Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mozilla macht Probleme (https://www.trojaner-board.de/130789-mozilla-macht-probleme.html)

Tina666 08.02.2013 13:34
Mozilla macht Probleme
 
Hallo,

seit ein paar Tagen war folgendes, wenn ich Mozilla öffnen wollte:
Es öffnete sich ein Fenster, da stand: Überprüfung der Add Ons auf Kombatibilität der aktuellen Mozilla Version.
Es lief für ein paar Sekunden ein grüner Balken, dann schloß sich das Fenster wieder, Mozilla öffnete sich mit vier Fenstern.
Das erste war von Mozilla, dann kam zweimal Google (mein Startfenster), dann einmal No Skript.
Ich schloß drei der Fenster und alles lief wie gehabt.
Nun geht Mozilla gar nicht mehr auf.
Es kommt besagte Überprüfung, dann flackert es kurz. Und das in ständiger Wiederholung.

Wer kann mir da bitte helfen?

Tina

markusg 08.02.2013 13:38
hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Tina666 08.02.2013 14:22
Hier OTL. Txt:OTL Logfile:
Code:
OTL logfile created on: 08.02.2013 13:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Bereinigung
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,63% Memory free
6,84 Gb Paging File | 6,01 Gb Available in Paging File | 87,88% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 285,92 Gb Free Space | 61,39% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 227,63 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
Drive E: | 236,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MOTIONSIGN | User Name: Hartmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Bereinigung\OTL.exe
PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.12.18 13:52:14 | 000,380,648 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarsrv.exe
PRC - [2012.10.20 21:01:11 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.03.03 18:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2010.03.03 18:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2010.02.11 01:34:14 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.09.21 13:50:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
PRC - [2001.07.09 14:38:10 | 000,356,352 | ---- | M] (Common Group) -- C:\WINDOWS\twain_32\A12U16KD\WATCH.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2013.01.09 18:45:46 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c8aa45e46a5a90e65984b1a2591c0ca7\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.09 18:23:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013.01.09 18:21:51 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:21:40 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.09 18:20:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.09 18:20:50 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2012.12.25 09:51:45 | 002,202,728 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.12.18 13:01:06 | 000,058,880 | ---- | M] () -- C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\escortShld.dll
MOD - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
MOD - [2010.04.24 22:30:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2004.09.14 18:44:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbxPP5C.DLL
MOD - [2002.10.30 08:58:36 | 000,143,360 | ---- | M] () -- C:\WINDOWS\twain_32\A12U16KD\A2dSpi.dll
MOD - [2001.12.06 19:55:18 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\A2dusd.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001.09.21 13:50:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.08 13:39:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.20 00:08:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.10.20 21:01:11 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.03 18:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 06:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010.02.11 01:34:14 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.01.06 23:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxbxcoms.exe -- (lxbx_device)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\FTD2XX.sys -- (FTD2XX)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2012.07.08 21:52:59 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.07.08 21:52:59 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.06.28 12:15:20 | 006,363,752 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.03.22 08:58:42 | 000,065,136 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010.03.03 18:59:22 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.02.12 06:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2010.02.11 01:34:46 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2009.11.18 00:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.21 19:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.01.04 14:25:08 | 000,017,408 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PMUSB.sys -- (PMUSB2G)
DRV - [2008.12.01 23:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.11.25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008.11.25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008.11.25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008.07.10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.02.13 12:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008.01.14 16:29:17 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007.12.06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.09.02 16:09:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006.09.02 15:36:20 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006.09.02 14:49:55 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2006.07.24 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006.07.24 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005.05.17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.02.09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005.01.10 10:45:56 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004.12.07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004.12.01 13:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.11.24 10:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.11.24 10:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.10.21 04:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.07.14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.04.26 07:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.04.26 07:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004.04.26 07:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004.04.26 07:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003.05.14 13:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003.05.14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003.05.14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.05.14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003.03.25 09:55:04 | 000,027,136 | R--- | M] (Mobile Action Tech. Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma-620.sys -- (MA-620)
DRV - [2002.10.21 10:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av)
DRV - [2002.07.25 10:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera)
DRV - [2002.05.31 09:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (Pnp680r)
DRV - [2001.11.08 07:53:54 | 000,018,120 | ---- | M] (  ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001.08.17 12:49:38 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ativmdcd.sys -- (MVDCODEC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0504817B-F19C-4569-BF5F-14CA6DE4EFF1}
IE - HKLM\..\SearchScopes\{0504817B-F19C-4569-BF5F-14CA6DE4EFF1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Wirtschaft: Wirtschaftsnachrichten von t-online.de/wirtschaft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Wirtschaft: Wirtschaftsnachrichten von t-online.de/wirtschaft
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0504817B-F19C-4569-BF5F-14CA6DE4EFF1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE427
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=118720&tt=0213_1&babsrc=SP_ss&mntrId=209027f10000000000005404a6d4fa58
IE - HKCU\..\SearchScopes\{131B38B1-CC5B-4A32-9914-62E0ED1FC19C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=df035c86-164b-4e37-a792-9376dcdd64f6&apn_sauid=469D03E0-2A3E-4579-834B-D66778E0659B
IE - HKCU\..\SearchScopes\{342032E5-348C-48BE-BFB2-D336898928C9}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3AA0DE0F-6691-4E93-A74E-D0A366421803}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3D20C55B-1C6F-44BB-8B64-6EB4DA52524C}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{65B27F1C-B3AA-42A9-82CF-FF5ED3FED24F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9F3786B8-EF7C-407E-AF2C-B49DAA6A0D1E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D6481E63-37A6-44EA-802B-2BC182D0D96E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ffpro"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=15788"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.9.100013
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1040.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=de_DE&apn_uid=df035c86-164b-4e37-a792-9376dcdd64f6&apn_ptnrs=HQ&apn_sauid=469D03E0-2A3E-4579-834B-D66778E0659B&apn_dtid=YYYYYYYYDE&&q="
 
FF - user.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - user.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js..browser.search.selectedEngine: "Google"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.10 12:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.11.10 12:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.10 12:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.20 00:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 15:02:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.10 08:59:45 | 000,000,000 | ---D | M]
 
