Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Virus 2013 lässt sich nicht löschen (https://www.trojaner-board.de/135458-gvu-virus-2013-laesst-loeschen.html)

krefelder1 23.05.2013 19:33
GVU Virus 2013 lässt sich nicht löschen
 
Hab den GVU Virus auf meinem PC.

Habe im Forum gelesen wie man den löscht, nur geht das bei mir nicht.

Ich kann nicht im Abgesicherten Modus bzw. im Abgesicherten Modus mit Eingabeaufforderung starten, weil der beim startvorgang den rechner wieder runterfährt...
Was mache ich falsch?
oder habe ich vielleicht einen "fortgeschritteneren" Virus mir eingefangen?

Ich starte den rechner, und drücke F8
dann gehe ich auf Abgesicherten Modus. anschliessend muss ich Windows XP bestätigen, der startet... danach kommt die windows anmeldung... ich klicke auf ok und der fährt runter!

Im Abgesicherten Modus mit Eingabeaufforderung genau dasselbe spiel...

Was muss ich tun ????

Bitte um Hilfe....

markusg 23.05.2013 19:35
Hi,
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

krefelder1 23.05.2013 19:51
bei select user profil habe ich das oberste genommen...

markusg 23.05.2013 20:27
wie in der aleitung beschrieben bitte

krefelder1 23.05.2013 20:31
ich weis nicht was mit poste beide logs gemeint ist

markusg 23.05.2013 20:34
beide berichte, und zwar Vollständig, der hier ists nicht :-)

krefelder1 23.05.2013 20:35
was meinst du mit beide berichte?

wo finde ich den zweiten?

markusg 23.05.2013 20:36
er öffet sich automatisch, falls nich poste wenigstens den Ersten vollständig
denn da:
Audio Driver (WDM)

========== Standard Registry (SafeList) ==========

endet er sicher nicht :-)

krefelder1 23.05.2013 20:37
OTL Logfile:
Code:
OTL logfile created on: 5/23/2013 11:21:38 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93.16 Gb Total Space | 73.43 Gb Free Space | 78.83% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 3.67 Gb Free Space | 97.95% Space Free | Partition Type: FAT32
Drive E: | 83.38 Gb Total Space | 14.94 Gb Free Space | 17.91% Space Free | Partition Type: NTFS
Drive F: | 9.76 Gb Total Space | 9.76 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (Web Assistant Updater)
SRV - File not found [Auto] --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2013/05/15 06:02:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/07 14:57:17 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/05/07 14:57:05 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/05/07 14:57:01 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/04/07 04:54:58 | 001,156,400 | ---- | M] () [Auto] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/03/06 17:48:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007/02/05 04:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 04:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/13 20:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 20:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 19:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - File not found [Kernel | On_Demand] --  -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand] --  -- (LVRS)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (FilterService)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2013/05/07 14:57:26 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/05/07 14:57:26 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/05/07 14:57:26 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/05/07 14:57:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/09/13 03:53:52 | 000,113,688 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2011/07/07 10:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2008/10/20 22:02:16 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/20 22:02:16 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/13 13:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2002/11/18 09:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
 
IE - HKU\Selma_ON_C\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={449E7016-FA93-47C5-A103-6CE240F1A45B}
IE - HKU\Selma_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\Selma_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\Selma_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\Selma_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\Selma_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Programme\Video downloader\Firefox
 
[2013/05/07 14:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/04/12 13:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 13:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/09 12:44:40 | 000,006,468 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\BearShareWebSearch.xml
 
O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -  File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Selma_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Selma_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Selma_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Selma_ON_C..\Run: [Browser Infrastructure Helper] C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe (Smartbar)
O4 - HKU\Selma_ON_C..\Run: [msnmsgr]  File not found
O4 - HKU\Selma_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Selma_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367951915296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} MSN Games - Free Online Games (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\Wireless\WirelessGina.DLL) - C:\WINDOWS\system32\Wireless\WirelessGina.DLL ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/15 17:25:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wscsvc"
MsConfig - Services: "wuauserv"
MsConfig - Services: "Netlogon"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/07 15:04:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Avira
[2013/05/07 14:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\DoNotTrackPlus
[2013/05/07 14:59:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\AskToolbar
[2013/05/07 14:58:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013/05/07 14:58:12 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2013/05/07 14:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2013/05/07 14:57:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/05/07 14:57:52 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/05/07 14:57:52 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/05/07 14:57:52 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/05/07 14:57:52 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/23 14:44:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/23 14:43:52 | 000,000,041 | ---- | M] () -- C:\WLANCUGINA.TEXT
[2013/05/23 14:43:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/05/23 14:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/05/23 14:25:05 | 000,517,264 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/05/23 14:25:05 | 000,494,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/23 14:25:05 | 000,101,294 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/05/23 14:25:05 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/23 14:20:47 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013/05/23 14:12:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/16 11:56:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 11:56:52 | 000,000,020 | ---- | M] () -- C:\GINA.TEXT
[2013/05/15 13:43:35 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/15 13:43:27 | 000,163,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\2433f433
[2013/05/15 13:43:27 | 000,163,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/05/15 13:43:27 | 000,163,034 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/05/15 13:43:26 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.dll
[2013/05/15 13:43:25 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe
[2013/05/15 13:34:41 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 10:16:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/15 10:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/15 08:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/05/15 06:02:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 06:02:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/15 04:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/05/09 15:36:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/05/07 14:58:56 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013/05/07 14:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013/05/07 14:57:26 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/05/07 14:57:26 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/05/07 14:57:26 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013/05/07 14:57:26 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013/05/07 00:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/15 13:43:27 | 000,163,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\2433f433
[2013/05/15 13:43:27 | 000,163,042 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/05/15 13:43:27 | 000,163,034 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/05/15 13:43:26 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.dll
[2013/05/15 13:43:25 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe
[2013/05/07 14:58:56 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013/05/07 14:58:45 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/09/03 09:29:02 | 001,156,400 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2012/09/03 09:29:01 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2012/07/19 06:43:09 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 06:40:36 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2012/07/15 02:48:39 | 000,302,425 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\funmoods-speeddial.crx
[2012/07/15 02:48:39 | 000,031,470 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\funmoods.crx
[2012/02/27 07:57:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/10/31 17:52:21 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2009/08/16 16:00:31 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2009/08/15 15:09:31 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/07/29 14:36:33 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/07/14 14:05:26 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/03/20 12:04:12 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/12/23 17:26:30 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/12/23 16:26:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008/12/23 16:26:12 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/12/23 16:26:10 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/12/23 16:26:09 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/12/23 16:26:09 | 000,176,918 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/12/15 18:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/12/15 18:37:37 | 000,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/15 17:27:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/15 17:22:06 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/20 22:02:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/10/20 22:02:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2008/10/20 22:02:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/09/15 18:16:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/15 18:15:48 | 000,115,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/04/20 09:32:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/20 09:32:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/04/20 09:32:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/20 09:32:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/04/20 09:32:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/20 09:32:00 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/04/20 09:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/20 09:32:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/04/20 09:32:00 | 000,432,672 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/04/20 09:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/29 11:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/29 11:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,517,264 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 06:00:00 | 000,494,058 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,101,294 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 06:00:00 | 000,084,602 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/11/19 09:46:20 | 000,039,104 | ---- | C] () -- C:\WINDOWS\cmijack.dat
[2002/11/19 09:43:38 | 000,022,178 | ---- | C] () -- C:\WINDOWS\cmaudio.dat
 
========== LOP Check ==========
 
[2013/05/07 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\AskToolbar
[2012/07/15 02:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Babylon
[2013/05/15 13:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\CallingID
[2009/07/29 14:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Leadertech
[2009/06/12 13:43:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\MSNInstaller
[2012/09/20 14:48:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Octoshape
[2008/12/30 17:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\OpenOffice.org
[2013/04/09 12:55:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\player
[2013/04/10 05:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\SwvUpdater
[2009/08/16 15:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3A8C
[2012/07/08 08:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2012/07/15 02:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2012/01/27 19:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2012/01/27 19:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2012/09/20 14:43:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2013/04/09 17:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/04/04 02:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2013/05/15 04:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2013/05/23 14:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2013/05/09 15:36:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2013/05/15 08:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2013/05/23 14:43:00 | 000,000,226 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2013/04/15 15:04:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/08/21 21:01:25 | 000,000,000 | ---D | M] -- C:\23c526b05163ef159e7203f3
[2010/08/13 17:41:37 | 000,000,000 | ---D | M] -- C:\70bd98718451df19be
[2008/12/29 15:34:19 | 000,000,000 | ---D | M] -- C:\ATI
[2013/05/15 10:22:27 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008/12/15 17:25:27 | 000,000,000 | ---D | M] -- C:\DELL
[2008/12/15 17:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2013/05/15 13:43:37 | 000,000,000 | R--D | M] -- C:\Programme
[2008/12/15 18:43:18 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013/05/14 04:51:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013/05/23 14:43:51 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 06:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/23 17:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/23 17:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 06:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/23 17:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/23 17:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 06:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004/08/04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/09/15 19:15:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/09/15 19:15:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/09/15 19:15:03 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2013/04/16 18:16:48 | 011,112,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2013/04/16 18:16:48 | 002,005,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:373E1720
< End of report >
--- --- ---

markusg 23.05.2013 20:42
Hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Selma_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe ()
[2013/05/23 14:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/05/15 13:43:27 | 000,163,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\2433f433
[2013/05/15 13:43:27 | 000,163,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/05/15 13:43:26 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.dll
[2013/05/15 13:43:25 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe
[2013/05/15 08:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/05/15 04:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/05/09 15:36:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

krefelder1 23.05.2013 20:43
========== OTL ==========
Registry value HKEY_USERS\Selma_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx deleted successfully.
C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\2433f433 moved successfully.
C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\2433f433 moved successfully.
C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.dll moved successfully.
File C:\Dokumente und Einstellungen\Selma\Eigene Dateien\139d2e78.exe not found.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 50194 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33177 bytes

