.PIF

2012-05-01 13:15 . 2012-04-27 06:00        545        ----a-w-        c:\windows\LHA.PIF

2012-05-01 13:15 . 2012-04-27 06:00        545        ----a-w-        c:\windows\ARJ.PIF

2012-05-01 12:24 . 2012-05-01 12:24        --------        d-----w-        c:\program files\fahrtenbuch.de

2012-05-01 12:05 . 2012-05-01 12:05        --------        d-----w-        C:\Fahrtenbuch 2009 Essential

2012-05-01 06:38 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F09A6A0B-3A5A-4BF8-A5E8-5514E6077005}\mpengine.dll

2012-04-24 21:15 . 2012-04-24 21:15        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-04-24 21:15 . 2012-04-24 21:15        157352        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-24 21:15 . 2012-04-24 21:15        129976        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-04-23 19:34 . 2012-04-23 19:34        --------        d-----w-        c:\program files\ESET

2012-04-23 18:41 . 2012-04-23 18:41        --------        d-----w-        c:\users\Torsten\AppData\Roaming\Malwarebytes

2012-04-23 18:40 . 2012-04-23 18:40        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-23 18:40 . 2012-05-01 16:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-04-23 18:40 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-22 20:50 . 2012-04-22 20:50        --------        d-----w-        c:\users\Torsten\AppData\Local\Frey Software

2012-04-21 23:30 . 2012-04-22 20:50        --------        d-----w-        c:\users\Torsten\AppData\Local\Frey_Software

2012-04-21 23:30 . 2012-04-21 23:30        --------        d-----w-        c:\users\Torsten\AppData\Roaming\Frey Software

2012-04-21 23:22 . 2012-04-21 23:22        --------        d-----w-        c:\programdata\FrMethods

2012-04-21 23:19 . 2012-04-21 23:19        --------        d-----w-        c:\program files\Frey Software

2012-04-21 16:34 . 2012-04-21 16:34        --------        d-----w-        c:\windows\Downloaded Installations

2012-04-19 17:17 . 2012-04-19 17:17        --------        d-----w-        c:\program files\Microsoft

2012-04-11 23:41 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-04-11 23:41 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll

2012-04-11 23:41 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll

2012-04-11 23:41 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-04-11 23:41 . 2012-03-06 06:39        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 23:41 . 2012-03-06 06:39        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-10 17:31 . 2011-09-23 12:43        1623552        ----a-w-        c:\program files\Mozilla Firefox\plugins\NpFv530.dll

2012-04-10 17:31 . 2012-04-10 17:31        715038        ----a-w-        c:\windows\unins000.exe

2012-04-04 05:53 . 2012-04-04 05:53        182160        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-04-04 05:53 . 2012-04-04 05:53        182160        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-01 13:37 . 2011-09-08 15:08        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-01 13:35 . 2010-05-31 20:00        472864        ----a-w-        c:\windows\system32\deployJava1.dll

2012-02-23 08:18 . 2010-05-31 04:34        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 19:37 . 2009-05-21 18:21        499712        ----a-w-        c:\windows\system32\msvcp71.dll

2012-02-15 19:37 . 2009-05-21 16:57        348160        ----a-w-        c:\windows\system32\msvcr71.dll

2012-02-14 15:45 . 2012-03-14 05:27        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 05:27        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-02-13 14:12 . 2012-03-14 05:27        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-02-13 13:47 . 2012-03-14 05:27        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-02-13 13:44 . 2012-03-14 05:27        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-04-24 21:15 . 2011-09-30 17:03        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-18 21416]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2011-12-23 200360]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2011-12-23 1654440]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-15 296056]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]

S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2011-01-08 99840]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:37]

.

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 15:32]

.

2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 15:32]

.

2012-05-02 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2010-05-30 10:00]

.

2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube to Mp3 Converter - c:\users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\

FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS - Deutsch

FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-03 00:11

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j*z* \OpenWithList]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ü*l* \OpenWithList]

@Class="Shell"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5676)

c:\program files\F-Secure\Spam Control\fsscoepl.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\F-Secure\Anti-Virus\fsgk32st.exe

c:\program files\F-Secure\Anti-Virus\FSGK32.EXE

c:\program files\F-Secure\Common\FSMA32.EXE

c:\program files\F-Secure\Common\FSHDLL32.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\F-Secure\Anti-Virus\fssm32.exe

c:\windows\System32\rundll32.exe

c:\program files\F-Secure\ORSP Client\fsorsp.exe

c:\program files\F-Secure\FWES\Program\fsdfwd.exe

c:\windows\system32\conime.exe

c:\program files\F-Secure\Anti-Virus\fsav32.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-05-03  00:16:57 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-05-02 22:16

.

Vor Suchlauf: 17 Verzeichnis(se), 525.637.353.472 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 525.978.996.736 Bytes frei

.

- - End Of File - - 1293B0ED88C7F65954DFA9DE44B57AB0

--- --- ---