[2012.10.13 12:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions
[2008.11.13 02:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.01.31 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions
[2010.05.13 02:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.11 23:29:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.01.10 08:59:31 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\ffxtlbr@babylon.com
[2012.10.02 22:11:56 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\foxmarks@kei.com
[2013.01.10 08:59:10 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\plugin@yontoo.com
[2013.02.02 13:19:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\toolbar@ask.com
[2013.01.18 20:01:08 | 000,538,938 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\toolbar@web.de.xpi
[2013.01.30 22:35:10 | 000,533,536 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.31 21:44:22 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 00:00:10 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\11-suche.xml
[2013.02.08 13:24:47 | 000,002,400 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\askcom.xml
[2013.01.10 09:00:14 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\babylon1.xml
[2012.11.17 00:00:10 | 000,002,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\englische-ergebnisse.xml
[2012.11.17 00:00:10 | 000,010,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\gmx-suche.xml
[2012.03.29 23:24:50 | 000,002,492 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\google-und-download-suche.xml
[2012.11.17 00:00:10 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\lastminute.xml
[2012.11.17 00:00:10 | 000,005,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\webde-suche.xml
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.01.10 08:59:45 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSERPROTECT\2.6.1040.25\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.01.20 00:08:12 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.10.16 00:36:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.10 08:59:13 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.10.16 00:36:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.16 00:36:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 00:36:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 00:36:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 00:36:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Babylon Search
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: Babylon Search
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2012.11.17 13:32:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\WINDOWS\twain_32\A12U16KD\WATCH.exe (Common Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ADAB9D3-1DB3-49B2-89FC-F454CD73AD07}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC1575C-73E5-4A35-B75A-769B11439EBC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.29 13:53:12 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Programme\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Watch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: 1und1Dispatcher - hkey= - key= - C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: Gtwatch - hkey= - key= - C:\WINDOWS\Gtwatch.exe ()
MsConfig - StartUpReg: itype - hkey= - key= - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: LDM - hkey= - key= - C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
MsConfig - StartUpReg: Logitech Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: OM2_Monitor - hkey= - key= - C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
MsConfig - StartUpReg: OM2_Monitor1 - hkey= - key= - C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task1 - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task2 - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony PC Companion - hkey= - key= - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: swg1 - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 08:59:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Startmenü\Programme\BrowserProtect
[2013.01.10 08:59:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabylonToolbar
[2013.01.10 08:59:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2013.01.10 08:59:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabSolution
[2013.01.10 08:59:30 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2013.01.10 08:59:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PerformerSoft
[2013.01.10 08:59:05 | 000,000,000 | ---D | C] -- C:\Programme\Yontoo
[2013.01.10 08:58:53 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2013.01.10 08:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2013.01.10 08:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2013.01.10 08:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Babylon
[2013.01.10 08:58:46 | 000,000,000 | ---D | C] -- C:\Programme\File Scout
[2013.01.10 08:58:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2013.01.09 18:41:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.10.21 22:25:27 | 018,380,552 | ---- | C] (Mozilla) -- C:\Programme\WEB.DE_Firefox_Setup.exe
[2006.12.16 12:34:39 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermptxp.sys
[2006.12.16 12:34:39 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermpt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 14:02:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.02.08 13:49:06 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 13:39:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.08 13:27:38 | 000,012,682 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.08 13:26:22 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 13:26:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.08 13:25:58 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.08 13:25:15 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2013.02.07 22:48:10 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
[2013.02.07 01:24:11 | 000,000,452 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Eigene Dateien\spider.sav
[2013.02.04 19:15:00 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.02 23:42:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013.02.02 23:42:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013.01.25 14:08:08 | 006,586,368 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2013.01.09 18:20:11 | 000,593,176 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 18:20:11 | 000,546,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 18:20:11 | 000,129,702 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 18:20:11 | 000,104,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 18:06:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2013.02.02 23:42:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013.02.02 23:42:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012.12.23 14:56:24 | 000,008,622 | ---- | C] () -- C:\WINDOWS\extend.dat
[2012.11.17 13:15:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.11.17 13:15:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.11.17 13:15:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.11.17 13:15:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.11.17 13:15:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.10.13 12:23:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.19 15:39:23 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2012.06.19 15:39:22 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2012.06.19 15:39:21 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012.04.03 18:54:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI
[2012.04.03 17:32:39 | 000,018,120 | ---- | C] (  ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2012.03.30 21:54:46 | 000,117,035 | ---- | C] () -- C:\Programme\jquery.yoxview-2.21.zip
[2012.03.30 21:12:11 | 007,558,447 | ---- | C] () -- C:\Programme\aemf20.exe
[2012.03.29 20:52:18 | 000,015,416 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.03.29 20:17:29 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012.03.29 20:17:29 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012.03.29 20:16:21 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.03.28 15:22:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2dusd.dll
[2012.03.28 13:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2012.03.28 13:20:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2012.03.01 13:55:08 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.03.01 13:52:55 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012.03.01 13:52:55 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012.02.16 04:44:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 06:29:50 | 000,211,614 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2010.11.17 07:12:17 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\.octave_hist
[2010.10.15 13:38:24 | 000,000,244 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\varicad-work.ini
[2010.04.27 23:14:16 | 000,038,347 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\dsc2099.jpg
[2010.01.06 22:44:31 | 000,000,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PropCalc Preferences
[2008.09.27 00:47:18 | 000,278,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mdbu.bin
[2008.06.20 13:23:06 | 001,487,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\test
[2007.08.03 22:47:14 | 000,001,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.04.25 22:08:24 | 000,093,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mdb.bin
[2006.12.16 12:34:39 | 000,007,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000.INF
[2006.12.16 12:34:39 | 000,005,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000XP.INF
[2006.12.16 12:34:39 | 000,005,877 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USB_CMCS_2000.INF
[2006.10.06 11:39:40 | 000,104,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\wtge61ge.HST
[2006.09.02 16:25:29 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.09.02 15:46:03 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.09.02 15:45:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.31 00:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.03.26 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alibre Design
[2011.05.13 17:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.03.01 10:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2013.01.10 08:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.03.30 20:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMSEV
[2013.01.10 08:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2012.11.15 20:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.03.26 17:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clp
[2012.03.01 12:18:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.03.02 13:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2006.09.23 22:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2012.01.18 19:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2010.03.02 21:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Die GeldPlaner Einstellungen
[2012.03.28 14:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2008.07.12 15:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2012.07.06 16:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2009.11.06 00:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotokasten comfort
[2008.12.15 14:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HDD Thermometer
[2013.01.10 08:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2010.03.02 21:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\metier2000Apps
[2012.03.01 13:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2008.01.13 23:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2007.10.29 14:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2007.10.29 14:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2007.10.29 13:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2012.03.29 15:34:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.05.12 18:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2013.01.10 08:59:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2010.03.02 21:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TOIGeldplaner2008
[2009.01.07 11:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2012.10.15 21:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.23 19:54:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.01.18 19:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2010.10.15 13:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VariCAD
[2012.10.15 22:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2012.10.15 22:10:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.15 22:10:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.10.15 22:10:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.01.18 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\1&1 Mail & Media GmbH
[2012.05.26 18:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Acronis
[2010.10.11 05:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Alibre Design
[2010.10.13 20:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\avidemux
[2013.01.10 08:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabSolution
[2013.01.10 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Babylon
[2013.01.10 08:59:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabylonToolbar
[2012.03.30 20:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BMSEV
[2013.02.08 01:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BVS Solitaire Collection
[2006.09.28 13:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\CD-LabelPrint
[2010.01.25 05:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DassaultSystemes
[2012.11.11 11:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DesktopIconForAmazon
[2012.01.28 06:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Easy MP3 Recorder
[2012.03.02 13:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Fighters
[2009.07.04 16:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\flightgear.org
[2012.12.28 00:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\FreeVideoConverter
[2012.02.02 17:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Garmin
[2008.06.20 13:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\gtk-2.0
[2006.09.02 15:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\HDD Thermometer
[2012.11.18 23:15:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\ImgBurn
[2010.04.26 13:19:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\kompozer.net
[2007.06.17 11:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mirabyte
[2009.01.08 20:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MobileAction
[2010.04.27 23:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MrJobs
[2010.10.05 17:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MSNInstaller
[2009.01.11 15:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\NCH Swift Sound
[2010.04.23 23:47:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Nvu
[2012.03.29 23:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS
[2012.03.29 23:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Opera
[2006.09.02 15:56:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PDFCreator
[2013.01.12 10:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PerformerSoft
[2011.12.23 20:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PhotoScape
[2007.05.12 18:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\T-Online
[2008.08.26 18:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TeamViewer
[2008.11.13 02:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TomTom
[2012.10.15 21:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TuneUp Software
[2007.05.31 17:06:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\ubi.com
[2009.01.23 19:59:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Ulead Systems
[2012.01.12 06:10:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Uniblue
[2010.10.15 13:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\VariCAD
[2010.10.15 13:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\VariCAD-Viewer.de
[2010.05.18 12:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Webocton - Scriptly
[2011.04.02 13:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Windows Desktop Search
[2009.01.13 22:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2007.08.09 23:34:28 | 000,000,000 | ---D | M] -- C:\acs-prop
[2012.11.20 16:31:56 | 000,000,000 | ---D | M] -- C:\Amelie
[2013.02.08 13:56:48 | 000,000,000 | ---D | M] -- C:\Bereinigung
[2013.01.27 02:48:47 | 000,000,000 | ---D | M] -- C:\Bilder
[2006.09.02 15:47:16 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2012.07.28 23:59:53 | 000,000,000 | ---D | M] -- C:\Boxer Klub
[2006.11.09 14:01:04 | 000,000,000 | ---D | M] -- C:\Cimatron
[2011.12.02 14:15:40 | 000,000,000 | ---D | M] -- C:\CimDat
[2012.11.17 13:17:50 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2013.02.08 05:09:10 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.10.09 18:44:59 | 000,000,000 | ---D | M] -- C:\ConverterOutput
[2006.10.12 16:29:29 | 000,000,000 | ---D | M] -- C:\COREL50
[2009.08.21 17:03:20 | 000,000,000 | ---D | M] -- C:\d30fa7cb1ac1c593a574b1c9
[2010.11.17 20:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.27 00:02:03 | 000,000,000 | ---D | M] -- C:\E-Pro
[2006.09.04 23:54:10 | 000,000,000 | ---D | M] -- C:\Favoriten
[2012.12.28 01:02:33 | 000,000,000 | ---D | M] -- C:\Filme
[2011.07.24 13:44:52 | 000,000,000 | ---D | M] -- C:\Fischer
[2012.07.11 11:41:56 | 000,000,000 | ---D | M] -- C:\found.000
[2011.09.05 10:13:20 | 000,000,000 | ---D | M] -- C:\Futter
[2012.06.30 21:27:14 | 000,000,000 | ---D | M] -- C:\Gallinat
[2009.10.20 21:53:12 | 000,000,000 | ---D | M] -- C:\Gambia
[2011.04.27 00:02:01 | 000,000,000 | ---D | M] -- C:\harald
[2011.04.16 21:28:28 | 000,000,000 | ---D | M] -- C:\harald1
[2007.08.09 23:34:30 | 000,000,000 | ---D | M] -- C:\Heli-Propeller
[2007.12.17 12:53:44 | 000,000,000 | ---D | M] -- C:\Helicopter
[2012.04.12 12:58:49 | 000,000,000 | ---D | M] -- C:\Homepages
[2010.07.20 14:20:22 | 000,000,000 | ---D | M] -- C:\HP
[2011.04.20 01:06:38 | 000,000,000 | ---D | M] -- C:\HP Bilder
[2011.04.20 02:01:55 | 000,000,000 | ---D | M] -- C:\HP Bilder 2
[2012.08.19 12:05:41 | 000,000,000 | ---D | M] -- C:\HP BK
[2010.07.22 14:58:35 | 000,000,000 | ---D | M] -- C:\hp-test
[2010.03.17 13:22:31 | 000,000,000 | ---D | M] -- C:\Juwel
[2011.07.24 13:44:53 | 000,000,000 | ---D | M] -- C:\Kontrollen
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\Küche
[2009.06.15 13:27:47 | 000,000,000 | ---D | M] -- C:\Langguth
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\Lengdorfer
[2011.07.24 13:44:53 | 000,000,000 | ---D | M] -- C:\Lengdorfer 2
[2012.01.29 15:03:05 | 000,000,000 | ---D | M] -- C:\LS
[2011.07.24 13:44:54 | 000,000,000 | ---D | M] -- C:\Motion Sign Zusammenfassung
[2012.04.04 12:42:31 | 000,000,000 | ---D | M] -- C:\MotionSign
[2011.11.30 18:52:25 | 000,000,000 | ---D | M] -- C:\MotionSign alt
[2010.02.19 02:18:27 | 000,000,000 | ---D | M] -- C:\MotionSign Antrag
[2009.04.28 13:59:31 | 000,000,000 | ---D | M] -- C:\MotionSign Antrag aktuell
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\MotionSign sonstiges
[2012.02.15 00:34:11 | 000,000,000 | ---D | M] -- C:\Motor
[2010.09.05 14:49:27 | 000,000,000 | ---D | M] -- C:\Motorrad
[2012.08.16 18:09:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.07 22:20:17 | 000,000,000 | ---D | M] -- C:\Musik
[2010.05.07 12:50:42 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011.07.24 13:44:57 | 000,000,000 | ---D | M] -- C:\Petra
[2011.07.24 13:44:57 | 000,000,000 | ---D | M] -- C:\Photo Impact
[2009.05.11 20:17:48 | 000,000,000 | ---D | M] -- C:\PPS Dateien
[2012.03.03 20:10:11 | 000,000,000 | ---D | M] -- C:\Preventon
[2013.01.07 13:44:32 | 000,000,000 | ---D | M] -- C:\Privat
[2008.12.30 21:15:32 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.02.07 00:44:24 | 000,000,000 | R--D | M] -- C:\Programme
[2009.11.03 02:08:19 | 000,000,000 | ---D | M] -- C:\Promeos
[2008.01.22 00:59:17 | 000,000,000 | ---D | M] -- C:\PSK
[2012.11.17 13:34:56 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.11.27 22:52:27 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.07.24 13:44:59 | 000,000,000 | ---D | M] -- C:\Rudi Kainer
[2012.03.27 00:26:06 | 000,000,000 | ---D | M] -- C:\style
[2012.11.10 12:30:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.08 13:44:17 | 000,000,000 | ---D | M] -- C:\Temp
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\test bilder
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\Testament
[2012.10.09 21:34:12 | 000,000,000 | ---D | M] -- C:\Tests
[2012.03.27 17:17:15 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2009.01.27 12:49:53 | 000,000,000 | ---D | M] -- C:\UFO
[2008.06.20 12:29:29 | 000,000,000 | ---D | M] -- C:\VideoOutput
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\Wichteln 2010
[2013.02.08 05:09:06 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010.04.28 20:54:48 | 000,000,000 | ---D | M] -- C:\Free tutorials on HTML, CSS and PHP - Build your own website - HTML.net
[2010.04.25 21:17:17 | 000,000,000 | ---D | M] -- C:\XAMPP
[2012.01.19 16:35:13 | 000,000,000 | ---D | M] -- C:\XAMPP-1
 
< %PROGRAMFILES%\*.exe >
[2012.03.30 21:12:39 | 007,558,447 | ---- | M] () -- C:\Programme\aemf20.exe
[2012.10.21 22:25:27 | 018,380,552 | ---- | M] (Mozilla) -- C:\Programme\WEB.DE_Firefox_Setup.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 03:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 03:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 03:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 03:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 03:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 03:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 03:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.09.02 14:34:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.09.02 14:38:58 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.11.23 02:27:15 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.23 02:27:15 | 000,001,094 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 18:47:10 | 000,000,402 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
[2012.04.10 01:36:23 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.11.18 23:02:07 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2009.08.05 23:00:00 | 000,028,787 | ---- | M] () MD5=9517DD94BABFCCDBA18772AB41AF4A57 -- C:\XAMPP\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.12.07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.09.02 16:26:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.09.02 16:26:22 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.09.02 16:26:22 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.12.23 16:33:22 | 000,000,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\.octave_hist
[2010.04.27 23:14:16 | 000,038,347 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\dsc2099.jpg
[2006.12.16 12:39:59 | 000,010,755 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Motorola_Driver_Log.txt
[2013.02.08 13:24:58 | 012,582,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.dat
[2013.02.08 14:18:43 | 000,036,864 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.dat.LOG
[2013.02.08 13:24:58 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.ini
[2008.06.20 13:23:17 | 001,487,202 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\test
[2006.12.16 12:34:39 | 000,007,195 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000.INF
[2006.12.16 12:34:39 | 000,005,891 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000XP.INF
[2006.12.16 12:34:39 | 000,022,768 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermpt.sys
[2006.12.16 12:34:39 | 000,024,192 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermptxp.sys
[2006.12.16 12:34:39 | 000,005,877 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USB_CMCS_2000.INF
[2012.08.13 12:04:54 | 000,104,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\wtge61ge.HST
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

Tina666 08.02.2013 14:26
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.02.2013 13:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Bereinigung
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,63% Memory free
6,84 Gb Paging File | 6,01 Gb Available in Paging File | 87,88% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 285,92 Gb Free Space | 61,39% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 227,63 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
Drive E: | 236,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MOTIONSIGN | User Name: Hartmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Programme\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\IPACS\easyFly\easyfly.exe" = C:\Programme\IPACS\easyFly\easyfly.exe:*:Enabled:easyfly -- (IPACS)
"C:\Programme\Pinnacle\Studio 10\programs\RM.exe" = C:\Programme\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Programme\Pinnacle\Studio 10\programs\Studio.exe" = C:\Programme\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Enabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Ubisoft\Silent Hunter 5\sh5.exe" = C:\Ubisoft\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5 -- (Ubisoft)
"C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe" = C:\Programme\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0153A77C-A981-4A1F-BAA9-16A80FBC358A}" = Full Spectrum Warrior
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon Camera WIA Driver
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{295EAB46-0541-497E-9520-83E5CCCDA2AC}" = CADsymbols
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34A153FE-6926-4C14-B48A-B71E68C672A8}_is1" = MiniTool Partition Wizard Home Edition 7.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}" = ArcSoft PhotoImpression
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{51DDFE79-3B2B-4AC7-8CAD-803D7D0DF6DD}" = MySQL Server 6.0
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{59CEACE1-2A1D-4CA7-908C-84CA8596E950}" = Cimatron E 6.0 Deutsche Benutzeroberfläche
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Camera Window
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EF16AA8-597E-4779-AEF7-1589EA1A7EC4}" = Nokia 6230i Infrared-Handset Manager
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A506386-BF2E-4C8E-8BE7-751B028134D2}" = X1TLD-FB
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.04
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CA071D3-A3DD-4EDD-A997-AFB178A181C7}" = DaViDeo ultimate
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A166CC47-2B02-427D-9619-58A935C66794}" = Tilgungsplaner Professional  9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3282FB8-874B-4054-8356-9EB391A826F9}" = OLYMPUS muvee theaterPack
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B651B3EC-1827-4CF5-8398-397B789E3151}" = File Viewer Utility 1.2.1
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1205500-2179-11D7-B0B9-0000E24D4B29}" = Digital Camera
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = RemoteCapture 2.7.1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = CIG
"{DEF2E5A3-0317-4822-B930-8B721EB483E4}" = ArcSoft VideoImpression 1.6
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40A958E-AABD-4D6F-A0FB-4D78DC02BEEF}" = Cimatron E 6.0
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Avidemux 2.5" = Avidemux 2.5
"BabylonToolbar" = Babylon toolbar
"BattleStrike_ger" = Battle Strike
"BearPaw 2400CS Plus v2.1" = BearPaw 2400CS Plus v2.1
"Biet-O-Matic v2.0.29" = Biet-O-Matic v2.0.29
"bs_thesiege_ger" = BattleStrike The Siege
"BVSSOL_is1" = BVS Solitaire Sammlung version 4.0
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"Cucusoft Ultimate DVD Converter_is1" = Cucusoft Ultimate DVD Converter 7.15
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter 3.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"ESET Online Scanner" = ESET Online Scanner v3
"Excel" = Microsoft Excel 97
"FEMM_is1" = femm 4.2 09Nov2010
"FileZilla" = FileZilla (remove only)
"FlightGear_is1" = FlightGear v1.0.0
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Video Converter_is1" = Free Video Converter V 3.0
"FreePDF_XP" = FreePDF XP (Remove only)
"ftp-uploader" = ftp-uploader
"GCI MT4" = GCI MT4
"GETrans" = GETrans 1.6
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.60" = GPL Ghostscript 8.60
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Hard Disk Low Level Format Tool_is1" = Hard Disk Low Level Format Tool 2.36 build 1181
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inno Setup 5_is1" = Inno Setup Version 5.4.2
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{095659A2-739F-4D9A-A916-66C7CAD16F9E}" = Canon EOS 10D WIA-Treiber
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"InstallShield_{B651B3EC-1827-4CF5-8398-397B789E3151}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{CF6E4D8E-F6F3-40DF-B6C9-BA379F4E9FA3}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{DD066C5F-A5C6-4A2B-8A08-7E3395B72C24}" = Canon Internet Library for ZoomBrowser EX
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Lexmark 7100 Series" = Lexmark 7100 Series
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Movies" = Movies
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"Outlook" = Microsoft Outlook 97
"phase5" = phase5
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Santa Claus in Trouble" = Santa Claus in Trouble
"SearchAnonymizer" = SearchAnonymizer
"Sid Meier's Railroad Tycoon" = Sid Meier's Railroad Tycoon
"Sunplus CA533A" = Icatch(IV) Camera Driver
"Switch" = Switch
"The Royal Marines Commando_is1" = The Royal Marines Commando (1.0)
"U-Boote: Schlacht im Mittelmeer" = U-Boote: Schlacht im Mittelmeer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"Updater Service" = Updater Service
"VariCAD_20100828_DE" = VariCAD 2010-3.00 DE
"VariCADViewer_20100828_DE" = VariCAD Viewer 2010-3.00 DE
"Verbose" = Verbose Uninstall
"VLC media player" = VLC media player 1.1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Diashow_is1" = Web Diashow
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2013 13:00:53 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 06.02.2013 13:00:56 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei c:\temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 06.02.2013 13:00:56 | Computer Name = MOTIONSIGN | Source = NativeWrapper | ID = 5000
Description =
 