User: Selma
->Temp folder emptied: 690248451 bytes
->Temporary Internet Files folder emptied: 2297558143 bytes
->Java cache emptied: 16090495 bytes
->Flash cache emptied: 144905 bytes

Total Flash Files Cleaned = 2,865.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Selma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17820976 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15943118 bytes

Total Files Cleaned = 32.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 05242013_010331






da es mit dem posten funktioniert hat, muss ich nichts uploaden oder?

markusg 23.05.2013 21:19
doch denn du sollst moved files packen und uploaden

krefelder1 23.05.2013 21:23
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner


wenn ich mit rechts auf "Movedfiles" klicke und auf "Send to" gehe, steht da nur "WordPad" und nicht Zip-Komprimierter Ordner

markusg 23.05.2013 21:25
dann nimmm zb winrar oder zip.
wenn du nichts davon hast, instaliere 7zip
7-Zip.de
rechtsklick auf movedfiles, 7zip menü aufklappen und zu movedfiles.7z hinzufügen

krefelder1 23.05.2013 21:39
ich glaube das mit dem hochladen hat funktioniert

markusg 23.05.2013 21:42
du glaubst richtig.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

krefelder1 23.05.2013 21:47
das muss ich ja mit dem infiziertem rechner machen....

damit komme ich aber nicht ins internet...

ich habe aber auch nach wie vor "REATOGO-X-PE" auf dem desktop stehen...

soll ich den infizierten rechner neu starten?

bin nur mit meinen notebook online nicht mit dem rechner....

markusg 23.05.2013 21:50
ja sollst du, und ja, natürlich mit dem Infiziertem das Log erstellen, alles andere würde ja nich viel Sinn machen :-)