Error - 07.02.2013 13:00:47 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 07.02.2013 13:00:50 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei c:\temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 07.02.2013 13:00:50 | Computer Name = MOTIONSIGN | Source = NativeWrapper | ID = 5000
Description =
 
Error - 08.02.2013 00:08:01 | Computer Name = MOTIONSIGN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung babylontoolbarsrv.exe, Version 1.8.7.0,
fehlgeschlagenes Modul ole32.dll, Version 5.1.2600.6168, Fehleradresse 0x0002c8fd.
 
Error - 08.02.2013 00:09:08 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 11706
Description = Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt
 "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden.  Windows
 Installer kann nicht fortfahren.
 
Error - 08.02.2013 00:09:11 | Computer Name = MOTIONSIGN | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei c:\temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
 enthalten.
 
Error - 08.02.2013 00:09:11 | Computer Name = MOTIONSIGN | Source = NativeWrapper | ID = 5000
Description =
 
[ OSession Events ]
Error - 15.10.2010 20:11:32 | Computer Name = MOTIONSIGN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1087 seconds with 720 seconds of active time.  This session ended with a
crash.
 
Error - 22.04.2011 13:51:10 | Computer Name = MOTIONSIGN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2643
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.02.2013 09:32:50 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Icatch(IV) Video Camera Device" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1058
 
Error - 06.02.2013 13:01:03 | Computer Name = MOTIONSIGN | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 07.02.2013 13:00:55 | Computer Name = MOTIONSIGN | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 08.02.2013 00:09:11 | Computer Name = MOTIONSIGN | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
 
Error - 08.02.2013 08:21:48 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
 Anti-Virus Service.
 
Error - 08.02.2013 08:21:48 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 08.02.2013 08:21:48 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Icatch(IV) Video Camera Device" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1058
 
Error - 08.02.2013 08:27:34 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
 Anti-Virus Service.
 
Error - 08.02.2013 08:27:34 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1053
 
Error - 08.02.2013 08:27:34 | Computer Name = MOTIONSIGN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Icatch(IV) Video Camera Device" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1058
 
 
< End of report >
--- --- ---

Tina666 08.02.2013 14:27
OTL Logfile:
Code:
OTL logfile created on: 08.02.2013 13:58:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Bereinigung
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,63% Memory free
6,84 Gb Paging File | 6,01 Gb Available in Paging File | 87,88% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,76 Gb Total Space | 285,92 Gb Free Space | 61,39% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 227,63 Gb Free Space | 38,18% Space Free | Partition Type: NTFS
Drive E: | 236,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MOTIONSIGN | User Name: Hartmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.08 13:44:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Bereinigung\OTL.exe
PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
PRC - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.12.18 13:52:14 | 000,380,648 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarsrv.exe
PRC - [2012.10.20 21:01:11 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.03.03 18:39:40 | 002,598,760 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProTray.exe
PRC - [2010.03.03 18:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton Ghost\Agent\VProSvc.exe
PRC - [2010.02.11 01:34:14 | 001,964,528 | ---- | M] (Symantec) -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.09.21 13:50:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
PRC - [2001.07.09 14:38:10 | 000,356,352 | ---- | M] (Common Group) -- C:\WINDOWS\twain_32\A12U16KD\WATCH.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
MOD - [2013.01.09 18:45:46 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c8aa45e46a5a90e65984b1a2591c0ca7\Microsoft.VisualBasic.ni.dll
MOD - [2013.01.09 18:23:01 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013.01.09 18:21:51 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4c91371e83d124ecb39664613e7e0417\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:21:40 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.09 18:20:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.09 18:20:50 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2012.12.25 09:51:45 | 002,202,728 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.12.18 13:01:06 | 000,058,880 | ---- | M] () -- C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\escortShld.dll
MOD - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
MOD - [2010.04.24 22:30:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2004.09.14 18:44:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbxPP5C.DLL
MOD - [2002.10.30 08:58:36 | 000,143,360 | ---- | M] () -- C:\WINDOWS\twain_32\A12U16KD\A2dSpi.dll
MOD - [2001.12.06 19:55:18 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\A2dusd.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001.09.21 13:50:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.08 13:39:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.20 00:08:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 08:58:06 | 000,602,912 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012.12.25 09:53:30 | 002,547,816 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.10.20 21:01:11 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.29 23:24:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.03.03 18:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 06:09:06 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2010.02.11 01:34:14 | 001,964,528 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.01.06 23:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxbxcoms.exe -- (lxbx_device)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] --  -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\FTD2XX.sys -- (FTD2XX)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter)
DRV - [2012.07.08 21:52:59 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.07.08 21:52:59 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.06.28 12:15:20 | 006,363,752 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.03.22 08:58:42 | 000,065,136 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010.03.03 18:59:22 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.02.12 06:10:12 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2010.02.11 01:34:46 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2009.11.18 00:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.21 19:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.01.04 14:25:08 | 000,017,408 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PMUSB.sys -- (PMUSB2G)
DRV - [2008.12.01 23:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.11.25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008.11.25 01:35:54 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008.11.25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008.07.10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.02.13 12:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008.01.14 16:29:17 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007.12.06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.09.02 16:09:52 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006.09.02 15:36:20 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006.09.02 14:49:55 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2006.07.24 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006.07.24 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005.05.17 13:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005.05.16 14:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.02.09 11:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2005.01.10 10:45:56 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2004.12.07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004.12.01 13:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004.11.24 10:42:48 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.11.24 10:42:46 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.10.21 04:39:44 | 000,035,840 | R--- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.07.14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.04.26 07:10:00 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.04.26 07:09:52 | 000,054,657 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004.04.26 07:09:42 | 000,071,405 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004.04.26 07:09:24 | 000,024,605 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2003.05.14 13:42:56 | 000,021,216 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2003.05.14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2003.05.14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.05.14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2003.03.25 09:55:04 | 000,027,136 | R--- | M] (Mobile Action Tech. Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma-620.sys -- (MA-620)
DRV - [2002.10.21 10:37:16 | 000,515,803 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av)
DRV - [2002.07.25 10:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera)
DRV - [2002.05.31 09:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pnp680r.sys -- (Pnp680r)
DRV - [2001.11.08 07:53:54 | 000,018,120 | ---- | M] (  ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001.08.17 12:49:38 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ativmdcd.sys -- (MVDCODEC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0504817B-F19C-4569-BF5F-14CA6DE4EFF1}
IE - HKLM\..\SearchScopes\{0504817B-F19C-4569-BF5F-14CA6DE4EFF1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://wirtschaft.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://wirtschaft.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0504817B-F19C-4569-BF5F-14CA6DE4EFF1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE427
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=118720&tt=0213_1&babsrc=SP_ss&mntrId=209027f10000000000005404a6d4fa58
IE - HKCU\..\SearchScopes\{131B38B1-CC5B-4A32-9914-62E0ED1FC19C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=df035c86-164b-4e37-a792-9376dcdd64f6&apn_sauid=469D03E0-2A3E-4579-834B-D66778E0659B
IE - HKCU\..\SearchScopes\{342032E5-348C-48BE-BFB2-D336898928C9}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3AA0DE0F-6691-4E93-A74E-D0A366421803}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{3D20C55B-1C6F-44BB-8B64-6EB4DA52524C}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{65B27F1C-B3AA-42A9-82CF-FF5ED3FED24F}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{9F3786B8-EF7C-407E-AF2C-B49DAA6A0D1E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D6481E63-37A6-44EA-802B-2BC182D0D96E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=92c11ed6-2009-4333-8e8b-d71c8d99e855&pid=fotofreeware&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ffpro"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=15788"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.9.100013
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1040.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=de_DE&apn_uid=df035c86-164b-4e37-a792-9376dcdd64f6&apn_ptnrs=HQ&apn_sauid=469D03E0-2A3E-4579-834B-D66778E0659B&apn_dtid=YYYYYYYYDE&&q="
 
FF - user.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - user.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q="
FF - user.js..browser.search.selectedEngine: "Google"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.10 12:53:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.11.10 12:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.10 12:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.20 00:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 15:02:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.10 08:59:45 | 000,000,000 | ---D | M]
 