krefelder1 23.05.2013 22:09
02:03:56.0171 0988 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:03:56.0281 0988 ============================================================
02:03:56.0281 0988 Current date / time: 2013/05/24 02:03:56.0281
02:03:56.0281 0988 SystemInfo:
02:03:56.0281 0988
02:03:56.0281 0988 OS Version: 5.1.2600 ServicePack: 3.0
02:03:56.0281 0988 Product type: Workstation
02:03:56.0281 0988 ComputerName: YENER
02:03:56.0281 0988 UserName: Tarik
02:03:56.0281 0988 Windows directory: C:\WINDOWS
02:03:56.0281 0988 System windows directory: C:\WINDOWS
02:03:56.0281 0988 Processor architecture: Intel x86
02:03:56.0281 0988 Number of processors: 2
02:03:56.0281 0988 Page size: 0x1000
02:03:56.0281 0988 Boot type: Normal boot
02:03:56.0281 0988 ============================================================
02:03:57.0812 0988 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:03:57.0812 0988 ============================================================
02:03:57.0812 0988 \Device\Harddisk0\DR0:
02:03:57.0812 0988 MBR partitions:
02:03:57.0812 0988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA50E02
02:03:57.0828 0988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xBA50E80, BlocksNum 0xA6C4406
02:03:57.0843 0988 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x161152C5, BlocksNum 0x1388AFC
02:03:57.0843 0988 ============================================================
02:03:57.0937 0988 D: <-> \Device\Harddisk0\DR0\Partition2
02:03:57.0968 0988 E: <-> \Device\Harddisk0\DR0\Partition3
02:03:58.0000 0988 C: <-> \Device\Harddisk0\DR0\Partition1
02:03:58.0000 0988 ============================================================
02:03:58.0000 0988 Initialize success
02:03:58.0000 0988 ============================================================
02:04:01.0093 0168 ============================================================
02:04:01.0093 0168 Scan started
02:04:01.0093 0168 Mode: Manual;
02:04:01.0093 0168 ============================================================
02:04:03.0125 0168 ================ Scan system memory ========================
02:04:05.0046 0168 System memory - ok
02:04:05.0046 0168 ================ Scan services =============================
02:04:05.0171 0168 Abiosdsk - ok
02:04:05.0171 0168 abp480n5 - ok
02:04:05.0218 0168 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:04:05.0218 0168 ACPI - ok
02:04:05.0234 0168 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:04:05.0250 0168 ACPIEC - ok
02:04:05.0296 0168 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:04:05.0296 0168 AdobeFlashPlayerUpdateSvc - ok
02:04:05.0312 0168 adpu160m - ok
02:04:05.0343 0168 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:04:05.0359 0168 aec - ok
02:04:05.0390 0168 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:04:05.0406 0168 AegisP - ok
02:04:05.0453 0168 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:04:05.0453 0168 AFD - ok
02:04:05.0468 0168 Aha154x - ok
02:04:05.0468 0168 aic78u2 - ok
02:04:05.0484 0168 aic78xx - ok
02:04:05.0515 0168 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:04:05.0515 0168 Alerter - ok
02:04:05.0546 0168 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
02:04:05.0546 0168 ALG - ok
02:04:05.0546 0168 AliIde - ok
02:04:05.0562 0168 amsint - ok
02:04:05.0671 0168 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
02:04:05.0671 0168 AntiVirSchedulerService - ok
02:04:05.0718 0168 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
02:04:05.0718 0168 AntiVirService - ok
02:04:05.0765 0168 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
02:04:05.0765 0168 AntiVirWebService - ok
02:04:05.0796 0168 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:04:05.0812 0168 AppMgmt - ok
02:04:05.0828 0168 asc - ok
02:04:05.0828 0168 asc3350p - ok
02:04:05.0828 0168 asc3550 - ok
02:04:05.0953 0168 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:04:05.0968 0168 aspnet_state - ok
02:04:06.0000 0168 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:04:06.0000 0168 AsyncMac - ok
02:04:06.0031 0168 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:04:06.0031 0168 atapi - ok
02:04:06.0031 0168 Atdisk - ok
02:04:06.0078 0168 [ FCFD6EEF3C99DF24EDD3F975EBBC61B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
02:04:06.0093 0168 Ati HotKey Poller - ok
02:04:06.0140 0168 [ C3CDCC8BEEF13D653312639926A6AA4C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
02:04:06.0171 0168 ATI Smart - ok
02:04:06.0265 0168 [ 42A3BADCAC4E31B373821A05F945E69D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:04:06.0296 0168 ati2mtag - ok
02:04:06.0343 0168 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:04:06.0343 0168 AtiHdmiService - ok
02:04:06.0390 0168 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:04:06.0390 0168 Atmarpc - ok
02:04:06.0437 0168 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:04:06.0437 0168 AudioSrv - ok
02:04:06.0484 0168 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:04:06.0484 0168 audstub - ok
02:04:06.0531 0168 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:04:06.0531 0168 avgntflt - ok
02:04:06.0578 0168 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:04:06.0578 0168 avipbb - ok
02:04:06.0593 0168 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
02:04:06.0609 0168 avkmgr - ok
02:04:06.0640 0168 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:04:06.0656 0168 Beep - ok
02:04:06.0703 0168 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
02:04:06.0718 0168 BITS - ok
02:04:06.0750 0168 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
02:04:06.0750 0168 Browser - ok
02:04:06.0781 0168 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:04:06.0796 0168 cbidf2k - ok
02:04:06.0843 0168 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:04:06.0843 0168 CCDECODE - ok
02:04:06.0843 0168 cd20xrnt - ok
02:04:06.0875 0168 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:04:06.0875 0168 Cdaudio - ok
02:04:06.0906 0168 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:04:06.0921 0168 Cdfs - ok
02:04:06.0937 0168 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:04:06.0937 0168 Cdrom - ok
02:04:06.0953 0168 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
02:04:06.0968 0168 cercsr6 - ok
02:04:06.0968 0168 Changer - ok
02:04:06.0984 0168 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:04:07.0000 0168 CiSvc - ok
02:04:07.0015 0168 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:04:07.0031 0168 ClipSrv - ok
02:04:07.0093 0168 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:04:07.0156 0168 clr_optimization_v2.0.50727_32 - ok
02:04:07.0187 0168 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:04:07.0250 0168 clr_optimization_v4.0.30319_32 - ok
02:04:07.0250 0168 CmdIde - ok
02:04:07.0296 0168 [ E5842CCF0953D3D46D5E26427B67E901 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
02:04:07.0359 0168 cmpci - ok
02:04:07.0359 0168 COMSysApp - ok
02:04:07.0375 0168 Cpqarray - ok
02:04:07.0406 0168 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:04:07.0406 0168 CryptSvc - ok
02:04:07.0421 0168 dac2w2k - ok
02:04:07.0421 0168 dac960nt - ok
02:04:07.0468 0168 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:04:07.0468 0168 DcomLaunch - ok
02:04:07.0515 0168 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:04:07.0515 0168 Dhcp - ok
02:04:07.0562 0168 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:04:07.0562 0168 Disk - ok
02:04:07.0562 0168 dmadmin - ok
02:04:07.0625 0168 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:04:07.0687 0168 dmboot - ok
02:04:07.0718 0168 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:04:07.0734 0168 dmio - ok
02:04:07.0750 0168 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:04:07.0750 0168 dmload - ok
02:04:07.0781 0168 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:04:07.0781 0168 dmserver - ok
02:04:07.0828 0168 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:04:07.0843 0168 DMusic - ok
02:04:07.0875 0168 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:04:07.0875 0168 Dnscache - ok
02:04:07.0937 0168 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:04:07.0937 0168 Dot3svc - ok
02:04:07.0953 0168 dpti2o - ok
02:04:07.0984 0168 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:04:07.0984 0168 drmkaud - ok
02:04:08.0015 0168 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:04:08.0031 0168 EapHost - ok
02:04:08.0031 0168 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
02:04:08.0046 0168 ENTECH - ok
02:04:08.0078 0168 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:04:08.0078 0168 ERSvc - ok
02:04:08.0125 0168 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
02:04:08.0125 0168 Eventlog - ok
02:04:08.0156 0168 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
02:04:08.0156 0168 EventSystem - ok
02:04:08.0171 0168 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:04:08.0187 0168 Fastfat - ok
02:04:08.0234 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:04:08.0234 0168 FastUserSwitchingCompatibility - ok
02:04:08.0265 0168 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:04:08.0281 0168 Fdc - ok
02:04:08.0296 0168 FilterService - ok
02:04:08.0296 0168 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:04:08.0296 0168 Fips - ok
02:04:08.0312 0168 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:04:08.0312 0168 Flpydisk - ok
02:04:08.0343 0168 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:04:08.0359 0168 FltMgr - ok
02:04:08.0421 0168 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:04:08.0421 0168 FontCache3.0.0.0 - ok
02:04:08.0453 0168 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:04:08.0453 0168 Fs_Rec - ok
02:04:08.0500 0168 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:04:08.0500 0168 Ftdisk - ok
02:04:08.0562 0168 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:04:08.0562 0168 gameenum - ok
02:04:08.0609 0168 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:04:08.0609 0168 Gpc - ok
02:04:08.0687 0168 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
02:04:08.0687 0168 gupdate - ok
02:04:08.0687 0168 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
02:04:08.0687 0168 gupdatem - ok
02:04:08.0718 0168 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:04:08.0718 0168 HDAudBus - ok
02:04:08.0796 0168 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:04:08.0796 0168 helpsvc - ok
02:04:08.0812 0168 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
02:04:08.0812 0168 HidServ - ok
02:04:08.0843 0168 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:04:08.0859 0168 HidUsb - ok
02:04:08.0890 0168 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:04:08.0890 0168 hkmsvc - ok
02:04:08.0890 0168 hpn - ok
02:04:08.0937 0168 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:04:08.0937 0168 HTTP - ok
02:04:08.0968 0168 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:04:08.0984 0168 HTTPFilter - ok
02:04:08.0984 0168 i2omgmt - ok
02:04:08.0984 0168 i2omp - ok
02:04:09.0015 0168 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:04:09.0031 0168 i8042prt - ok
02:04:09.0093 0168 [ 81EACB021DC52E908187861FD92370B4 ] IBUpdaterService C:\WINDOWS\system32\dmwu.exe
02:04:09.0125 0168 IBUpdaterService - ok
02:04:09.0171 0168 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:04:09.0187 0168 IDriverT - ok
02:04:09.0234 0168 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:04:09.0312 0168 idsvc - ok
02:04:09.0343 0168 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:04:09.0343 0168 Imapi - ok
02:04:09.0390 0168 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
02:04:09.0390 0168 ImapiService - ok
02:04:09.0390 0168 ini910u - ok
02:04:09.0406 0168 IntelIde - ok
02:04:09.0437 0168 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:04:09.0453 0168 Ip6Fw - ok
02:04:09.0468 0168 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:04:09.0484 0168 IpFilterDriver - ok
02:04:09.0515 0168 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:04:09.0515 0168 IpInIp - ok
02:04:09.0546 0168 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:04:09.0546 0168 IpNat - ok
02:04:09.0562 0168 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:04:09.0562 0168 IPSec - ok
02:04:09.0593 0168 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:04:09.0593 0168 IRENUM - ok
02:04:09.0625 0168 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:04:09.0640 0168 isapnp - ok
02:04:09.0750 0168 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
02:04:09.0750 0168 JavaQuickStarterService - ok
02:04:09.0765 0168 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:04:09.0781 0168 Kbdclass - ok