[2012.10.13 12:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions
[2008.11.13 02:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2013.01.31 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions
[2010.05.13 02:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.10.11 23:29:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.01.10 08:59:31 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\ffxtlbr@babylon.com
[2012.10.02 22:11:56 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\foxmarks@kei.com
[2013.01.10 08:59:10 | 000,000,000 | ---D | M] (Yontoo) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\plugin@yontoo.com
[2013.02.02 13:19:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\toolbar@ask.com
[2013.01.18 20:01:08 | 000,538,938 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\toolbar@web.de.xpi
[2013.01.30 22:35:10 | 000,533,536 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.01.31 21:44:22 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.17 00:00:10 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\11-suche.xml
[2013.02.08 13:24:47 | 000,002,400 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\askcom.xml
[2013.01.10 09:00:14 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\babylon1.xml
[2012.11.17 00:00:10 | 000,002,273 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\englische-ergebnisse.xml
[2012.11.17 00:00:10 | 000,010,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\gmx-suche.xml
[2012.03.29 23:24:50 | 000,002,492 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\google-und-download-suche.xml
[2012.11.17 00:00:10 | 000,002,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\lastminute.xml
[2012.11.17 00:00:10 | 000,005,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\searchplugins\webde-suche.xml
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.12.06 21:39:52 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.01.10 08:59:45 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\BROWSERPROTECT\2.6.1040.25\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.01.20 00:08:12 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.10.16 00:36:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.10 08:59:13 | 000,002,349 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.10.16 00:36:49 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.16 00:36:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.16 00:36:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.16 00:36:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.16 00:36:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=118720&tt=0213_1&babsrc=HP_ss&mntrId=209027f10000000000005404a6d4fa58
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=118720&tt=0213_1&babsrc=HP_ss&mntrId=209027f10000000000005404a6d4fa58
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dnpmlnedpdikbgdghljdepnljfpkhccn\1.0.0_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jbpcjmidkkgldeplajgnbpjkfpmpeepb\1.0.6_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2012.11.17 13:32:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] c:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\WINDOWS\twain_32\A12U16KD\WATCH.exe (Common Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ADAB9D3-1DB3-49B2-89FC-F454CD73AD07}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC1575C-73E5-4A35-B75A-769B11439EBC}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\dokume~1\alluse~1\anwend~1\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.29 13:53:12 | 000,000,087 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Programme\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Watch.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: 1und1Dispatcher - hkey= - key= - C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: Gtwatch - hkey= - key= - C:\WINDOWS\Gtwatch.exe ()
MsConfig - StartUpReg: itype - hkey= - key= - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
MsConfig - StartUpReg: LDM - hkey= - key= - C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
MsConfig - StartUpReg: Logitech Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: OM2_Monitor - hkey= - key= - C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
MsConfig - StartUpReg: OM2_Monitor1 - hkey= - key= - C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task1 - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task2 - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony PC Companion - hkey= - key= - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: swg1 - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 08:59:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Startmenü\Programme\BrowserProtect
[2013.01.10 08:59:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabylonToolbar
[2013.01.10 08:59:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2013.01.10 08:59:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabSolution
[2013.01.10 08:59:30 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2013.01.10 08:59:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PerformerSoft
[2013.01.10 08:59:05 | 000,000,000 | ---D | C] -- C:\Programme\Yontoo
[2013.01.10 08:58:53 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2013.01.10 08:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2013.01.10 08:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2013.01.10 08:58:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Babylon
[2013.01.10 08:58:46 | 000,000,000 | ---D | C] -- C:\Programme\File Scout
[2013.01.10 08:58:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2013.01.09 18:41:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.10.21 22:25:27 | 018,380,552 | ---- | C] (Mozilla) -- C:\Programme\WEB.DE_Firefox_Setup.exe
[2006.12.16 12:34:39 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermptxp.sys
[2006.12.16 12:34:39 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermpt.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 14:02:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.02.08 13:49:06 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 13:39:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.02.08 13:27:38 | 000,012,682 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.02.08 13:26:22 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.08 13:26:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.02.08 13:25:58 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.02.08 13:25:15 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2013.02.07 22:48:10 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
[2013.02.07 01:24:11 | 000,000,452 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Eigene Dateien\spider.sav
[2013.02.04 19:15:00 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.02.02 23:42:03 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013.02.02 23:42:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013.01.25 14:08:08 | 006,586,368 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2013.01.09 18:20:11 | 000,593,176 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.09 18:20:11 | 000,546,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.09 18:20:11 | 000,129,702 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.09 18:20:11 | 000,104,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.09 18:06:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2013.02.02 23:42:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013.02.02 23:42:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012.12.23 14:56:24 | 000,008,622 | ---- | C] () -- C:\WINDOWS\extend.dat
[2012.11.17 13:15:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.11.17 13:15:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.11.17 13:15:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.11.17 13:15:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.11.17 13:15:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.10.13 12:23:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2012.06.19 15:39:23 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2012.06.19 15:39:22 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2012.06.19 15:39:21 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012.04.03 18:54:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ui.INI
[2012.04.03 17:32:39 | 000,018,120 | ---- | C] (  ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2012.03.30 21:54:46 | 000,117,035 | ---- | C] () -- C:\Programme\jquery.yoxview-2.21.zip
[2012.03.30 21:12:11 | 007,558,447 | ---- | C] () -- C:\Programme\aemf20.exe
[2012.03.29 20:52:18 | 000,015,416 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.03.29 20:17:29 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012.03.29 20:17:29 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012.03.29 20:16:21 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.03.28 15:22:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2dusd.dll
[2012.03.28 13:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2012.03.28 13:20:23 | 000,032,768 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2012.03.01 13:55:08 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.03.01 13:52:55 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012.03.01 13:52:55 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012.02.16 04:44:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.03 06:29:50 | 000,211,614 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2010.11.17 07:12:17 | 000,000,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\.octave_hist
[2010.10.15 13:38:24 | 000,000,244 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\varicad-work.ini
[2010.04.27 23:14:16 | 000,038,347 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\dsc2099.jpg
[2010.01.06 22:44:31 | 000,000,291 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PropCalc Preferences
[2008.09.27 00:47:18 | 000,278,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mdbu.bin
[2008.06.20 13:23:06 | 001,487,202 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\test
[2007.08.03 22:47:14 | 000,001,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.04.25 22:08:24 | 000,093,209 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mdb.bin
[2006.12.16 12:34:39 | 000,007,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000.INF
[2006.12.16 12:34:39 | 000,005,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000XP.INF
[2006.12.16 12:34:39 | 000,005,877 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\USB_CMCS_2000.INF
[2006.10.06 11:39:40 | 000,104,990 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\wtge61ge.HST
[2006.09.02 16:25:29 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.09.02 15:46:03 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.09.02 15:45:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.31 00:18:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012.03.26 20:52:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alibre Design
[2011.05.13 17:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2012.03.01 10:45:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2013.01.10 08:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012.03.30 20:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BMSEV
[2013.01.10 08:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect
[2012.11.15 20:00:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2012.03.26 17:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clp
[2012.03.01 12:18:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.03.02 13:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Toolkit Suite
[2006.09.23 22:47:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DassaultSystemes
[2012.01.18 19:19:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2010.03.02 21:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Die GeldPlaner Einstellungen
[2012.03.28 14:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Mender
[2008.07.12 15:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2012.07.06 16:43:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2009.11.06 00:37:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotokasten comfort
[2008.12.15 14:26:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HDD Thermometer
[2013.01.10 08:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService
[2010.03.02 21:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\metier2000Apps
[2012.03.01 13:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2008.01.13 23:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2007.10.29 14:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2007.10.29 14:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio
[2007.10.29 13:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc
[2012.03.29 15:34:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2007.05.12 18:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2013.01.10 08:59:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2010.03.02 21:22:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TOIGeldplaner2008
[2009.01.07 11:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2012.10.15 21:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.01.23 19:54:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2012.01.18 19:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb
[2010.10.15 13:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VariCAD
[2012.10.15 22:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2012.10.15 22:10:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.15 22:10:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012.10.15 22:10:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.01.18 19:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\1&1 Mail & Media GmbH
[2012.05.26 18:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Acronis
[2010.10.11 05:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Alibre Design
[2010.10.13 20:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\avidemux
[2013.01.10 08:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabSolution
[2013.01.10 08:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Babylon
[2013.01.10 08:59:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BabylonToolbar
[2012.03.30 20:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BMSEV
[2013.02.08 01:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\BVS Solitaire Collection
[2006.09.28 13:40:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\CD-LabelPrint
[2010.01.25 05:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DassaultSystemes
[2012.11.11 11:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\DesktopIconForAmazon
[2012.01.28 06:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Easy MP3 Recorder
[2012.03.02 13:14:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Fighters
[2009.07.04 16:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\flightgear.org
[2012.12.28 00:52:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\FreeVideoConverter
[2012.02.02 17:46:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Garmin
[2008.06.20 13:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\gtk-2.0
[2006.09.02 15:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\HDD Thermometer
[2012.11.18 23:15:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\ImgBurn
[2010.04.26 13:19:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\kompozer.net
[2007.06.17 11:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\mirabyte
[2009.01.08 20:42:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MobileAction
[2010.04.27 23:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MrJobs
[2010.10.05 17:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\MSNInstaller
[2009.01.11 15:45:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\NCH Swift Sound
[2010.04.23 23:47:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Nvu
[2012.03.29 23:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS
[2012.03.29 23:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Opera
[2006.09.02 15:56:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PDFCreator
[2013.01.12 10:39:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PerformerSoft
[2011.12.23 20:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\PhotoScape
[2007.05.12 18:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\T-Online
[2008.08.26 18:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TeamViewer
[2008.11.13 02:04:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TomTom
[2012.10.15 21:39:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\TuneUp Software
[2007.05.31 17:06:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\ubi.com
[2009.01.23 19:59:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Ulead Systems
[2012.01.12 06:10:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Uniblue
[2010.10.15 13:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\VariCAD
[2010.10.15 13:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\VariCAD-Viewer.de
[2010.05.18 12:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Webocton - Scriptly
[2011.04.02 13:21:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Windows Desktop Search
[2009.01.13 22:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\Windows Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2007.08.09 23:34:28 | 000,000,000 | ---D | M] -- C:\acs-prop
[2012.11.20 16:31:56 | 000,000,000 | ---D | M] -- C:\Amelie
[2013.02.08 13:56:48 | 000,000,000 | ---D | M] -- C:\Bereinigung
[2013.01.27 02:48:47 | 000,000,000 | ---D | M] -- C:\Bilder
[2006.09.02 15:47:16 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2012.07.28 23:59:53 | 000,000,000 | ---D | M] -- C:\Boxer Klub
[2006.11.09 14:01:04 | 000,000,000 | ---D | M] -- C:\Cimatron
[2011.12.02 14:15:40 | 000,000,000 | ---D | M] -- C:\CimDat
[2012.11.17 13:17:50 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2013.02.08 05:09:10 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.10.09 18:44:59 | 000,000,000 | ---D | M] -- C:\ConverterOutput
[2006.10.12 16:29:29 | 000,000,000 | ---D | M] -- C:\COREL50
[2009.08.21 17:03:20 | 000,000,000 | ---D | M] -- C:\d30fa7cb1ac1c593a574b1c9
[2010.11.17 20:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.04.27 00:02:03 | 000,000,000 | ---D | M] -- C:\E-Pro
[2006.09.04 23:54:10 | 000,000,000 | ---D | M] -- C:\Favoriten
[2012.12.28 01:02:33 | 000,000,000 | ---D | M] -- C:\Filme
[2011.07.24 13:44:52 | 000,000,000 | ---D | M] -- C:\Fischer
[2012.07.11 11:41:56 | 000,000,000 | ---D | M] -- C:\found.000
[2011.09.05 10:13:20 | 000,000,000 | ---D | M] -- C:\Futter
[2012.06.30 21:27:14 | 000,000,000 | ---D | M] -- C:\Gallinat
[2009.10.20 21:53:12 | 000,000,000 | ---D | M] -- C:\Gambia
[2011.04.27 00:02:01 | 000,000,000 | ---D | M] -- C:\harald
[2011.04.16 21:28:28 | 000,000,000 | ---D | M] -- C:\harald1
[2007.08.09 23:34:30 | 000,000,000 | ---D | M] -- C:\Heli-Propeller
[2007.12.17 12:53:44 | 000,000,000 | ---D | M] -- C:\Helicopter
[2012.04.12 12:58:49 | 000,000,000 | ---D | M] -- C:\Homepages
[2010.07.20 14:20:22 | 000,000,000 | ---D | M] -- C:\HP
[2011.04.20 01:06:38 | 000,000,000 | ---D | M] -- C:\HP Bilder
[2011.04.20 02:01:55 | 000,000,000 | ---D | M] -- C:\HP Bilder 2
[2012.08.19 12:05:41 | 000,000,000 | ---D | M] -- C:\HP BK
[2010.07.22 14:58:35 | 000,000,000 | ---D | M] -- C:\hp-test
[2010.03.17 13:22:31 | 000,000,000 | ---D | M] -- C:\Juwel
[2011.07.24 13:44:53 | 000,000,000 | ---D | M] -- C:\Kontrollen
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\Küche
[2009.06.15 13:27:47 | 000,000,000 | ---D | M] -- C:\Langguth
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\Lengdorfer
[2011.07.24 13:44:53 | 000,000,000 | ---D | M] -- C:\Lengdorfer 2
[2012.01.29 15:03:05 | 000,000,000 | ---D | M] -- C:\LS
[2011.07.24 13:44:54 | 000,000,000 | ---D | M] -- C:\Motion Sign Zusammenfassung
[2012.04.04 12:42:31 | 000,000,000 | ---D | M] -- C:\MotionSign
[2011.11.30 18:52:25 | 000,000,000 | ---D | M] -- C:\MotionSign alt
[2010.02.19 02:18:27 | 000,000,000 | ---D | M] -- C:\MotionSign Antrag
[2009.04.28 13:59:31 | 000,000,000 | ---D | M] -- C:\MotionSign Antrag aktuell
[2011.07.24 13:44:56 | 000,000,000 | ---D | M] -- C:\MotionSign sonstiges
[2012.02.15 00:34:11 | 000,000,000 | ---D | M] -- C:\Motor
[2010.09.05 14:49:27 | 000,000,000 | ---D | M] -- C:\Motorrad
[2012.08.16 18:09:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.07 22:20:17 | 000,000,000 | ---D | M] -- C:\Musik
[2010.05.07 12:50:42 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011.07.24 13:44:57 | 000,000,000 | ---D | M] -- C:\Petra
[2011.07.24 13:44:57 | 000,000,000 | ---D | M] -- C:\Photo Impact
[2009.05.11 20:17:48 | 000,000,000 | ---D | M] -- C:\PPS Dateien
[2012.03.03 20:10:11 | 000,000,000 | ---D | M] -- C:\Preventon
[2013.01.07 13:44:32 | 000,000,000 | ---D | M] -- C:\Privat
[2008.12.30 21:15:32 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.02.07 00:44:24 | 000,000,000 | R--D | M] -- C:\Programme
[2009.11.03 02:08:19 | 000,000,000 | ---D | M] -- C:\Promeos
[2008.01.22 00:59:17 | 000,000,000 | ---D | M] -- C:\PSK
[2012.11.17 13:34:56 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012.11.27 22:52:27 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.07.24 13:44:59 | 000,000,000 | ---D | M] -- C:\Rudi Kainer
[2012.03.27 00:26:06 | 000,000,000 | ---D | M] -- C:\style
[2012.11.10 12:30:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.02.08 13:44:17 | 000,000,000 | ---D | M] -- C:\Temp
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\test bilder
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\Testament
[2012.10.09 21:34:12 | 000,000,000 | ---D | M] -- C:\Tests
[2012.03.27 17:17:15 | 000,000,000 | ---D | M] -- C:\Ubisoft
[2009.01.27 12:49:53 | 000,000,000 | ---D | M] -- C:\UFO
[2008.06.20 12:29:29 | 000,000,000 | ---D | M] -- C:\VideoOutput
[2012.02.14 15:48:13 | 000,000,000 | ---D | M] -- C:\Wichteln 2010
[2013.02.08 05:09:06 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2010.04.28 20:54:48 | 000,000,000 | ---D | M] -- C:\www.html.net
[2010.04.25 21:17:17 | 000,000,000 | ---D | M] -- C:\XAMPP
[2012.01.19 16:35:13 | 000,000,000 | ---D | M] -- C:\XAMPP-1
 
< %PROGRAMFILES%\*.exe >
[2012.03.30 21:12:39 | 007,558,447 | ---- | M] () -- C:\Programme\aemf20.exe
[2012.10.21 22:25:27 | 018,380,552 | ---- | M] (Mozilla) -- C:\Programme\WEB.DE_Firefox_Setup.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 03:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 03:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 03:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 03:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 03:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 03:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 03:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.09.02 14:34:29 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.09.02 14:38:58 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.11.23 02:27:15 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009.11.23 02:27:15 | 000,001,094 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.05 18:47:10 | 000,000,402 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
[2012.04.10 01:36:23 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.11.18 23:02:07 | 000,000,232 | ---- | C] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.06.11 17:49:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2009.08.05 23:00:00 | 000,028,787 | ---- | M] () MD5=9517DD94BABFCCDBA18772AB41AF4A57 -- C:\XAMPP\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2004.12.07 09:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.09.02 16:26:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.09.02 16:26:22 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.09.02 16:26:22 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.12.23 16:33:22 | 000,000,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\.octave_hist
[2010.04.27 23:14:16 | 000,038,347 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\dsc2099.jpg
[2006.12.16 12:39:59 | 000,010,755 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\Motorola_Driver_Log.txt
[2013.02.08 13:24:58 | 012,582,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.dat
[2013.02.08 14:18:43 | 000,036,864 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.dat.LOG
[2013.02.08 13:24:58 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hartmann\ntuser.ini
[2008.06.20 13:23:17 | 001,487,202 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\test
[2006.12.16 12:34:39 | 000,007,195 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000.INF
[2006.12.16 12:34:39 | 000,005,891 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USBMOT2000XP.INF
[2006.12.16 12:34:39 | 000,022,768 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermpt.sys
[2006.12.16 12:34:39 | 000,024,192 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Hartmann\usbsermptxp.sys
[2006.12.16 12:34:39 | 000,005,877 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\USB_CMCS_2000.INF
[2012.08.13 12:04:54 | 000,104,990 | ---- | M] () -- C:\Dokumente und Einstellungen\Hartmann\wtge61ge.HST
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

markusg 08.02.2013 15:38
Sehe schon mal einiges an Müll, toolbars, jede menge.

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found
O4 - HKLM..\Run: []  File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703SearchSource=3q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=diso=15788"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.9.100013
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ffsrc=kwtb=IMBo=15785locale=de_DEapn_uid=df035c86-164b-4e37-a792-9376dcdd64f6apn_ptnrs=HQapn_sauid=469D03E0-2A3E-4579-834B-D66778E0659Bapn_dtid=YYYYYYYYDE&q="
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Tina666 08.02.2013 17:19
All processes killed
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703SearchSource=3q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.ask.com/?l=diso=15788" removed from browser.startup.homepage
Prefs.js: toolbar%40web.de:2.3.4 removed from extensions.enabledAddons
Prefs.js: toolbar%40ask.com:3.15.9.100013 removed from extensions.enabledAddons
Prefs.js: ffxtlbr%40babylon.com:1.5.0 removed from extensions.enabledAddons
Prefs.js: plugin%40yontoo.com:1.20.00 removed from extensions.enabledAddons
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ffsrc=kwtb=IMBo=15785locale=de_DEapn_uid=df035c86-164b-4e37-a792-9376dcdd64f6apn_ptnrs=HQapn_sauid=469D03E0-2A3E-4579-834B-D66778E0659Bapn_dtid=YYYYYYYYDE&q=" removed from keyword.URL
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hartmann
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 116021554 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1112591882 bytes
->Google Chrome cache emptied: 7801771 bytes
->Flash cache emptied: 31314 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: XXX

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 136950846 bytes
Session Manager Tmp folder emptied: 220100 bytes
RecycleBin emptied: 53510566 bytes

Total Files Cleaned = 1.361,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02082013_170726

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZYB9T18Y\ads[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZYB9T18Y\document[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZYB9T18Y\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZYB9T18Y\Ux35JNRXjCV[1].eot moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZYB9T18Y\ZcRrIg_AOG5[1].eot moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XEL8HUHV\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XEL8HUHV\rd[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XEL8HUHV\rd[2].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XEL8HUHV\tracking[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\ads[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\ads[2].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\iepngfix[1].htc moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\imp-292616693[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\index[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\index[2].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\inp[1].html moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\mnu[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MIIFCB3O\tlbr[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\L949MBCH\130789-mozilla-macht-probleme[1].html moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\L949MBCH\banner[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KKKCXPBP\index[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KKKCXPBP\tlbr[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JUXU0QC4\mediacom.de[1].asis moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\JUXU0QC4\mnu[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BJCSNWMS\eBayISAPI[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BJCSNWMS\index[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BJCSNWMS\inp[1].html moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BJCSNWMS\login[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BJCSNWMS\p[1].gif moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3SL8Q2UB\iepngfix[1].htc moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3SL8Q2UB\login[1].htm moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3SL8Q2UB\Roboto-Condensed-webfont[1].eot moved successfully.
C:\Dokumente und Einstellungen\Hartmann\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
c:\temp\Perflib_Perfdata_8a4.dat moved successfully.
File\Folder c:\temp\Perflib_Perfdata_cec.dat not found!
c:\temp\VGX30.tmp moved successfully.
File\Folder c:\temp\~DFC1E9.tmp not found!
File\Folder c:\temp\~DFC1F4.tmp not found!
File\Folder c:\temp\~DFC427.tmp not found!
File\Folder c:\temp\~DFC432.tmp not found!
File\Folder c:\temp\~DF4564.tmp not found!
File\Folder c:\temp\~DF4903.tmp not found!
File\Folder c:\temp\~DF6AE1.tmp not found!
File\Folder c:\temp\~DFA0AE.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.