02:04:09.0812 0168 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:04:09.0812 0168 kbdhid - ok
02:04:09.0828 0168 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:04:09.0828 0168 kmixer - ok
02:04:09.0875 0168 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:04:09.0890 0168 KSecDD - ok
02:04:09.0921 0168 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:04:09.0921 0168 lanmanserver - ok
02:04:09.0968 0168 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:04:09.0968 0168 lanmanworkstation - ok
02:04:09.0968 0168 lbrtfdc - ok
02:04:10.0015 0168 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:04:10.0031 0168 LmHosts - ok
02:04:10.0031 0168 LVRS - ok
02:04:10.0046 0168 LVUSBSta - ok
02:04:10.0046 0168 LVUVC - ok
02:04:10.0078 0168 [ 3C7B3072C3C5CC23F5FD46F8DFDA7480 ] massfilter_hs C:\WINDOWS\system32\drivers\massfilter_hs.sys
02:04:10.0093 0168 massfilter_hs - ok
02:04:10.0109 0168 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:04:10.0125 0168 Messenger - ok
02:04:10.0156 0168 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:04:10.0156 0168 mnmdd - ok
02:04:10.0187 0168 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:04:10.0203 0168 mnmsrvc - ok
02:04:10.0218 0168 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:04:10.0234 0168 Modem - ok
02:04:10.0250 0168 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:04:10.0265 0168 Mouclass - ok
02:04:10.0296 0168 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:04:10.0312 0168 mouhid - ok
02:04:10.0343 0168 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:04:10.0343 0168 MountMgr - ok
02:04:10.0359 0168 mraid35x - ok
02:04:10.0359 0168 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:04:10.0375 0168 MRxDAV - ok
02:04:10.0421 0168 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:04:10.0453 0168 MRxSmb - ok
02:04:10.0515 0168 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
02:04:10.0515 0168 MSCSPTISRV - ok
02:04:10.0546 0168 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:04:10.0562 0168 MSDTC - ok
02:04:10.0609 0168 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:04:10.0609 0168 Msfs - ok
02:04:10.0625 0168 MSIServer - ok
02:04:10.0640 0168 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:04:10.0640 0168 MSKSSRV - ok
02:04:10.0671 0168 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:04:10.0671 0168 MSPCLOCK - ok
02:04:10.0703 0168 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:04:10.0703 0168 MSPQM - ok
02:04:10.0734 0168 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:04:10.0734 0168 mssmbios - ok
02:04:10.0781 0168 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:04:10.0781 0168 MSTEE - ok
02:04:10.0828 0168 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:04:10.0828 0168 Mup - ok
02:04:10.0859 0168 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:04:10.0875 0168 NABTSFEC - ok
02:04:10.0906 0168 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
02:04:10.0921 0168 napagent - ok
02:04:10.0953 0168 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:04:10.0968 0168 NDIS - ok
02:04:11.0000 0168 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:04:11.0000 0168 NdisIP - ok
02:04:11.0031 0168 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:04:11.0046 0168 NdisTapi - ok
02:04:11.0078 0168 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:04:11.0078 0168 Ndisuio - ok
02:04:11.0125 0168 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:04:11.0125 0168 NdisWan - ok
02:04:11.0156 0168 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:04:11.0171 0168 NDProxy - ok
02:04:11.0187 0168 Nero BackItUp Scheduler 4.0 - ok
02:04:11.0218 0168 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:04:11.0218 0168 NetBIOS - ok
02:04:11.0234 0168 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:04:11.0250 0168 NetBT - ok
02:04:11.0281 0168 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
02:04:11.0296 0168 NetDDE - ok
02:04:11.0296 0168 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:04:11.0296 0168 NetDDEdsdm - ok
02:04:11.0328 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:04:11.0328 0168 Netlogon - ok
02:04:11.0375 0168 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
02:04:11.0375 0168 Netman - ok
02:04:11.0453 0168 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:04:11.0484 0168 NetTcpPortSharing - ok
02:04:11.0515 0168 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
02:04:11.0531 0168 Nla - ok
02:04:11.0562 0168 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:04:11.0562 0168 Npfs - ok
02:04:11.0625 0168 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:04:11.0656 0168 Ntfs - ok
02:04:11.0687 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:04:11.0703 0168 NtLmSsp - ok
02:04:11.0750 0168 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:04:11.0796 0168 NtmsSvc - ok
02:04:11.0812 0168 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:04:11.0812 0168 Null - ok
02:04:12.0031 0168 [ 92E7BC87B502ACC4BCD7910AD1D58040 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:04:12.0281 0168 nv - ok
02:04:12.0328 0168 [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:04:12.0328 0168 NVENETFD - ok
02:04:12.0343 0168 [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:04:12.0343 0168 nvnetbus - ok
02:04:12.0390 0168 [ FF3A53F8E423F62ED0EF4D8524AB8088 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:04:12.0390 0168 NVSvc - ok
02:04:12.0421 0168 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:04:12.0437 0168 NwlnkFlt - ok
02:04:12.0437 0168 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:04:12.0437 0168 NwlnkFwd - ok
02:04:12.0500 0168 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
02:04:12.0515 0168 PACSPTISVR - ok
02:04:12.0546 0168 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:04:12.0562 0168 Parport - ok
02:04:12.0578 0168 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:04:12.0593 0168 PartMgr - ok
02:04:12.0625 0168 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:04:12.0640 0168 ParVdm - ok
02:04:12.0640 0168 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:04:12.0640 0168 PCI - ok
02:04:12.0656 0168 PCIDump - ok
02:04:12.0687 0168 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:04:12.0703 0168 PCIIde - ok
02:04:12.0718 0168 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:04:12.0734 0168 Pcmcia - ok
02:04:12.0734 0168 PDCOMP - ok
02:04:12.0750 0168 PDFRAME - ok
02:04:12.0750 0168 PDRELI - ok
02:04:12.0750 0168 PDRFRAME - ok
02:04:12.0750 0168 perc2 - ok
02:04:12.0765 0168 perc2hib - ok
02:04:12.0781 0168 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
02:04:12.0781 0168 PlugPlay - ok
02:04:12.0796 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:04:12.0796 0168 PolicyAgent - ok
02:04:12.0812 0168 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:04:12.0812 0168 PptpMiniport - ok
02:04:12.0828 0168 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:04:12.0828 0168 Processor - ok
02:04:12.0828 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:04:12.0828 0168 ProtectedStorage - ok
02:04:12.0843 0168 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:04:12.0843 0168 PSched - ok
02:04:12.0875 0168 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:04:12.0890 0168 Ptilink - ok
02:04:12.0921 0168 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:04:12.0937 0168 PxHelp20 - ok
02:04:12.0937 0168 ql1080 - ok
02:04:12.0937 0168 Ql10wnt - ok
02:04:12.0953 0168 ql12160 - ok
02:04:12.0953 0168 ql1240 - ok
02:04:12.0953 0168 ql1280 - ok
02:04:12.0968 0168 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:04:12.0968 0168 RasAcd - ok
02:04:13.0000 0168 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:04:13.0000 0168 RasAuto - ok
02:04:13.0031 0168 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:04:13.0031 0168 Rasl2tp - ok
02:04:13.0078 0168 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:04:13.0078 0168 RasMan - ok
02:04:13.0078 0168 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:04:13.0093 0168 RasPppoe - ok
02:04:13.0093 0168 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:04:13.0109 0168 Raspti - ok
02:04:13.0140 0168 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:04:13.0171 0168 Rdbss - ok
02:04:13.0171 0168 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:04:13.0171 0168 RDPCDD - ok
02:04:13.0203 0168 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:04:13.0203 0168 rdpdr - ok
02:04:13.0250 0168 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:04:13.0250 0168 RDPWD - ok
02:04:13.0281 0168 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:04:13.0296 0168 RDSessMgr - ok
02:04:13.0312 0168 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:04:13.0328 0168 redbook - ok
02:04:13.0359 0168 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:04:13.0375 0168 RemoteAccess - ok
02:04:13.0390 0168 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:04:13.0390 0168 RemoteRegistry - ok
02:04:13.0437 0168 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
02:04:13.0453 0168 RpcLocator - ok
02:04:13.0484 0168 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:04:13.0484 0168 RpcSs - ok
02:04:13.0531 0168 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:04:13.0546 0168 RSVP - ok
02:04:13.0609 0168 [ 7D86DBCF858DDE836E7E0397CD616908 ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
02:04:13.0671 0168 rtl8185 - ok
02:04:13.0671 0168 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
02:04:13.0687 0168 SamSs - ok
02:04:13.0703 0168 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:04:13.0718 0168 SCardSvr - ok
02:04:13.0750 0168 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:04:13.0750 0168 Schedule - ok
02:04:13.0781 0168 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:04:13.0781 0168 Secdrv - ok
02:04:13.0812 0168 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
02:04:13.0812 0168 seclogon - ok
02:04:13.0828 0168 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
02:04:13.0828 0168 SENS - ok
02:04:13.0859 0168 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:04:13.0859 0168 serenum - ok
02:04:13.0875 0168 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:04:13.0890 0168 Serial - ok
02:04:13.0937 0168 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:04:13.0937 0168 Sfloppy - ok
02:04:14.0000 0168 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:04:14.0000 0168 SharedAccess - ok
02:04:14.0000 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:04:14.0015 0168 ShellHWDetection - ok
02:04:14.0015 0168 Simbad - ok
02:04:14.0046 0168 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:04:14.0046 0168 SLIP - ok
02:04:14.0078 0168 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
02:04:14.0078 0168 SonicStage Back-End Service - ok
02:04:14.0093 0168 Sparrow - ok
02:04:14.0125 0168 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:04:14.0125 0168 splitter - ok
02:04:14.0156 0168 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:04:14.0156 0168 Spooler - ok
02:04:14.0187 0168 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
02:04:14.0203 0168 SPTISRV - ok
02:04:14.0234 0168 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:04:14.0234 0168 sr - ok
02:04:14.0281 0168 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
02:04:14.0281 0168 srservice - ok
02:04:14.0343 0168 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:04:14.0375 0168 Srv - ok
02:04:14.0406 0168 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:04:14.0406 0168 SSDPSRV - ok
02:04:14.0453 0168 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:04:14.0468 0168 ssmdrv - ok
02:04:14.0500 0168 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
02:04:14.0515 0168 SSScsiSV - ok
02:04:14.0531 0168 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
02:04:14.0531 0168 StillCam - ok
02:04:14.0578 0168 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:04:14.0578 0168 stisvc - ok
02:04:14.0609 0168 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:04:14.0625 0168 streamip - ok
02:04:14.0640 0168 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:04:14.0656 0168 swenum - ok
02:04:14.0671 0168 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:04:14.0671 0168 swmidi - ok
02:04:14.0671 0168 SwPrv - ok
02:04:14.0687 0168 symc810 - ok
02:04:14.0687 0168 symc8xx - ok
02:04:14.0687 0168 sym_hi - ok
02:04:14.0687 0168 sym_u3 - ok
02:04:14.0734 0168 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:04:14.0734 0168 sysaudio - ok
02:04:14.0765 0168 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:04:14.0781 0168 SysmonLog - ok
02:04:14.0812 0168 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:04:14.0812 0168 TapiSrv - ok