markusg 08.02.2013 17:51
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Tina666 08.02.2013 18:41
18:37:36.0640 3084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:37:36.0718 3084 ============================================================
18:37:36.0718 3084 Current date / time: 2013/02/08 18:37:36.0718
18:37:36.0718 3084 SystemInfo:
18:37:36.0718 3084
18:37:36.0718 3084 OS Version: 5.1.2600 ServicePack: 3.0
18:37:36.0718 3084 Product type: Workstation
18:37:36.0718 3084 ComputerName: MOTIONSIGN
18:37:36.0718 3084 UserName: Hartmann
18:37:36.0718 3084 Windows directory: C:\WINDOWS
18:37:36.0718 3084 System windows directory: C:\WINDOWS
18:37:36.0718 3084 Processor architecture: Intel x86
18:37:36.0718 3084 Number of processors: 2
18:37:36.0718 3084 Page size: 0x1000
18:37:36.0718 3084 Boot type: Normal boot
18:37:36.0718 3084 ============================================================
18:37:38.0359 3084 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:38.0390 3084 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:38.0390 3084 ============================================================
18:37:38.0390 3084 \Device\Harddisk0\DR0:
18:37:38.0390 3084 MBR partitions:
18:37:38.0390 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
18:37:38.0390 3084 \Device\Harddisk1\DR1:
18:37:38.0390 3084 MBR partitions:
18:37:38.0390 3084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852FC1
18:37:38.0390 3084 ============================================================
18:37:38.0421 3084 C: <-> \Device\Harddisk0\DR0\Partition1
18:37:38.0437 3084 D: <-> \Device\Harddisk1\DR1\Partition1
18:37:38.0437 3084 ============================================================
18:37:38.0437 3084 Initialize success
18:37:38.0437 3084 ============================================================
18:38:33.0796 2580 ============================================================
18:38:33.0796 2580 Scan started
18:38:33.0796 2580 Mode: Manual; SigCheck; TDLFS;
18:38:33.0796 2580 ============================================================
18:38:34.0484 2580 ================ Scan system memory ========================
18:38:34.0500 2580 System memory - ok
18:38:34.0500 2580 ================ Scan services =============================
18:38:34.0593 2580 Abiosdsk - ok
18:38:34.0609 2580 abp480n5 - ok
18:38:34.0640 2580 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:36.0343 2580 ACPI - ok
18:38:36.0375 2580 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:38:36.0515 2580 ACPIEC - ok
18:38:36.0578 2580 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:36.0609 2580 AdobeFlashPlayerUpdateSvc - ok
18:38:36.0609 2580 adpu160m - ok
18:38:36.0656 2580 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:38:36.0796 2580 aec - ok
18:38:36.0890 2580 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
18:38:36.0921 2580 Afc ( UnsignedFile.Multi.Generic ) - warning
18:38:36.0921 2580 Afc - detected UnsignedFile.Multi.Generic (1)
18:38:36.0953 2580 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:38:37.0015 2580 AFD - ok
18:38:37.0015 2580 Aha154x - ok
18:38:37.0031 2580 aic78u2 - ok
18:38:37.0031 2580 aic78xx - ok
18:38:37.0109 2580 [ 4E0ACA5290B2966F24C45250A56C2DA1 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:38:37.0312 2580 ALCXWDM - ok
18:38:37.0343 2580 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:38:37.0484 2580 Alerter - ok
18:38:37.0500 2580 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
18:38:37.0578 2580 ALG - ok
18:38:37.0593 2580 AliIde - ok
18:38:37.0656 2580 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
18:38:37.0781 2580 Ambfilt - ok
18:38:37.0812 2580 [ E6A2299284013EC4DE3419481A62069F ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:38:37.0921 2580 AmdK8 - ok
18:38:37.0937 2580 amsint - ok
18:38:37.0937 2580 AppMgmt - ok
18:38:37.0968 2580 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:38:38.0109 2580 Arp1394 - ok
18:38:38.0140 2580 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2K C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
18:38:38.0140 2580 ASAPIW2K ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0140 2580 ASAPIW2K - detected UnsignedFile.Multi.Generic (1)
18:38:38.0156 2580 asc - ok
18:38:38.0156 2580 asc3350p - ok
18:38:38.0156 2580 asc3550 - ok
18:38:38.0203 2580 [ EB62FA6D7DA4E774E47D376E4D19CA5F ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
18:38:38.0218 2580 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0218 2580 Aspi32 - detected UnsignedFile.Multi.Generic (1)
18:38:38.0328 2580 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:38:38.0375 2580 aspnet_state - ok
18:38:38.0390 2580 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:38.0531 2580 AsyncMac - ok
18:38:38.0562 2580 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:38.0703 2580 atapi - ok
18:38:38.0703 2580 Atdisk - ok
18:38:38.0750 2580 [ ECA673779ECD27D674953D692FE070F6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
18:38:38.0875 2580 Ati HotKey Poller - ok
18:38:38.0906 2580 [ 1428C586BB318E1404575834E428ADDD ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
18:38:38.0953 2580 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0953 2580 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:38:39.0031 2580 [ 15B2FE76E2ECEB98C49ED52311A6F26F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:38:39.0140 2580 ati2mtag - ok
18:38:39.0156 2580 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:39.0296 2580 Atmarpc - ok
18:38:39.0390 2580 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:38:39.0546 2580 AudioSrv - ok
18:38:39.0562 2580 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:39.0703 2580 audstub - ok
18:38:39.0703 2580 AVFSFilter - ok
18:38:39.0812 2580 [ 2718DC27571BD1E37813F5759D2DC118 ] AVP C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
18:38:39.0843 2580 AVP - ok
18:38:39.0890 2580 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:38:40.0015 2580 Beep - ok
18:38:40.0078 2580 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
18:38:40.0328 2580 BITS - ok
18:38:40.0390 2580 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
18:38:40.0484 2580 Browser - ok
18:38:40.0625 2580 [ 18994CC7A0664F9C8E495F09C38E2FCD ] BrowserProtect C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
18:38:40.0703 2580 BrowserProtect - ok
18:38:40.0718 2580 btaudio - ok
18:38:40.0718 2580 BTDriver - ok
18:38:40.0734 2580 BTKRNL - ok
18:38:40.0734 2580 BTWDNDIS - ok
18:38:40.0734 2580 BTWUSB - ok
18:38:40.0843 2580 [ A8EAE8E358DE3A21E6EB54F4FC7F65EC ] Ca533av C:\WINDOWS\system32\Drivers\Ca533av.sys
18:38:40.0921 2580 Ca533av - ok
18:38:40.0968 2580 catchme - ok
18:38:41.0000 2580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:41.0140 2580 cbidf2k - ok
18:38:41.0203 2580 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:38:41.0343 2580 CCDECODE - ok
18:38:41.0359 2580 cd20xrnt - ok
18:38:41.0390 2580 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:41.0531 2580 Cdaudio - ok
18:38:41.0562 2580 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:41.0703 2580 Cdfs - ok
18:38:41.0750 2580 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
18:38:41.0750 2580 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0750 2580 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
18:38:41.0765 2580 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:38:41.0781 2580 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0781 2580 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
18:38:41.0796 2580 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:41.0953 2580 Cdrom - ok
18:38:41.0953 2580 Changer - ok
18:38:42.0015 2580 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:38:42.0156 2580 CiSvc - ok
18:38:42.0187 2580 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:38:42.0328 2580 ClipSrv - ok
18:38:42.0359 2580 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:42.0484 2580 clr_optimization_v2.0.50727_32 - ok
18:38:42.0546 2580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:38:42.0578 2580 clr_optimization_v4.0.30319_32 - ok
18:38:42.0593 2580 CmdIde - ok
18:38:42.0593 2580 COMSysApp - ok
18:38:42.0609 2580 Cpqarray - ok
18:38:42.0656 2580 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:38:42.0796 2580 CryptSvc - ok
18:38:42.0812 2580 dac2w2k - ok
18:38:42.0812 2580 dac960nt - ok
18:38:42.0890 2580 [ B7EF38C2C22A7805DE919CFF5E16A372 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
18:38:42.0921 2580 dc3d - ok
18:38:42.0953 2580 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:38:43.0031 2580 DcomLaunch - ok
18:38:43.0062 2580 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:38:43.0203 2580 Dhcp - ok
18:38:43.0250 2580 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:43.0390 2580 Disk - ok
18:38:43.0390 2580 dmadmin - ok
18:38:43.0453 2580 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:38:43.0609 2580 dmboot - ok
18:38:43.0703 2580 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:38:43.0828 2580 dmio - ok
18:38:43.0875 2580 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:38:44.0000 2580 dmload - ok
18:38:44.0078 2580 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:38:44.0218 2580 dmserver - ok
18:38:44.0265 2580 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:38:44.0406 2580 DMusic - ok
18:38:44.0437 2580 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:38:44.0578 2580 Dnscache - ok
18:38:44.0609 2580 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:38:44.0750 2580 Dot3svc - ok
18:38:44.0750 2580 dpti2o - ok
18:38:44.0812 2580 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:44.0953 2580 drmkaud - ok
18:38:45.0015 2580 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:38:45.0156 2580 EapHost - ok
18:38:45.0218 2580 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:38:45.0343 2580 ERSvc - ok
18:38:45.0421 2580 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
18:38:45.0453 2580 Eventlog - ok
18:38:45.0484 2580 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
18:38:45.0546 2580 EventSystem - ok
18:38:45.0562 2580 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:45.0687 2580 Fastfat - ok
18:38:45.0734 2580 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:38:45.0812 2580 FastUserSwitchingCompatibility - ok
18:38:45.0843 2580 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:38:45.0984 2580 Fdc - ok
18:38:46.0015 2580 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:38:46.0171 2580 Fips - ok
18:38:46.0187 2580 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:38:46.0328 2580 Flpydisk - ok
18:38:46.0343 2580 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:46.0468 2580 FltMgr - ok
18:38:46.0578 2580 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:38:46.0609 2580 FontCache3.0.0.0 - ok
18:38:46.0625 2580 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:46.0765 2580 Fs_Rec - ok
18:38:46.0765 2580 FTD2XX - ok
18:38:46.0781 2580 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:46.0921 2580 Ftdisk - ok
18:38:46.0937 2580 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:38:46.0968 2580 GEARAspiWDM - ok
18:38:47.0000 2580 [ 69F8F310654D699C7E5BD5C67279980F ] GenericMount C:\WINDOWS\system32\DRIVERS\GenericMount.sys
18:38:47.0031 2580 GenericMount - ok
18:38:47.0125 2580 [ 5F0F786D91087C0A76C3EF689A51CA48 ] GenericMount Helper Service C:\Programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
18:38:47.0187 2580 GenericMount Helper Service - ok
18:38:47.0218 2580 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
18:38:47.0250 2580 ggflt - ok
18:38:47.0281 2580 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
18:38:47.0296 2580 ggsemc - ok
18:38:47.0296 2580 GMSIPCI - ok
18:38:47.0343 2580 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:47.0484 2580 Gpc - ok
18:38:47.0515 2580 [ 4A2102DDF08472527B4872FA68EE87D1 ] GT680x C:\WINDOWS\system32\Drivers\gt680x.sys
18:38:47.0531 2580 GT680x ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0531 2580 GT680x - detected UnsignedFile.Multi.Generic (1)
18:38:47.0593 2580 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
18:38:47.0625 2580 gupdate - ok
18:38:47.0640 2580 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
18:38:47.0656 2580 gupdatem - ok
18:38:47.0703 2580 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
18:38:47.0734 2580 gusvc - ok
18:38:47.0796 2580 [ ED32D389F8B0E74E400932E020BCFBDF ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
18:38:47.0875 2580 Hardlock - ok
18:38:47.0906 2580 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
18:38:47.0921 2580 Haspnt ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0921 2580 Haspnt - detected UnsignedFile.Multi.Generic (1)
18:38:47.0953 2580 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:48.0093 2580 HDAudBus - ok
18:38:48.0156 2580 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:38:48.0281 2580 helpsvc - ok
18:38:48.0343 2580 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
18:38:48.0500 2580 HidServ - ok
18:38:48.0515 2580 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:48.0656 2580 hidusb - ok
18:38:48.0687 2580 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:38:48.0812 2580 hkmsvc - ok
18:38:48.0812 2580 hpn - ok
18:38:48.0859 2580 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:38:48.0921 2580 HTTP - ok
18:38:48.0953 2580 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:38:49.0078 2580 HTTPFilter - ok
18:38:49.0078 2580 i2omgmt - ok
18:38:49.0093 2580 i2omp - ok
18:38:49.0140 2580 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:38:49.0265 2580 i8042prt - ok
18:38:49.0375 2580 [ 696A461DD24EA039E0521877CB944BE3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:38:49.0500 2580 ialm - ok
18:38:49.0578 2580 [ AF5508C989F3EA9E8D1613AEFCF47094 ] IBUpdaterService C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe
18:38:49.0609 2580 IBUpdaterService - ok
18:38:49.0750 2580 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:38:49.0765 2580 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:38:49.0765 2580 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:38:49.0843 2580 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:38:49.0890 2580 idsvc - ok
18:38:49.0921 2580 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:38:50.0046 2580 Imapi - ok
18:38:50.0093 2580 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
18:38:50.0234 2580 ImapiService - ok
18:38:50.0234 2580 ini910u - ok
18:38:50.0437 2580 [ 9D04EE981B9F2AD4AFEDD5CF376F3148 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:38:50.0609 2580 IntcAzAudAddService - ok
18:38:50.0625 2580 IntelIde - ok
18:38:50.0656 2580 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:38:50.0796 2580 intelppm - ok
18:38:50.0890 2580 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:38:51.0031 2580 Ip6Fw - ok
18:38:51.0078 2580 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:38:51.0218 2580 IpFilterDriver - ok
18:38:51.0234 2580 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:38:51.0359 2580 IpInIp - ok
18:38:51.0453 2580 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:38:51.0609 2580 IpNat - ok
18:38:51.0625 2580 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:38:51.0750 2580 IPSec - ok
18:38:51.0828 2580 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
18:38:51.0921 2580 irda - ok
18:38:51.0937 2580 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:38:52.0015 2580 IRENUM - ok
18:38:52.0046 2580 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
18:38:52.0140 2580 Irmon - ok
18:38:52.0171 2580 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:38:52.0296 2580 isapnp - ok
18:38:52.0468 2580 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
18:38:52.0500 2580 JavaQuickStarterService - ok
18:38:52.0531 2580 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:38:52.0656 2580 Kbdclass - ok
18:38:52.0671 2580 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:38:52.0796 2580 kbdhid - ok
18:38:52.0828 2580 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
18:38:52.0859 2580 KL1 - ok
18:38:52.0875 2580 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
18:38:52.0890 2580 kl2 - ok
18:38:52.0921 2580 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
18:38:52.0953 2580 KLIF - ok
18:38:52.0984 2580 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
18:38:53.0015 2580 klim5 - ok
18:38:53.0031 2580 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
18:38:53.0062 2580 klmouflt - ok
18:38:53.0078 2580 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:38:53.0203 2580 kmixer - ok
18:38:53.0234 2580 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:38:53.0343 2580 KSecDD - ok
18:38:53.0375 2580 [ 0A2E5A1963708AEE3BEE39D17726D736 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:38:53.0390 2580 L1c - ok
18:38:53.0437 2580 [ FD1D572C705BD70953621DA8334F5A5C ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
18:38:53.0515 2580 L8042mou - ok
18:38:53.0546 2580 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:38:53.0609 2580 lanmanserver - ok
18:38:53.0671 2580 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:38:53.0750 2580 lanmanworkstation - ok
18:38:53.0765 2580 lbrtfdc - ok
18:38:53.0781 2580 [ 6F6FED015CD3D33A048F9FC40F42E076 ] LHidKe C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
18:38:53.0812 2580 LHidKe - ok
18:38:53.0828 2580 [ C9FEEB4604C303CBD68E0A6780B5F50C ] LHidUsbK C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
18:38:53.0890 2580 LHidUsbK - ok
18:38:53.0921 2580 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:38:54.0046 2580 LmHosts - ok
18:38:54.0046 2580 [ E424EB5F4FCF486490A17BEA3DFC64A9 ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
18:38:54.0093 2580 LMouKE - ok
18:38:54.0109 2580 lxbx_device - ok
18:38:54.0156 2580 [ D57A920490362C89A0EF2A61FE249AFA ] MA-620 C:\WINDOWS\system32\DRIVERS\MA-620.sys
18:38:54.0156 2580 MA-620 ( UnsignedFile.Multi.Generic ) - warning
18:38:54.0156 2580 MA-620 - detected UnsignedFile.Multi.Generic (1)
18:38:54.0187 2580 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:38:54.0328 2580 Messenger - ok
18:38:54.0359 2580 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:38:54.0468 2580 mnmdd - ok
18:38:54.0500 2580 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:38:54.0625 2580 mnmsrvc - ok
18:38:54.0671 2580 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:38:54.0812 2580 Modem - ok
18:38:54.0921 2580 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
18:38:54.0984 2580 Monfilt - ok
18:38:55.0000 2580 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:38:55.0125 2580 Mouclass - ok
18:38:55.0125 2580 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:38:55.0250 2580 mouhid - ok
18:38:55.0281 2580 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:38:55.0406 2580 MountMgr - ok
18:38:55.0468 2580 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:38:55.0500 2580 MozillaMaintenance - ok
18:38:55.0515 2580 mraid35x - ok
18:38:55.0531 2580 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:38:55.0656 2580 MRxDAV - ok
18:38:55.0703 2580 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:38:55.0765 2580 MRxSmb - ok
18:38:55.0812 2580 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:38:55.0921 2580 MSDTC - ok
18:38:55.0953 2580 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:38:56.0093 2580 Msfs - ok
18:38:56.0109 2580 [ 95C6432151CCFF8617352F8E616A1AA4 ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
18:38:56.0187 2580 MSIRCOMM - ok
18:38:56.0187 2580 MSIServer - ok
18:38:56.0203 2580 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:38:56.0312 2580 MSKSSRV - ok
18:38:56.0375 2580 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:38:56.0500 2580 MSPCLOCK - ok
18:38:56.0500 2580 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:38:56.0640 2580 MSPQM - ok
18:38:56.0671 2580 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:38:56.0781 2580 mssmbios - ok
18:38:56.0875 2580 MSSQL$SQLEXPRESS - ok
18:38:56.0953 2580 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
18:38:56.0984 2580 MSSQLServerADHelper100 - ok
18:38:57.0000 2580 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:38:57.0140 2580 MSTEE - ok
18:38:57.0203 2580 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:38:57.0250 2580 Mup - ok
18:38:57.0296 2580 [ FC3EB08186946EB22370DE70F778DF08 ] MVDCODEC C:\WINDOWS\system32\DRIVERS\ativmdcd.sys
18:38:57.0421 2580 MVDCODEC - ok
18:38:57.0515 2580 [ E91FC8B52D21E38317DC61A3C7CCFA4B ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
18:38:57.0546 2580 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
18:38:57.0546 2580 MxlW2k - detected UnsignedFile.Multi.Generic (1)
18:38:57.0562 2580 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:38:57.0687 2580 NABTSFEC - ok
18:38:57.0734 2580 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
18:38:57.0859 2580 napagent - ok
18:38:57.0875 2580 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:38:58.0000 2580 NDIS - ok
18:38:58.0031 2580 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:38:58.0156 2580 NdisIP - ok
18:38:58.0218 2580 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:38:58.0265 2580 NdisTapi - ok
18:38:58.0281 2580 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:38:58.0406 2580 Ndisuio - ok
18:38:58.0421 2580 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:38:58.0546 2580 NdisWan - ok
18:38:58.0578 2580 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:38:58.0656 2580 NDProxy - ok
18:38:58.0687 2580 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:38:58.0828 2580 NetBIOS - ok
18:38:58.0859 2580 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:38:58.0968 2580 NetBT - ok
18:38:59.0031 2580 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
18:38:59.0171 2580 NetDDE - ok
18:38:59.0171 2580 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:38:59.0296 2580 NetDDEdsdm - ok
18:38:59.0328 2580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:38:59.0437 2580 Netlogon - ok
18:38:59.0515 2580 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
18:38:59.0656 2580 Netman - ok
18:38:59.0687 2580 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:59.0703 2580 NetTcpPortSharing - ok
18:38:59.0734 2580 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:38:59.0843 2580 NIC1394 - ok
18:38:59.0890 2580 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
18:38:59.0921 2580 Nla - ok
18:39:00.0062 2580 [ A1787754952A0B700E386DC7C5FA5726 ] Norton Ghost C:\Programme\Norton Ghost\Agent\VProSvc.exe
18:39:00.0218 2580 Norton Ghost - ok
18:39:00.0250 2580 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:39:00.0375 2580 Npfs - ok
18:39:00.0406 2580 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:39:00.0562 2580 Ntfs - ok
18:39:00.0578 2580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:39:00.0703 2580 NtLmSsp - ok
18:39:00.0750 2580 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:39:00.0906 2580 NtmsSvc - ok
18:39:00.0921 2580 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:39:01.0031 2580 Null - ok
18:39:01.0062 2580 [ E4F1F95A6BBBFBBFF9A713C6063AA2CB ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys
18:39:01.0125 2580 nvatabus - ok
18:39:01.0140 2580 [ 812F45DA883BDB87C5960B25295A7E9C ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:39:01.0203 2580 NVENETFD - ok
18:39:01.0234 2580 [ 507B332B431392ED37C23B7CFB66DCF7 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:39:01.0281 2580 nvnetbus - ok
18:39:01.0328 2580 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:39:01.0468 2580 NwlnkFlt - ok
18:39:01.0468 2580 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:39:01.0593 2580 NwlnkFwd - ok
18:39:01.0703 2580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
18:39:01.0750 2580 odserv - ok
18:39:01.0781 2580 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:39:01.0890 2580 ohci1394 - ok
18:39:01.0953 2580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:39:01.0984 2580 ose - ok
18:39:02.0046 2580 [ 4A410C7AEA51123519C20D43A20BCE96 ] PAC207 C:\WINDOWS\system32\DRIVERS\PFC027.SYS
18:39:02.0125 2580 PAC207 - ok
18:39:02.0171 2580 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:39:02.0312 2580 Parport - ok
18:39:02.0312 2580 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:39:02.0437 2580 PartMgr - ok
18:39:02.0515 2580 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:39:02.0625 2580 ParVdm - ok
18:39:02.0656 2580 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:39:02.0765 2580 PCI - ok
18:39:02.0781 2580 PCIDump - ok
18:39:02.0828 2580 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:39:02.0953 2580 PCIIde - ok
18:39:02.0984 2580 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\WINDOWS\system32\drivers\pclepci.sys
18:39:03.0015 2580 PCLEPCI ( UnsignedFile.Multi.Generic ) - warning
18:39:03.0015 2580 PCLEPCI - detected UnsignedFile.Multi.Generic (1)
18:39:03.0015 2580 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:39:03.0140 2580 Pcmcia - ok
18:39:03.0140 2580 PDCOMP - ok
18:39:03.0140 2580 PDFRAME - ok
18:39:03.0156 2580 PDRELI - ok
18:39:03.0156 2580 PDRFRAME - ok
18:39:03.0156 2580 perc2 - ok
18:39:03.0171 2580 perc2hib - ok
18:39:03.0203 2580 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
18:39:03.0234 2580 PlugPlay - ok
18:39:03.0265 2580 [ 3ABDF04C0137F45568D5E960E7D5D73A ] PMUSB2G C:\WINDOWS\system32\Drivers\PMUSB.sys
18:39:03.0281 2580 PMUSB2G ( UnsignedFile.Multi.Generic ) - warning
18:39:03.0281 2580 PMUSB2G - detected UnsignedFile.Multi.Generic (1)
18:39:03.0296 2580 [ A1D7A9214B71EBBB6F31CB84AAC15525 ] Pnp680r C:\WINDOWS\system32\DRIVERS\pnp680r.sys
18:39:03.0359 2580 Pnp680r - ok
18:39:03.0375 2580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:39:03.0500 2580 PolicyAgent - ok
18:39:03.0578 2580 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:39:03.0718 2580 PptpMiniport - ok
18:39:03.0734 2580 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:39:03.0875 2580 Processor - ok
18:39:03.0875 2580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:39:04.0000 2580 ProtectedStorage - ok
18:39:04.0015 2580 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:39:04.0156 2580 PSched - ok
18:39:04.0218 2580 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:39:04.0328 2580 Ptilink - ok
18:39:04.0359 2580 [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio C:\WINDOWS\system32\pwdrvio.sys
18:39:04.0406 2580 pwdrvio - ok
18:39:04.0437 2580 [ BC60895CE021309EBD887D2F22055654 ] pwdspio C:\WINDOWS\system32\pwdspio.sys
18:39:04.0468 2580 pwdspio - ok
18:39:04.0500 2580 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:39:04.0531 2580 PxHelp20 - ok
18:39:04.0531 2580 ql1080 - ok
18:39:04.0546 2580 Ql10wnt - ok
18:39:04.0546 2580 ql12160 - ok
18:39:04.0546 2580 ql1240 - ok
18:39:04.0562 2580 ql1280 - ok
18:39:04.0578 2580 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:39:04.0703 2580 RasAcd - ok
18:39:04.0750 2580 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:39:04.0859 2580 RasAuto - ok
18:39:04.0906 2580 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:39:05.0000 2580 Rasirda - ok
18:39:05.0000 2580 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:39:05.0140 2580 Rasl2tp - ok
18:39:05.0187 2580 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:39:05.0328 2580 RasMan - ok
18:39:05.0343 2580 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:39:05.0468 2580 RasPppoe - ok
18:39:05.0468 2580 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:39:05.0593 2580 Raspti - ok
18:39:05.0609 2580 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:39:05.0750 2580 Rdbss - ok
18:39:05.0812 2580 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:39:05.0921 2580 RDPCDD - ok
18:39:05.0968 2580 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:39:06.0046 2580 RDPWD - ok
18:39:06.0078 2580 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:39:06.0203 2580 RDSessMgr - ok
18:39:06.0250 2580 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:39:06.0375 2580 redbook - ok
18:39:06.0437 2580 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:39:06.0562 2580 RemoteAccess - ok
18:39:06.0593 2580 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:39:06.0718 2580 RpcLocator - ok
18:39:06.0734 2580 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:39:06.0781 2580 RpcSs - ok
18:39:06.0812 2580 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
18:39:06.0843 2580 RsFx0102 - ok
18:39:06.0875 2580 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:39:07.0015 2580 RSVP - ok
18:39:07.0078 2580 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\WINDOWS\system32\DRIVERS\s0016bus.sys
18:39:07.0109 2580 s0016bus - ok
18:39:07.0140 2580 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
18:39:07.0171 2580 s0016mdfl - ok
18:39:07.0203 2580 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
18:39:07.0250 2580 s0016mdm - ok
18:39:07.0265 2580 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
18:39:07.0296 2580 s0016mgmt - ok
18:39:07.0328 2580 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
18:39:07.0359 2580 s0016nd5 - ok
18:39:07.0390 2580 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\WINDOWS\system32\DRIVERS\s0016obex.sys
18:39:07.0421 2580 s0016obex - ok
18:39:07.0421 2580 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\WINDOWS\system32\DRIVERS\s0016unic.sys
18:39:07.0453 2580 s0016unic - ok
18:39:07.0484 2580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
18:39:07.0593 2580 SamSs - ok
18:39:07.0625 2580 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:39:07.0765 2580 SCardSvr - ok
18:39:07.0843 2580 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:39:07.0984 2580 Schedule - ok
18:39:08.0062 2580 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Dokumente und Einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
18:39:08.0078 2580 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
18:39:08.0078 2580 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
18:39:08.0109 2580 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:39:08.0187 2580 Secdrv - ok
18:39:08.0265 2580 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
18:39:08.0390 2580 seclogon - ok
18:39:08.0453 2580 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
18:39:08.0578 2580 SENS - ok
18:39:08.0640 2580 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:39:08.0765 2580 serenum - ok
18:39:08.0812 2580 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:39:08.0953 2580 Serial - ok
18:39:09.0046 2580 [ 0B179A959FF6B6CA5927D4F255AB9F90 ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
18:39:09.0062 2580 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
18:39:09.0062 2580 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
18:39:09.0078 2580 [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
18:39:09.0078 2580 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
18:39:09.0078 2580 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
18:39:09.0109 2580 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:39:09.0218 2580 Sfloppy - ok
18:39:09.0265 2580 [ A62EFE6AA55C6A599DDBB6BD00E8FB9C ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
18:39:09.0281 2580 sfsync02 ( UnsignedFile.Multi.Generic ) - warning
18:39:09.0281 2580 sfsync02 - detected UnsignedFile.Multi.Generic (1)
18:39:09.0296 2580 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:39:09.0421 2580 SharedAccess - ok
18:39:09.0500 2580 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:39:09.0531 2580 ShellHWDetection - ok
18:39:09.0562 2580 [ 09889D435EDC82435B18C7C311FE5721 ] Si3114r5 C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
18:39:09.0593 2580 Si3114r5 - ok
18:39:09.0625 2580 [ 46B92189FE4DB53A09E3A0099AA3084C ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
18:39:09.0640 2580 SiFilter - ok
18:39:09.0656 2580 Simbad - ok
18:39:09.0656 2580 [ B688378D258D1ECCE4768CDB55D48D92 ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
18:39:09.0687 2580 SiRemFil - ok
18:39:09.0718 2580 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
18:39:09.0750 2580 SkypeUpdate - ok
18:39:09.0765 2580 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:39:09.0875 2580 SLIP - ok
18:39:10.0015 2580 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Programme\Sony\Sony PC Companion\PCCService.exe
18:39:10.0046 2580 Sony PC Companion - ok
18:39:10.0046 2580 Sparrow - ok
18:39:10.0093 2580 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:39:10.0218 2580 splitter - ok
18:39:10.0265 2580 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:39:10.0375 2580 Spooler - ok
18:39:10.0421 2580 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
18:39:10.0453 2580 SQLAgent$SQLEXPRESS - ok
18:39:10.0515 2580 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:39:10.0546 2580 SQLBrowser - ok
18:39:10.0578 2580 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:39:10.0609 2580 SQLWriter - ok
18:39:10.0609 2580 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:39:10.0718 2580 sr - ok
18:39:10.0734 2580 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
18:39:10.0812 2580 srservice - ok
18:39:10.0843 2580 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:39:10.0921 2580 Srv - ok
18:39:10.0953 2580 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:39:11.0046 2580 SSDPSRV - ok
18:39:11.0078 2580 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:39:11.0203 2580 stisvc - ok
18:39:11.0265 2580 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:39:11.0406 2580 streamip - ok
18:39:11.0437 2580 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:39:11.0562 2580 swenum - ok
18:39:11.0640 2580 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:39:11.0781 2580 swmidi - ok
18:39:11.0781 2580 SwPrv - ok
18:39:11.0796 2580 Symantec SymSnap VSS Provider - ok
18:39:11.0796 2580 symc810 - ok
18:39:11.0812 2580 symc8xx - ok
18:39:11.0890 2580 [ 5220576EE29BEA7C18DFF9ECABF18BBC ] symlcbrd C:\WINDOWS\system32\drivers\symlcbrd.sys
18:39:11.0890 2580 symlcbrd ( UnsignedFile.Multi.Generic ) - warning
18:39:11.0890 2580 symlcbrd - detected UnsignedFile.Multi.Generic (1)
18:39:11.0921 2580 [ A5CF31080E99718949BCC38C83F13452 ] symsnap C:\WINDOWS\system32\DRIVERS\symsnap.sys
18:39:11.0937 2580 symsnap - ok
18:39:12.0031 2580 [ 21FF886E6F679FC1EB352F231E846357 ] SymSnapService C:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe
18:39:12.0109 2580 SymSnapService - ok
18:39:12.0109 2580 sym_hi - ok
18:39:12.0125 2580 sym_u3 - ok
18:39:12.0140 2580 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:39:12.0250 2580 sysaudio - ok
18:39:12.0281 2580 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:39:12.0406 2580 SysmonLog - ok
18:39:12.0421 2580 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:39:12.0546 2580 TapiSrv - ok
18:39:12.0671 2580 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:39:12.0703 2580 Tcpip - ok
18:39:12.0734 2580 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:39:12.0859 2580 TDPIPE - ok
18:39:12.0875 2580 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:39:13.0000 2580 TDTCP - ok
18:39:13.0062 2580 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:39:13.0171 2580 TermDD - ok
18:39:13.0203 2580 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
18:39:13.0343 2580 TermService - ok
18:39:13.0390 2580 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:39:13.0421 2580 Themes - ok
18:39:13.0421 2580 TosIde - ok
18:39:13.0453 2580 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:39:13.0578 2580 TrkWks - ok
18:39:13.0625 2580 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:39:13.0765 2580 Udfs - ok
18:39:13.0781 2580 ultra - ok
18:39:13.0859 2580 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:39:14.0000 2580 Update - ok
18:39:14.0031 2580 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:39:14.0109 2580 upnphost - ok
18:39:14.0125 2580 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
18:39:14.0250 2580 UPS - ok
18:39:14.0312 2580 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:39:14.0437 2580 usbaudio - ok
18:39:14.0468 2580 [ 0C28DD9EC68CCB6E95D49BFD24FD2C11 ] USBCamera C:\WINDOWS\system32\Drivers\Bulk533.sys
18:39:14.0515 2580 USBCamera - ok
18:39:14.0531 2580 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:39:14.0656 2580 usbccgp - ok
18:39:14.0656 2580 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:39:14.0781 2580 usbehci - ok
18:39:14.0828 2580 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:39:14.0937 2580 usbhub - ok
18:39:14.0968 2580 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:39:15.0078 2580 usbohci - ok
18:39:15.0109 2580 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:39:15.0250 2580 usbprint - ok
18:39:15.0265 2580 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:39:15.0390 2580 usbscan - ok
18:39:15.0421 2580 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
18:39:15.0546 2580 usbser - ok
18:39:15.0562 2580 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:39:15.0687 2580 USBSTOR - ok