02:04:14.0859 0168 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:04:14.0906 0168 Tcpip - ok
02:04:14.0937 0168 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:04:14.0937 0168 TDPIPE - ok
02:04:14.0953 0168 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:04:14.0968 0168 TDTCP - ok
02:04:14.0984 0168 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:04:15.0000 0168 TermDD - ok
02:04:15.0031 0168 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
02:04:15.0031 0168 TermService - ok
02:04:15.0046 0168 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
02:04:15.0046 0168 Themes - ok
02:04:15.0078 0168 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:04:15.0093 0168 TlntSvr - ok
02:04:15.0093 0168 TosIde - ok
02:04:15.0125 0168 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:04:15.0125 0168 TrkWks - ok
02:04:15.0156 0168 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:04:15.0171 0168 Udfs - ok
02:04:15.0171 0168 ultra - ok
02:04:15.0203 0168 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:04:15.0234 0168 Update - ok
02:04:15.0265 0168 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:04:15.0281 0168 upnphost - ok
02:04:15.0296 0168 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
02:04:15.0312 0168 UPS - ok
02:04:15.0328 0168 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:04:15.0343 0168 usbaudio - ok
02:04:15.0375 0168 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:04:15.0375 0168 usbccgp - ok
02:04:15.0390 0168 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:04:15.0390 0168 usbehci - ok
02:04:15.0437 0168 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:04:15.0437 0168 usbhub - ok
02:04:15.0484 0168 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:04:15.0484 0168 usbohci - ok
02:04:15.0531 0168 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:04:15.0531 0168 USBSTOR - ok
02:04:15.0578 0168 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:04:15.0593 0168 usbvideo - ok
02:04:15.0640 0168 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:04:15.0640 0168 VgaSave - ok
02:04:15.0640 0168 ViaIde - ok
02:04:15.0687 0168 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:04:15.0687 0168 VolSnap - ok
02:04:15.0750 0168 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
02:04:15.0781 0168 VSS - ok
02:04:15.0812 0168 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
02:04:15.0828 0168 W32Time - ok
02:04:15.0875 0168 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:04:15.0875 0168 Wanarp - ok
02:04:15.0875 0168 WDICA - ok
02:04:15.0906 0168 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:04:15.0921 0168 wdmaud - ok
02:04:15.0921 0168 Web Assistant Updater - ok
02:04:15.0953 0168 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:04:15.0968 0168 WebClient - ok
02:04:16.0046 0168 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:04:16.0046 0168 winmgmt - ok
02:04:16.0078 0168 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:04:16.0093 0168 WmdmPmSN - ok
02:04:16.0125 0168 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:04:16.0140 0168 Wmi - ok
02:04:16.0171 0168 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:04:16.0171 0168 WmiAcpi - ok
02:04:16.0218 0168 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:04:16.0218 0168 WmiApSrv - ok
02:04:16.0296 0168 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
02:04:16.0375 0168 WMPNetworkSvc - ok
02:04:16.0515 0168 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:04:16.0656 0168 WPFFontCache_v0400 - ok
02:04:16.0687 0168 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:04:16.0703 0168 wscsvc - ok
02:04:16.0718 0168 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:04:16.0734 0168 WSTCODEC - ok
02:04:16.0796 0168 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:04:16.0812 0168 WudfPf - ok
02:04:16.0828 0168 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:04:16.0843 0168 WudfRd - ok
02:04:16.0859 0168 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:04:16.0859 0168 WudfSvc - ok
02:04:16.0906 0168 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:04:16.0921 0168 WZCSVC - ok
02:04:16.0968 0168 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:04:16.0984 0168 xmlprov - ok
02:04:17.0000 0168 [ 6CABA3992E8D2939CAA6AAE0431BA7FB ] zghsmdm C:\WINDOWS\system32\DRIVERS\zghsmdm.sys
02:04:17.0015 0168 zghsmdm - ok
02:04:17.0015 0168 ================ Scan global ===============================
02:04:17.0046 0168 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
02:04:17.0093 0168 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
02:04:17.0109 0168 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
02:04:17.0125 0168 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
02:04:17.0125 0168 [Global] - ok
02:04:17.0125 0168 ================ Scan MBR ==================================
02:04:17.0140 0168 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
02:04:17.0328 0168 \Device\Harddisk0\DR0 - ok
02:04:17.0328 0168 ================ Scan VBR ==================================
02:04:17.0328 0168 [ 7C585A17373B062B955EF277E8291EC7 ] \Device\Harddisk0\DR0\Partition1
02:04:17.0328 0168 \Device\Harddisk0\DR0\Partition1 - ok
02:04:17.0343 0168 [ 5E2D284AD23CA0714EBCA57C4AE0207E ] \Device\Harddisk0\DR0\Partition2
02:04:17.0343 0168 \Device\Harddisk0\DR0\Partition2 - ok
02:04:17.0375 0168 [ 91B2168564532ED2A350FE39E28B2C42 ] \Device\Harddisk0\DR0\Partition3
02:04:17.0375 0168 \Device\Harddisk0\DR0\Partition3 - ok
02:04:17.0375 0168 ============================================================
02:04:17.0375 0168 Scan finished
02:04:17.0375 0168 ============================================================
02:04:17.0390 2868 Detected object count: 0
02:04:17.0390 2868 Actual detected object count: 0
02:05:33.0750 3668 ============================================================
02:05:33.0750 3668 Scan started
02:05:33.0750 3668 Mode: Manual; SigCheck; TDLFS;
02:05:33.0750 3668 ============================================================
02:05:34.0406 3668 ================ Scan system memory ========================
02:05:35.0406 3668 System memory - ok
02:05:35.0406 3668 ================ Scan services =============================
02:05:35.0500 3668 Abiosdsk - ok
02:05:35.0500 3668 abp480n5 - ok
02:05:35.0546 3668 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:05:37.0687 3668 ACPI - ok
02:05:37.0703 3668 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
02:05:37.0843 3668 ACPIEC - ok
02:05:37.0906 3668 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:05:37.0921 3668 AdobeFlashPlayerUpdateSvc - ok
02:05:37.0921 3668 adpu160m - ok
02:05:37.0968 3668 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
02:05:38.0062 3668 aec - ok
02:05:38.0109 3668 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
02:05:38.0125 3668 AegisP ( UnsignedFile.Multi.Generic ) - warning
02:05:38.0125 3668 AegisP - detected UnsignedFile.Multi.Generic (1)
02:05:38.0171 3668 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
02:05:38.0234 3668 AFD - ok
02:05:38.0234 3668 Aha154x - ok
02:05:38.0234 3668 aic78u2 - ok
02:05:38.0250 3668 aic78xx - ok
02:05:38.0281 3668 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
02:05:38.0390 3668 Alerter - ok
02:05:38.0406 3668 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
02:05:38.0515 3668 ALG - ok
02:05:38.0515 3668 AliIde - ok
02:05:38.0515 3668 amsint - ok
02:05:38.0640 3668 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
02:05:38.0640 3668 AntiVirSchedulerService - ok
02:05:38.0687 3668 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
02:05:38.0703 3668 AntiVirService - ok
02:05:38.0750 3668 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
02:05:38.0765 3668 AntiVirWebService - ok
02:05:38.0796 3668 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
02:05:38.0921 3668 AppMgmt - ok
02:05:38.0937 3668 asc - ok
02:05:38.0937 3668 asc3350p - ok
02:05:38.0937 3668 asc3550 - ok
02:05:39.0062 3668 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:05:39.0062 3668 aspnet_state - ok
02:05:39.0093 3668 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:05:39.0203 3668 AsyncMac - ok
02:05:39.0218 3668 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
02:05:39.0328 3668 atapi - ok
02:05:39.0343 3668 Atdisk - ok
02:05:39.0390 3668 [ FCFD6EEF3C99DF24EDD3F975EBBC61B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
02:05:39.0500 3668 Ati HotKey Poller - ok
02:05:39.0546 3668 [ C3CDCC8BEEF13D653312639926A6AA4C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
02:05:39.0625 3668 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
02:05:39.0625 3668 ATI Smart - detected UnsignedFile.Multi.Generic (1)
02:05:39.0718 3668 [ 42A3BADCAC4E31B373821A05F945E69D ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:05:39.0828 3668 ati2mtag - ok
02:05:39.0875 3668 [ 591A9EABB5EF5168E435C2F18B05DD76 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:05:39.0921 3668 AtiHdmiService - ok
02:05:39.0937 3668 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:05:40.0031 3668 Atmarpc - ok
02:05:40.0078 3668 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
02:05:40.0187 3668 AudioSrv - ok
02:05:40.0218 3668 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
02:05:40.0343 3668 audstub - ok
02:05:40.0375 3668 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
02:05:40.0421 3668 avgntflt - ok
02:05:40.0453 3668 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
02:05:40.0468 3668 avipbb - ok
02:05:40.0484 3668 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
02:05:40.0500 3668 avkmgr - ok
02:05:40.0531 3668 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:05:40.0656 3668 Beep - ok
02:05:40.0687 3668 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
02:05:40.0796 3668 BITS - ok
02:05:40.0812 3668 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
02:05:40.0890 3668 Browser - ok
02:05:40.0921 3668 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
02:05:41.0062 3668 cbidf2k - ok
02:05:41.0093 3668 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:05:41.0187 3668 CCDECODE - ok
02:05:41.0203 3668 cd20xrnt - ok
02:05:41.0250 3668 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
02:05:41.0375 3668 Cdaudio - ok
02:05:41.0406 3668 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
02:05:41.0500 3668 Cdfs - ok
02:05:41.0515 3668 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:05:41.0609 3668 Cdrom - ok
02:05:41.0625 3668 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
02:05:41.0656 3668 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
02:05:41.0656 3668 cercsr6 - detected UnsignedFile.Multi.Generic (1)
02:05:41.0656 3668 Changer - ok
02:05:41.0687 3668 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
02:05:41.0781 3668 CiSvc - ok
02:05:41.0796 3668 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
02:05:41.0890 3668 ClipSrv - ok
02:05:41.0968 3668 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:05:41.0984 3668 clr_optimization_v2.0.50727_32 - ok
02:05:42.0031 3668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:05:42.0046 3668 clr_optimization_v4.0.30319_32 - ok
02:05:42.0046 3668 CmdIde - ok
02:05:42.0093 3668 [ E5842CCF0953D3D46D5E26427B67E901 ] cmpci C:\WINDOWS\system32\drivers\cmaudio.sys
02:05:42.0156 3668 cmpci - ok
02:05:42.0156 3668 COMSysApp - ok
02:05:42.0171 3668 Cpqarray - ok
02:05:42.0203 3668 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
02:05:42.0296 3668 CryptSvc - ok
02:05:42.0312 3668 dac2w2k - ok
02:05:42.0312 3668 dac960nt - ok
02:05:42.0359 3668 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
02:05:42.0406 3668 DcomLaunch - ok
02:05:42.0453 3668 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
02:05:42.0546 3668 Dhcp - ok
02:05:42.0578 3668 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
02:05:42.0671 3668 Disk - ok
02:05:42.0671 3668 dmadmin - ok
02:05:42.0734 3668 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
02:05:42.0859 3668 dmboot - ok
02:05:42.0890 3668 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
02:05:42.0984 3668 dmio - ok
02:05:43.0031 3668 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
02:05:43.0140 3668 dmload - ok
02:05:43.0187 3668 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
02:05:43.0281 3668 dmserver - ok
02:05:43.0312 3668 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
02:05:43.0406 3668 DMusic - ok
02:05:43.0453 3668 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
02:05:43.0531 3668 Dnscache - ok
02:05:43.0562 3668 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
02:05:43.0671 3668 Dot3svc - ok
02:05:43.0671 3668 dpti2o - ok
02:05:43.0718 3668 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
02:05:43.0812 3668 drmkaud - ok
02:05:43.0843 3668 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
02:05:43.0953 3668 EapHost - ok
02:05:43.0968 3668 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
02:05:44.0000 3668 ENTECH ( UnsignedFile.Multi.Generic ) - warning
02:05:44.0000 3668 ENTECH - detected UnsignedFile.Multi.Generic (1)
02:05:44.0046 3668 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
02:05:44.0140 3668 ERSvc - ok
02:05:44.0171 3668 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
02:05:44.0203 3668 Eventlog - ok
02:05:44.0250 3668 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
02:05:44.0281 3668 EventSystem - ok
02:05:44.0312 3668 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
02:05:44.0406 3668 Fastfat - ok
02:05:44.0453 3668 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:05:44.0500 3668 FastUserSwitchingCompatibility - ok
02:05:44.0531 3668 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
02:05:44.0625 3668 Fdc - ok
02:05:44.0640 3668 FilterService - ok
02:05:44.0656 3668 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
02:05:44.0750 3668 Fips - ok
02:05:44.0765 3668 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
02:05:44.0875 3668 Flpydisk - ok
02:05:44.0906 3668 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
02:05:45.0000 3668 FltMgr - ok
02:05:45.0046 3668 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:05:45.0062 3668 FontCache3.0.0.0 - ok
02:05:45.0093 3668 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:05:45.0218 3668 Fs_Rec - ok
02:05:45.0218 3668 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:05:45.0375 3668 Ftdisk - ok
02:05:45.0421 3668 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
02:05:45.0515 3668 gameenum - ok
02:05:45.0546 3668 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:05:45.0640 3668 Gpc - ok
02:05:45.0703 3668 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
02:05:45.0718 3668 gupdate - ok
02:05:45.0718 3668 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
02:05:45.0734 3668 gupdatem - ok
02:05:45.0750 3668 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:05:45.0843 3668 HDAudBus - ok
02:05:45.0921 3668 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:05:46.0015 3668 helpsvc - ok
02:05:46.0031 3668 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
02:05:46.0140 3668 HidServ - ok
02:05:46.0187 3668 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:05:46.0281 3668 HidUsb - ok
02:05:46.0312 3668 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
02:05:46.0390 3668 hkmsvc - ok
02:05:46.0406 3668 hpn - ok
02:05:46.0437 3668 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
02:05:46.0468 3668 HTTP - ok
02:05:46.0500 3668 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
02:05:46.0593 3668 HTTPFilter - ok
02:05:46.0593 3668 i2omgmt - ok
02:05:46.0609 3668 i2omp - ok
02:05:46.0640 3668 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:05:46.0734 3668 i8042prt - ok
02:05:46.0796 3668 [ 81EACB021DC52E908187861FD92370B4 ] IBUpdaterService C:\WINDOWS\system32\dmwu.exe
02:05:46.0875 3668 IBUpdaterService - ok
02:05:46.0921 3668 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
02:05:46.0953 3668 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:05:46.0953 3668 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:05:47.0015 3668 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:05:47.0062 3668 idsvc - ok
02:05:47.0078 3668 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
02:05:47.0187 3668 Imapi - ok
02:05:47.0218 3668 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
02:05:47.0312 3668 ImapiService - ok
02:05:47.0328 3668 ini910u - ok
02:05:47.0328 3668 IntelIde - ok
02:05:47.0359 3668 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
02:05:47.0468 3668 Ip6Fw - ok
02:05:47.0500 3668 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:05:47.0640 3668 IpFilterDriver - ok
02:05:47.0671 3668 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:05:47.0765 3668 IpInIp - ok
02:05:47.0781 3668 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:05:47.0875 3668 IpNat - ok
02:05:47.0890 3668 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:05:47.0984 3668 IPSec - ok
02:05:48.0015 3668 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
02:05:48.0109 3668 IRENUM - ok
02:05:48.0156 3668 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:05:48.0250 3668 isapnp - ok
02:05:48.0375 3668 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
02:05:48.0390 3668 JavaQuickStarterService - ok
02:05:48.0406 3668 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:05:48.0484 3668 Kbdclass - ok
02:05:48.0531 3668 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:05:48.0625 3668 kbdhid - ok
02:05:48.0640 3668 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
02:05:48.0750 3668 kmixer - ok
02:05:48.0781 3668 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
02:05:48.0828 3668 KSecDD - ok
02:05:48.0875 3668 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
02:05:48.0906 3668 lanmanserver - ok
02:05:48.0937 3668 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:05:48.0984 3668 lanmanworkstation - ok
02:05:48.0984 3668 lbrtfdc - ok
02:05:49.0031 3668 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
02:05:49.0125 3668 LmHosts - ok
02:05:49.0125 3668 LVRS - ok
02:05:49.0140 3668 LVUSBSta - ok
02:05:49.0140 3668 LVUVC - ok
02:05:49.0171 3668 [ 3C7B3072C3C5CC23F5FD46F8DFDA7480 ] massfilter_hs C:\WINDOWS\system32\drivers\massfilter_hs.sys
02:05:49.0187 3668 massfilter_hs - ok
02:05:49.0203 3668 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
02:05:49.0312 3668 Messenger - ok
02:05:49.0343 3668 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
02:05:49.0468 3668 mnmdd - ok
02:05:49.0500 3668 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:05:49.0609 3668 mnmsrvc - ok
02:05:49.0640 3668 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
02:05:49.0734 3668 Modem - ok
02:05:49.0765 3668 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:05:49.0843 3668 Mouclass - ok
02:05:49.0890 3668 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:05:50.0031 3668 mouhid - ok
02:05:50.0062 3668 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
02:05:50.0156 3668 MountMgr - ok
02:05:50.0156 3668 mraid35x - ok
02:05:50.0187 3668 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:05:50.0296 3668 MRxDAV - ok
02:05:50.0359 3668 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:05:50.0390 3668 MRxSmb - ok
02:05:50.0453 3668 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
02:05:50.0468 3668 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
02:05:50.0468 3668 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
02:05:50.0515 3668 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:05:50.0609 3668 MSDTC - ok
02:05:50.0640 3668 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
02:05:50.0750 3668 Msfs - ok
02:05:50.0750 3668 MSIServer - ok
02:05:50.0765 3668 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:05:50.0875 3668 MSKSSRV - ok
02:05:50.0890 3668 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:05:50.0984 3668 MSPCLOCK - ok
02:05:51.0000 3668 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
02:05:51.0109 3668 MSPQM - ok
02:05:51.0140 3668 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:05:51.0234 3668 mssmbios - ok
02:05:51.0265 3668 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
02:05:51.0375 3668 MSTEE - ok
02:05:51.0406 3668 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
02:05:51.0421 3668 Mup - ok
02:05:51.0453 3668 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:05:51.0546 3668 NABTSFEC - ok
02:05:51.0593 3668 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
02:05:51.0703 3668 napagent - ok
02:05:51.0734 3668 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
02:05:51.0828 3668 NDIS - ok
02:05:51.0859 3668 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:05:51.0953 3668 NdisIP - ok
02:05:52.0000 3668 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:05:52.0031 3668 NdisTapi - ok
02:05:52.0078 3668 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:05:52.0171 3668 Ndisuio - ok
02:05:52.0187 3668 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:05:52.0296 3668 NdisWan - ok
02:05:52.0343 3668 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
02:05:52.0359 3668 NDProxy - ok
02:05:52.0390 3668 Nero BackItUp Scheduler 4.0 - ok
02:05:52.0406 3668 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
02:05:52.0515 3668 NetBIOS - ok
02:05:52.0531 3668 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
02:05:52.0625 3668 NetBT - ok
02:05:52.0640 3668 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
02:05:52.0750 3668 NetDDE - ok
02:05:52.0765 3668 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
02:05:52.0859 3668 NetDDEdsdm - ok
02:05:52.0890 3668 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
02:05:52.0984 3668 Netlogon - ok
02:05:53.0015 3668 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
02:05:53.0125 3668 Netman - ok
02:05:53.0187 3668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:05:53.0203 3668 NetTcpPortSharing - ok
02:05:53.0234 3668 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
02:05:53.0250 3668 Nla - ok
02:05:53.0265 3668 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
02:05:53.0343 3668 Npfs - ok
02:05:53.0406 3668 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
02:05:53.0531 3668 Ntfs - ok
02:05:53.0546 3668 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
02:05:53.0640 3668 NtLmSsp - ok
02:05:53.0671 3668 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
02:05:53.0781 3668 NtmsSvc - ok
02:05:53.0796 3668 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
02:05:53.0953 3668 Null - ok
02:05:54.0109 3668 [ 92E7BC87B502ACC4BCD7910AD1D58040 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:05:54.0312 3668 nv ( UnsignedFile.Multi.Generic ) - warning
02:05:54.0312 3668 nv - detected UnsignedFile.Multi.Generic (1)
02:05:54.0359 3668 [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:05:54.0390 3668 NVENETFD - ok
02:05:54.0406 3668 [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:05:54.0453 3668 nvnetbus - ok
02:05:54.0484 3668 [ FF3A53F8E423F62ED0EF4D8524AB8088 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
02:05:54.0500 3668 NVSvc ( UnsignedFile.Multi.Generic ) - warning
02:05:54.0500 3668 NVSvc - detected UnsignedFile.Multi.Generic (1)
02:05:54.0531 3668 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:05:54.0671 3668 NwlnkFlt - ok
02:05:54.0671 3668 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:05:54.0812 3668 NwlnkFwd - ok
02:05:54.0843 3668 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
02:05:54.0859 3668 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
02:05:54.0859 3668 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
02:05:54.0906 3668 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
02:05:55.0000 3668 Parport - ok
02:05:55.0015 3668 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
02:05:55.0125 3668 PartMgr - ok
02:05:55.0156 3668 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
02:05:55.0281 3668 ParVdm - ok
02:05:55.0296 3668 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
02:05:55.0390 3668 PCI - ok
02:05:55.0390 3668 PCIDump - ok
02:05:55.0406 3668 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
02:05:55.0515 3668 PCIIde - ok
02:05:55.0546 3668 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
02:05:55.0656 3668 Pcmcia - ok
02:05:55.0656 3668 PDCOMP - ok
02:05:55.0656 3668 PDFRAME - ok
02:05:55.0671 3668 PDRELI - ok
02:05:55.0671 3668 PDRFRAME - ok
02:05:55.0687 3668 perc2 - ok
02:05:55.0687 3668 perc2hib - ok
02:05:55.0718 3668 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
02:05:55.0734 3668 PlugPlay - ok
02:05:55.0750 3668 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
02:05:55.0828 3668 PolicyAgent - ok
02:05:55.0875 3668 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:05:55.0968 3668 PptpMiniport - ok
02:05:55.0984 3668 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
02:05:56.0078 3668 Processor - ok
02:05:56.0078 3668 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:05:56.0171 3668 ProtectedStorage - ok
02:05:56.0171 3668 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
02:05:56.0281 3668 PSched - ok
02:05:56.0296 3668 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:05:56.0421 3668 Ptilink - ok
02:05:56.0453 3668 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:05:56.0453 3668 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