18:39:15.0703 2580 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:39:15.0828 2580 usbuhci - ok
18:39:15.0875 2580 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:39:16.0015 2580 VgaSave - ok
18:39:16.0015 2580 ViaIde - ok
18:39:16.0062 2580 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:39:16.0187 2580 VolSnap - ok
18:39:16.0265 2580 [ EF3506B04EB9124240B35148EAACBAA5 ] VProEventMonitor C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
18:39:16.0281 2580 VProEventMonitor - ok
18:39:16.0312 2580 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
18:39:16.0390 2580 VSS - ok
18:39:16.0421 2580 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
18:39:16.0531 2580 W32Time - ok
18:39:16.0578 2580 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:39:16.0687 2580 Wanarp - ok
18:39:16.0750 2580 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
18:39:16.0796 2580 Wdf01000 - ok
18:39:16.0796 2580 WDICA - ok
18:39:16.0843 2580 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:39:16.0984 2580 wdmaud - ok
18:39:16.0984 2580 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:39:17.0125 2580 WebClient - ok
18:39:17.0203 2580 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
18:39:17.0234 2580 WimFltr - ok
18:39:17.0296 2580 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:39:17.0437 2580 winmgmt - ok
18:39:17.0531 2580 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:39:17.0640 2580 WinRM - ok
18:39:17.0703 2580 [ 671DB6A9B772B807721147C28FAF760F ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
18:39:17.0750 2580 WmBEnum - ok
18:39:17.0765 2580 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:39:17.0859 2580 WmdmPmSN - ok
18:39:17.0906 2580 [ CFFE18DB8140B00335221907A694DD01 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
18:39:17.0953 2580 WmFilter - ok
18:39:17.0984 2580 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:39:18.0125 2580 WmiApSrv - ok
18:39:18.0234 2580 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
18:39:18.0296 2580 WMPNetworkSvc - ok
18:39:18.0343 2580 [ 2E17EA3B132963E3C07D50D68D2DF54E ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
18:39:18.0390 2580 WmVirHid - ok
18:39:18.0406 2580 [ 0ECE3BB49EB9EE42C411A0F1EC39DDA9 ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
18:39:18.0437 2580 WmXlCore - ok
18:39:18.0453 2580 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:39:18.0484 2580 WpdUsb - ok
18:39:18.0609 2580 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:39:18.0656 2580 WPFFontCache_v0400 - ok
18:39:18.0703 2580 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:39:18.0843 2580 WS2IFSL - ok
18:39:18.0906 2580 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:39:19.0015 2580 wscsvc - ok
18:39:19.0031 2580 WSearch - ok
18:39:19.0078 2580 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:39:19.0203 2580 WSTCODEC - ok
18:39:19.0234 2580 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:39:19.0375 2580 wuauserv - ok
18:39:19.0406 2580 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:39:19.0453 2580 WudfPf - ok
18:39:19.0484 2580 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:39:19.0531 2580 WudfRd - ok
18:39:19.0562 2580 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:39:19.0609 2580 WudfSvc - ok
18:39:19.0640 2580 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:39:19.0796 2580 WZCSVC - ok
18:39:19.0828 2580 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:39:19.0953 2580 xmlprov - ok
18:39:20.0015 2580 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
18:39:20.0093 2580 yukonwxp - ok
18:39:20.0109 2580 ================ Scan global ===============================
18:39:20.0140 2580 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:39:20.0156 2580 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:39:20.0171 2580 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:39:20.0203 2580 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:39:20.0203 2580 [Global] - ok
18:39:20.0203 2580 ================ Scan MBR ==================================
18:39:20.0218 2580 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
18:39:21.0109 2580 \Device\Harddisk0\DR0 - ok
18:39:21.0125 2580 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
18:39:21.0484 2580 \Device\Harddisk1\DR1 - ok
18:39:21.0484 2580 ================ Scan VBR ==================================
18:39:21.0484 2580 [ 43E89A61C3AF49F8D624AA2DE4002AED ] \Device\Harddisk0\DR0\Partition1
18:39:21.0484 2580 \Device\Harddisk0\DR0\Partition1 - ok
18:39:21.0500 2580 [ 889D8DC8733C621E99545E859CABB2A9 ] \Device\Harddisk1\DR1\Partition1
18:39:21.0500 2580 \Device\Harddisk1\DR1\Partition1 - ok
18:39:21.0500 2580 ============================================================
18:39:21.0500 2580 Scan finished
18:39:21.0500 2580 ============================================================
18:39:21.0609 0304 Detected object count: 18
18:39:21.0609 0304 Actual detected object count: 18
18:39:42.0125 0304 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0125 0304 ASAPIW2K ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 ASAPIW2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0125 0304 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0125 0304 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0125 0304 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0125 0304 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0125 0304 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 GT680x ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 GT680x ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 Haspnt ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 Haspnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 MA-620 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 MA-620 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 PCLEPCI ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 PCLEPCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 PMUSB2G ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 PMUSB2G ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0140 0304 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0140 0304 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0156 0304 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0156 0304 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0156 0304 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0156 0304 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:39:42.0156 0304 symlcbrd ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:42.0156 0304 symlcbrd ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 08.02.2013 18:49
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tina666 08.02.2013 21:12
Combofix Logfile:
Code:
ComboFix 13-02-07.02 - Hartmann 08.02.2013  20:48:47.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3583.2896 [GMT 1:00]
ausgeführt von:: c:\bereinigung\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\offitems.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-08 bis 2013-02-08  ))))))))))))))))))))))))))))))
.
.
2013-02-08 16:07 . 2013-02-08 16:07        --------        d-----w-        C:\_OTL
2013-02-02 22:42 . 2013-02-02 22:42        1409        ----a-w-        c:\windows\QTFont.for
2013-01-10 07:59 . 2013-01-10 07:59        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\BrowserProtect
2013-01-10 07:59 . 2013-01-10 07:59        --------        d-----w-        c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\BabSolution
2013-01-10 07:59 . 2013-01-10 07:59        --------        d-----w-        c:\programme\BabylonToolbar
2013-01-10 07:59 . 2013-01-12 09:39        --------        d-----w-        c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\PerformerSoft
2013-01-10 07:59 . 2013-01-10 07:59        --------        d-----w-        c:\programme\Yontoo
2013-01-10 07:58 . 2012-12-19 14:53        18096        ----a-w-        c:\windows\system32\roboot.exe
2013-01-10 07:58 . 2013-01-10 07:58        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Babylon
2013-01-10 07:58 . 2013-01-10 07:59        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Tarma Installer
2013-01-10 07:58 . 2013-01-10 07:58        --------        d-----w-        c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\Babylon
2013-01-10 07:58 . 2013-01-10 07:58        --------        d-----w-        c:\programme\File Scout
2013-01-10 07:58 . 2013-01-10 07:58        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 12:39 . 2012-04-10 00:36        697712        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-02-08 12:39 . 2012-01-07 13:53        74096        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00        290560        ----a-w-        c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2008-06-11 16:50        1866496        ----a-w-        c:\windows\system32\win32k.sys
2012-10-21 21:25 . 2012-10-21 21:25        18380552        ----a-w-        c:\programme\WEB.DE_Firefox_Setup.exe
2012-03-30 20:12 . 2012-03-30 20:12        7558447        ----a-w-        c:\programme\aemf20.exe
2013-01-19 23:08 . 2012-12-06 20:39        262552        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-20 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-20 142872]
"RTHDCPL"="RTHDCPL.EXE" [2011-06-24 20053608]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
"Ocs_SM"="c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe" [2012-03-29 106496]
"Gtwatch"="c:\windows\Gtwatch.exe" [2001-09-21 32768]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Norton Ghost 15.0"="c:\programme\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Watch.lnk - c:\windows\twain_32\A12U16KD\WATCH.exe [2012-4-3 356352]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Watch.lnk]
backup=c:\windows\pss\Watch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1und1Dispatcher]
2011-11-17 08:08        223600        ----a-w-        c:\programme\1und1Softwareaktualisierung\SchedDispatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35        946352        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2007-06-26 18:27        312320        ----a-w-        c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch]
2001-09-21 12:50        32768        ----a-w-        c:\windows\Gtwatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2011-08-10 14:39        1313640        ----a-w-        c:\programme\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-01-14 15:28        16384        -c--a-w-        c:\programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2004-04-26 06:06        29696        -c--a-w-        c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-03-31 16:21        114688        -c--a-w-        c:\programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50        155648        -c--a-w-        c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42        95632        -c--a-w-        c:\programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor1]
2009-11-25 19:42        54672        -c--a-w-        c:\programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24        286720        -c--a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task1]
2007-06-29 04:24        286720        -c--a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task2]
2007-06-29 04:24        286720        -c--a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-05-31 13:00        445624        ----a-w-        c:\programme\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-15 15:03        39408        ----a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg1]
2011-04-15 15:03        39408        ----a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"HF_G_Jul"="c:\programme\AVG Secure Search\HF_G_Jul.exe"  /DoAction
"ROC_ROC_JULY_P1"="c:\programme\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IPACS\\easyFly\\easyfly.exe"=
"c:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Programme\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Ubisoft\\Silent Hunter 5\\sh5.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04.03.2011 13:23 11352]
R2 BrowserProtect;BrowserProtect;c:\dokumente und einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [10.01.2013 08:59 2547816]
R2 IBUpdaterService;Updater Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\IBUpdaterService\ibsvc.exe [10.01.2013 08:58 602912]
R2 SearchAnonymizer;SearchAnonymizer;c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [29.03.2012 23:24 40960]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [12.02.2010 06:10 57840]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10.03.2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29.03.2012 20:35 65136]
R3 SymSnapService;SymSnapService;c:\programme\Norton Ghost\Shared\Drivers\SymSnapService.exe [11.02.2010 01:34 1964528]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [02.09.2006 16:18 515803]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.03.2012 20:39 1691480]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [14.10.2011 11:47 45288]
S3 FTD2XX;FTD2XX.SYS USB Loopback driver;c:\windows\system32\Drivers\FTD2XX.sys --> c:\windows\system32\Drivers\FTD2XX.sys [?]
S3 GenericMount Helper Service;GenericMount Helper Service;c:\programme\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [12.02.2010 06:09 1574408]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [08.07.2012 21:53 12400]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [14.10.2010 16:18 618112]
S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\drivers\PMUSB.sys [04.01.2009 14:25 17408]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [19.06.2012 15:39 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [19.06.2012 15:39 11104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [29.09.2010 02:23 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [29.09.2010 02:23 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [29.09.2010 02:23 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [29.09.2010 02:23 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [29.09.2010 02:23 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [29.09.2010 02:23 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [29.09.2010 02:23 115752]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [29.03.2012 15:34 155320]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [04.08.2004 13:00 5120]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.07.2008 01:27 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 01:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 01:27 369688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 22:44        1607120        ----a-w-        c:\programme\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:39]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-23 01:27]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-11-23 01:27]
.
2013-02-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-01-24 13:18]
.
2013-02-07 c:\windows\Tasks\User_Feed_Synchronization-{44BE5EBB-6A99-4DE1-B962-E148184E8A04}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://wirtschaft.t-online.de/
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\programme\WEB.DE Toolbar\IE\uitb.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\dokumente und einstellungen\Hartmann\Anwendungsdaten\Mozilla\Firefox\Profiles\iucssmz3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com/?l=dis&o=15788
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=de_DE&apn_uid=df035c86-164b-4e37-a792-9376dcdd64f6&apn_ptnrs=HQ&apn_sauid=469D03E0-2A3E-4579-834B-D66778E0659B&apn_dtid=YYYYYYYYDE&&q=
FF - ExtSQL: !HIDDEN! 2009-09-02 06:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: extentions.y2layers.installId - 990f290f-7db5-4997-8094-5464220ca119
FF - user.js: extentions.y2layers.defaultEnableAppsList - TwitTube,Buzzdock,toprelatedtopics,dropdowndeals,ezlooker,bestvideodownloader
FF - user.js: security.csp.enable - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.id - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.BabylonToolbar_i.hardId - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15430
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.Softonic.instlDay - 15510
FF - user.js: extensions.Softonic.vrsn - 1.5.24.3
FF - user.js: extensions.Softonic.vrsni - 1.5.24.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.24.316:30
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00015
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extentions.y2layers.installId - ffb8df27-7b8f-4c93-aadd-a9140828013d
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=209027f10000000000005404a6d4fa58&q=
FF - user.js: extensions.BabylonToolbar.id - 209027f10000000000005404a6d4fa58
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15715
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.28:59
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=118720&tt=0213_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-08 21:03
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-776561741-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-776561741-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81A5E050-A058-9B7D-3121-B4D07E0CD962}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapgnojopinngplplhckbpkmfgekhb"=hex:63,61,70,61,62,6d,00,7c
"oalfnkeajmodfepbafbbageoffnpoj"=hex:69,61,61,62,6c,6c,64,6c,61,6f,65,64,69,6c,
  6c,6a,6f,6b,00,00
"nabglajpckfghfgglkkgiljfnalp"=hex:69,61,70,61,61,6d,61,61,6d,65,61,6b,6c,6f,
  6b,61,6e,6b,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1504)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2052)
c:\dokumente und einstellungen\All Users\Anwendungsdaten\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\programme\Norton Ghost\Agent\VProSvc.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-08  21:09:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-08 20:09
ComboFix2.txt  2012-11-17 12:34
.
Vor Suchlauf: 72 Verzeichnis(se), 308.267.507.712 Bytes frei
Nach Suchlauf: 75 Verzeichnis(se), 308.271.460.352 Bytes frei
.
- - End Of File - - 42A15BA292DA073B2978E6158CB6380F
--- --- ---

markusg 08.02.2013 21:15
hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Tina666 08.02.2013 23:22
Habe soeben den Scan ausgeführt. Aber wo finde ich die Log Datei? Durch den Neustart ist die Kopie, die ich mit der Maus gemacht habe, verloren gegangen.

Tina

markusg 08.02.2013 23:30
Malwarebytes öffnen, Logdateien, dort ist sie.

Tina666 08.02.2013 23:41
Dort ist alles mögliche, aber kein Textdokument.....

Tina


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58