02:05:56.0453 3668 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
02:05:56.0468 3668 ql1080 - ok
02:05:56.0468 3668 Ql10wnt - ok
02:05:56.0468 3668 ql12160 - ok
02:05:56.0468 3668 ql1240 - ok
02:05:56.0484 3668 ql1280 - ok
02:05:56.0484 3668 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:05:56.0625 3668 RasAcd - ok
02:05:56.0656 3668 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
02:05:56.0750 3668 RasAuto - ok
02:05:56.0765 3668 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:05:56.0859 3668 Rasl2tp - ok
02:05:56.0906 3668 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
02:05:57.0000 3668 RasMan - ok
02:05:57.0015 3668 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:05:57.0109 3668 RasPppoe - ok
02:05:57.0109 3668 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
02:05:57.0234 3668 Raspti - ok
02:05:57.0281 3668 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:05:57.0390 3668 Rdbss - ok
02:05:57.0406 3668 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:05:57.0515 3668 RDPCDD - ok
02:05:57.0531 3668 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:05:57.0625 3668 rdpdr - ok
02:05:57.0656 3668 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
02:05:57.0734 3668 RDPWD - ok
02:05:57.0765 3668 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:05:57.0859 3668 RDSessMgr - ok
02:05:57.0906 3668 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
02:05:57.0984 3668 redbook - ok
02:05:58.0015 3668 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
02:05:58.0125 3668 RemoteAccess - ok
02:05:58.0156 3668 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:05:58.0250 3668 RemoteRegistry - ok
02:05:58.0281 3668 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
02:05:58.0375 3668 RpcLocator - ok
02:05:58.0406 3668 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
02:05:58.0421 3668 RpcSs - ok
02:05:58.0468 3668 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
02:05:58.0609 3668 RSVP - ok
02:05:58.0656 3668 [ 7D86DBCF858DDE836E7E0397CD616908 ] rtl8185 C:\WINDOWS\system32\DRIVERS\rtl8185.sys
02:05:58.0671 3668 rtl8185 ( UnsignedFile.Multi.Generic ) - warning
02:05:58.0671 3668 rtl8185 - detected UnsignedFile.Multi.Generic (1)
02:05:58.0671 3668 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
02:05:58.0765 3668 SamSs - ok
02:05:58.0796 3668 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
02:05:58.0906 3668 SCardSvr - ok
02:05:58.0953 3668 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
02:05:59.0046 3668 Schedule - ok
02:05:59.0093 3668 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:05:59.0171 3668 Secdrv - ok
02:05:59.0203 3668 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
02:05:59.0296 3668 seclogon - ok
02:05:59.0312 3668 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
02:05:59.0406 3668 SENS - ok
02:05:59.0421 3668 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
02:05:59.0515 3668 serenum - ok
02:05:59.0531 3668 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
02:05:59.0640 3668 Serial - ok
02:05:59.0687 3668 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
02:05:59.0781 3668 Sfloppy - ok
02:05:59.0828 3668 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
02:05:59.0937 3668 SharedAccess - ok
02:05:59.0968 3668 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:05:59.0984 3668 ShellHWDetection - ok
02:06:00.0000 3668 Simbad - ok
02:06:00.0015 3668 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:06:00.0125 3668 SLIP - ok
02:06:00.0156 3668 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
02:06:00.0171 3668 SonicStage Back-End Service - ok
02:06:00.0171 3668 Sparrow - ok
02:06:00.0203 3668 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
02:06:00.0312 3668 splitter - ok
02:06:00.0343 3668 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
02:06:00.0406 3668 Spooler - ok
02:06:00.0437 3668 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
02:06:00.0453 3668 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
02:06:00.0453 3668 SPTISRV - detected UnsignedFile.Multi.Generic (1)
02:06:00.0500 3668 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
02:06:00.0593 3668 sr - ok
02:06:00.0625 3668 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
02:06:00.0718 3668 srservice - ok
02:06:00.0765 3668 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
02:06:00.0843 3668 Srv - ok
02:06:00.0875 3668 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
02:06:00.0968 3668 SSDPSRV - ok
02:06:01.0015 3668 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
02:06:01.0015 3668 ssmdrv - ok
02:06:01.0046 3668 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
02:06:01.0062 3668 SSScsiSV - ok
02:06:01.0093 3668 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
02:06:01.0218 3668 StillCam - ok
02:06:01.0265 3668 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
02:06:01.0359 3668 stisvc - ok
02:06:01.0390 3668 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:06:01.0484 3668 streamip - ok
02:06:01.0515 3668 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
02:06:01.0609 3668 swenum - ok
02:06:01.0640 3668 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
02:06:01.0734 3668 swmidi - ok
02:06:01.0734 3668 SwPrv - ok
02:06:01.0750 3668 symc810 - ok
02:06:01.0750 3668 symc8xx - ok
02:06:01.0765 3668 sym_hi - ok
02:06:01.0765 3668 sym_u3 - ok
02:06:01.0781 3668 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
02:06:01.0875 3668 sysaudio - ok
02:06:01.0906 3668 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
02:06:02.0015 3668 SysmonLog - ok
02:06:02.0062 3668 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
02:06:02.0156 3668 TapiSrv - ok
02:06:02.0187 3668 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:06:02.0218 3668 Tcpip - ok
02:06:02.0265 3668 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
02:06:02.0375 3668 TDPIPE - ok
02:06:02.0390 3668 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
02:06:02.0500 3668 TDTCP - ok
02:06:02.0515 3668 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
02:06:02.0609 3668 TermDD - ok
02:06:02.0640 3668 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
02:06:02.0734 3668 TermService - ok
02:06:02.0750 3668 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
02:06:02.0765 3668 Themes - ok
02:06:02.0812 3668 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:06:02.0906 3668 TlntSvr - ok
02:06:02.0921 3668 TosIde - ok
02:06:02.0968 3668 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
02:06:03.0046 3668 TrkWks - ok
02:06:03.0093 3668 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
02:06:03.0203 3668 Udfs - ok
02:06:03.0203 3668 ultra - ok
02:06:03.0250 3668 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
02:06:03.0359 3668 Update - ok
02:06:03.0375 3668 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
02:06:03.0484 3668 upnphost - ok
02:06:03.0515 3668 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
02:06:03.0625 3668 UPS - ok
02:06:03.0656 3668 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
02:06:03.0750 3668 usbaudio - ok
02:06:03.0796 3668 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:06:03.0890 3668 usbccgp - ok
02:06:03.0906 3668 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:06:04.0000 3668 usbehci - ok
02:06:04.0031 3668 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:06:04.0125 3668 usbhub - ok
02:06:04.0156 3668 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:06:04.0250 3668 usbohci - ok
02:06:04.0281 3668 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:06:04.0375 3668 USBSTOR - ok
02:06:04.0421 3668 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
02:06:04.0531 3668 usbvideo - ok
02:06:04.0562 3668 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
02:06:04.0671 3668 VgaSave - ok
02:06:04.0671 3668 ViaIde - ok
02:06:04.0703 3668 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
02:06:04.0796 3668 VolSnap - ok
02:06:04.0828 3668 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
02:06:04.0921 3668 VSS - ok
02:06:04.0937 3668 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
02:06:05.0046 3668 W32Time - ok
02:06:05.0078 3668 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:06:05.0171 3668 Wanarp - ok
02:06:05.0187 3668 WDICA - ok
02:06:05.0218 3668 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
02:06:05.0312 3668 wdmaud - ok
02:06:05.0312 3668 Web Assistant Updater - ok
02:06:05.0359 3668 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
02:06:05.0453 3668 WebClient - ok
02:06:05.0531 3668 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
02:06:05.0640 3668 winmgmt - ok
02:06:05.0671 3668 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
02:06:05.0718 3668 WmdmPmSN - ok
02:06:05.0765 3668 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
02:06:05.0828 3668 Wmi - ok
02:06:05.0859 3668 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:06:05.0953 3668 WmiAcpi - ok
02:06:06.0000 3668 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:06:06.0093 3668 WmiApSrv - ok
02:06:06.0156 3668 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
02:06:06.0218 3668 WMPNetworkSvc - ok
02:06:06.0375 3668 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:06:06.0421 3668 WPFFontCache_v0400 - ok
02:06:06.0453 3668 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
02:06:06.0546 3668 wscsvc - ok
02:06:06.0578 3668 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:06:06.0687 3668 WSTCODEC - ok
02:06:06.0718 3668 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:06:06.0765 3668 WudfPf - ok
02:06:06.0781 3668 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:06:06.0812 3668 WudfRd - ok
02:06:06.0843 3668 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
02:06:06.0875 3668 WudfSvc - ok
02:06:06.0921 3668 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
02:06:07.0015 3668 WZCSVC - ok
02:06:07.0046 3668 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
02:06:07.0156 3668 xmlprov - ok
02:06:07.0187 3668 [ 6CABA3992E8D2939CAA6AAE0431BA7FB ] zghsmdm C:\WINDOWS\system32\DRIVERS\zghsmdm.sys
02:06:07.0203 3668 zghsmdm - ok
02:06:07.0203 3668 ================ Scan global ===============================
02:06:07.0234 3668 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
02:06:07.0281 3668 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
02:06:07.0296 3668 [ E62178BC21EAC63A3B9A2DBD46C1B505 ] C:\WINDOWS\system32\winsrv.dll
02:06:07.0312 3668 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
02:06:07.0312 3668 [Global] - ok
02:06:07.0312 3668 ================ Scan MBR ==================================
02:06:07.0328 3668 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
02:06:07.0609 3668 \Device\Harddisk0\DR0 - ok
02:06:07.0609 3668 ================ Scan VBR ==================================
02:06:07.0625 3668 [ 7C585A17373B062B955EF277E8291EC7 ] \Device\Harddisk0\DR0\Partition1
02:06:07.0625 3668 \Device\Harddisk0\DR0\Partition1 - ok
02:06:07.0640 3668 [ 5E2D284AD23CA0714EBCA57C4AE0207E ] \Device\Harddisk0\DR0\Partition2
02:06:07.0640 3668 \Device\Harddisk0\DR0\Partition2 - ok
02:06:07.0656 3668 [ 91B2168564532ED2A350FE39E28B2C42 ] \Device\Harddisk0\DR0\Partition3
02:06:07.0671 3668 \Device\Harddisk0\DR0\Partition3 - ok
02:06:07.0671 3668 ============================================================
02:06:07.0671 3668 Scan finished
02:06:07.0671 3668 ============================================================
02:06:07.0781 3156 Detected object count: 12
02:06:07.0781 3156 Actual detected object count: 12
02:07:08.0203 3156 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0203 3156 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0203 3156 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0203 3156 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0203 3156 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0203 3156 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0203 3156 ENTECH ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0203 3156 ENTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0203 3156 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0203 3156 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 nv ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 NVSvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 NVSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 rtl8185 ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 rtl8185 ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:07:08.0218 3156 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
02:07:08.0218 3156 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip





ist jetzt alles erlediugt und der virus gelöscht?

vielen dank in jedem fall, mein rechner läuft wieder :party:

markusg 23.05.2013 22:13
hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

krefelder1 23.05.2013 22:38
Combofix Logfile:
Code:
ComboFix 13-05-23.02 - Tarik 24.05.2013  2:23.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1543 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Selma\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\2433f433
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\SYSTEM32\Wireless\WirelessGina.DLL
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-24 bis 2013-05-24  ))))))))))))))))))))))))))))))
.
.
2013-05-24 05:03 . 2013-05-24 05:03        --------        d-----w-        C:\_OTL
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
2013-05-07 19:04 . 2013-05-07 19:04        --------        d-----w-        c:\dokumente und einstellungen\Selma\Anwendungsdaten\Avira
2013-05-07 18:59 . 2013-05-23 23:57        --------        d-----w-        c:\dokumente und einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\DoNotTrackPlus
2013-05-07 18:59 . 2013-05-07 18:59        --------        d-----w-        c:\dokumente und einstellungen\Selma\Anwendungsdaten\AskToolbar
2013-05-07 18:58 . 2013-05-07 18:58        --------        d-----w-        c:\programme\Ask.com
2013-05-07 18:58 . 2013-05-24 00:20        --------        d-----w-        c:\dokumente und einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\AskToolbar
2013-05-07 18:57 . 2013-05-07 18:57        --------        d-----w-        c:\programme\Avira
2013-05-07 18:57 . 2013-05-07 18:57        84744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-05-07 18:57 . 2013-05-07 18:57        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-05-07 18:57 . 2013-05-07 18:57        135136        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 10:02 . 2012-04-02 16:19        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-15 10:02 . 2012-01-27 22:29        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:16 . 2006-03-04 03:34        920064        ----a-w-        c:\windows\system32\wininet.dll
2013-04-16 22:16 . 2004-08-04 10:00        43520        ------w-        c:\windows\system32\licmgr10.dll
2013-04-16 22:16 . 2004-08-04 10:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2004-08-04 10:00        385024        ------w-        c:\windows\system32\html.iec
2013-04-12 14:00 . 2004-08-04 10:00        1876480        ----a-w-        c:\windows\system32\win32k.sys
2013-04-07 08:54 . 2012-09-03 13:29        1156400        ----a-w-        c:\windows\system32\dmwu.exe
2013-04-07 08:52 . 2012-09-03 13:29        27136        ----a-w-        c:\windows\system32\ImHttpComm.dll
2013-03-08 08:36 . 2004-08-04 10:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2005-03-30 17:36        2031104        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2005-03-30 17:36        2152448        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-06 21:48 . 2013-03-06 21:48        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 21:48 . 2012-07-08 12:31        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-03-06 21:48 . 2008-12-30 16:52        143872        ----a-w-        c:\windows\system32\javacpl.cpl
2013-03-06 21:48 . 2011-02-03 16:24        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-02-27 07:56 . 2008-12-15 21:21        2067456        ----a-w-        c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Infrastructure Helper"="c:\dokumente und einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\Smartbar\Application\QuickShare.exe" [2013-05-12 20248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"nwiz"="nwiz.exe" [2008-12-02 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2013-04-01 1646216]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"Netlogon"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Steam\\SteamApps\\tarik2404\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Steam\\SteamApps\\ceytey\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\dmwu.exe"=
"c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [07.05.2013 20:57 37352]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [07.05.2013 20:57 86752]
R2 AntiVirWebService;Avira Browser-Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [07.05.2013 20:57 562744]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [03.09.2012 15:29 1156400]
S2 Web Assistant Updater;Web Assistant Updater;c:\programme\Web Assistant\ExtensionUpdaterService.exe --> c:\programme\Web Assistant\ExtensionUpdaterService.exe [?]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [19.07.2012 12:40 15896]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [19.07.2012 12:40 113688]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:02]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-26 21:17]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-26 21:17]
.
2013-05-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-04-01 10:59]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=hp&installDate=09/04/2013
mStart Page = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzutAtN2Y1L1QzutDtDtBtCzyyBzy0ByByEzy0E0Czy0ByBtN0D0TzutBtDtCtBtDyBtCyD&cr=987554263
uSearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-1ClickDownload - c:\programme\ATDheNetTVApp.com\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-05-24 02:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(884)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\jmdp\stij.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\Mixer.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-24  02:36:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-24 00:36
.
Vor Suchlauf: 9 Verzeichnis(se), 81.561.116.672 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 81.764.077.568 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BAD4C7AD1B8B1DA35DCF866B6C05ADA9

markusg 24.05.2013 11:54
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

krefelder1 25.05.2013 16:00
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.25.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tarik :: YENER [Administrator]

Schutz: Aktiviert

25.05.2013 14:57:43
mbam-log-2013-05-25 (14-57-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 327869
Laufzeit: 1 Stunde(n), 59 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> 244 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\WINDOWS\system32\dmwu.exe (PUP.InstallBrain) -> Löschen bei Neustart.

(Ende)

markusg 25.05.2013 16:05
hi
dann mal neustarten.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

krefelder1 25.05.2013 17:07
Adobe Flash Player 11 ActiveXAdobe Systems Incorporated23.05.2013 11.7.700.202     notwendig glaube ich
Adobe Flash Player 11 PluginAdobe Systems Incorporated23.05.2013 11.7.700.202     notwendig glaube ich
Adobe Reader X (10.1.7) - DeutschAdobe Systems Incorporated24.05.2013122,00MB10.1.7    notwendig 
Adobe Shockwave Player 11.5Adobe Systems, Inc.30.07.2009 11.5.1.601      
ATI - Dienstprogramm zur Deinstallation der Software 20.05.2009 6.14.10.1022     notwendig glaube ich
ATI AVIVO CodecsATI Technologies Inc.23.12.20082,77MB9.16.0.30508      
ATI Catalyst Control Center   2.008.1003.1758      
ATI Display Driver 20.05.2009 8.542-081003a-070882C-ATI      
ATI Parental Control & EncoderIhr Firmenname23.12.20084.194.303,00MB3.0      
Avira Free AntivirusAvira24.05.2013 13.0.0.3640      
Avira SearchFree Toolbar plus Web ProtectionAsk.com07.05.20139,08MB1.15.24.0      
Avira SearchFree Toolbar plus Web Protection UpdaterAsk.com07.05.2013 1.2.5.42066     unnötig
CCleanerPiriform23.04.2013 4.01      
FusionSoft DVD Player XP Version 4.5FusionSoft18.02.2011        
Google ChromeGoogle Inc.25.05.2013 27.0.1453.94      
Google Toolbar for Internet ExplorerGoogle Inc.25.05.2013 7.4.3607.2246      
HP Officejet 6500 E710n-z - Grundlegende Software für das GerätHewlett-Packard Co.13.05.2012142,00MB22.50.231.0 notwendig    
HP Officejet 6500 E710n-z HilfeHewlett Packard13.05.201221,78MB140.0.2.2      
HP UpdateHewlett-Packard13.05.20122,97MB5.002.006.003      
I.R.I.S. OCRHP13.05.201268,96MB12.3.4.0      
IB Updater Service 10.04.2013 3.0.4.6      
Java 7 Update 21Oracle06.03.2013129,00MB7.0.210      
Java(TM) 6 Update 7Sun Microsystems, Inc.30.12.2008137,00MB1.6.0.70      
LevelOne WNC-0301 15.12.2008 1.00.0000      
Malwarebytes Anti-Malware Version 1.75.0.1300Malwarebytes Corporation25.05.2013 1.75.0.1300   notwendig galube ich  
Microsoft .NET Framework 2.0 Service Pack 2Microsoft Corporation15.05.2013183,00MB2.2.30729   notwendig galube ich  
Microsoft .NET Framework 3.0 Service Pack 2Microsoft Corporation09.01.2013253,00MB3.2.30729   notwendig galube ich  
Microsoft .NET Framework 3.5 SP1Microsoft Corporation09.01.2013        
Microsoft .NET Framework 4 Client ProfileMicrosoft Corporation15.05.2013 4.0.30319    notwendig galube ich 
Microsoft .NET Framework 4 ExtendedMicrosoft Corporation10.04.2013 4.0.30319     notwendig galube ich
Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Corporation17.02.2011 1    notwendig galube ich 
Microsoft SilverlightMicrosoft Corporation15.03.2013202,00MB5.1.20125.0      
Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Corporation24.11.20091,74MB3.1.0000    notwendig galube ich 
Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Corporation08.02.20112,29MB1.0.1215.0   notwendig galube ich  
Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Corporation08.02.20111,45MB1.0.1215.0   notwendig galube ich  
Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Corporation17.02.2011      notwendig galube ich 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Corporation29.07.20090,11MB8.0.50727.4053 notwendig galube ich    
Microsoft Visual C++ 2005 RedistributableMicrosoft Corporation27.01.20125,28MB8.0.61001    notwendig galube ich 
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Corporation11.03.201214,97MB10.0.40219  notwendig galube ich   
MSXML 4.0 SP2 (KB954430)Microsoft Corporation16.08.20092,67MB4.20.9870.0      
MSXML 4.0 SP2 (KB973688)Microsoft Corporation25.11.20092,77MB4.20.9876.0      
NVIDIA DriversNVIDIA Corporation16.12.2008        
OpenMG Secure Module 4.7.00Sony Corporation14.07.2009 4.7.00.12140      
OpenOffice.org 3.0OpenOffice.org30.12.2008349,00MB3.0.9358      
PCI Audio Driver          
QuickShareLinkury Inc.15.05.201319,48MB1.6.1.952      
SonicStage 4.3Sony Corporation14.07.2009 4.3      
Studie zur Verbesserung von HP Officejet 6500 E710n-z ProduktenHewlett-Packard Co.13.05.20124,87MB22.50.231.0  unnötig   
VAFPlayerTuguu SL09.04.201318,00MB1.6.8      
Veetle TVVeetle, Inc17.03.2012 0.9.19      
Windows Internet Explorer 8Microsoft Corporation28.02.2012 20090308.140743      
Windows Live EssentialsMicrosoft Corporation08.02.2011 14.0.8117.0416      
Windows Media Format 11 runtime 18.02.2011        
Windows Media Player 11 18.02.2011        
Windows XP Service Pack 3Microsoft Corporation23.12.2008 20080414.031514      
ZTE Handset USB DriverZTE Corporation19.07.2012 5.2066.1.A11B02      

markusg 25.05.2013 17:09
nur die Hälfte beschriftet?

krefelder1 25.05.2013 17:13
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 23.05.2013 11.7.700.202 notwendig glaube ich
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.05.2013 11.7.700.202 notwendig glaube ich
Adobe Reader X (10.1.7) - Deutsch Adobe Systems Incorporated 24.05.2013 122,00MB 10.1.7 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 30.07.2009 11.5.1.601 notwendig glaube ich
ATI - Dienstprogramm zur Deinstallation der Software 20.05.2009 6.14.10.1022 notwendig glaube ich
ATI AVIVO Codecs ATI Technologies Inc. 23.12.2008 2,77MB 9.16.0.30508 notwendig glaube ich
ATI Catalyst Control Center 2.008.1003.1758 notwendig glaube ich
ATI Display Driver 20.05.2009 8.542-081003a-070882C-ATI notwendig glaube ich
ATI Parental Control & Encoder Ihr Firmenname 23.12.2008 4.194.303,00MB 3.0 notwendig glaube ich
Avira Free Antivirus Avira 24.05.2013 13.0.0.3640 notwendig
Avira SearchFree Toolbar plus Web Protection Ask.com 07.05.2013 9,08MB 1.15.24.0 unnötig
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 07.05.2013 1.2.5.42066 unnötig
CCleaner Piriform 23.04.2013 4.01 notwendig
FusionSoft DVD Player XP Version 4.5 FusionSoft 18.02.2011 notwendig glaube ich
Google Chrome Google Inc. 25.05.2013 27.0.1453.94 unnötig
Google Toolbar for Internet Explorer Google Inc. 25.05.2013 7.4.3607.2246 unnötig
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät Hewlett-Packard Co. 13.05.2012 142,00MB 22.50.231.0 notwendig
HP Officejet 6500 E710n-z Hilfe Hewlett Packard 13.05.2012 21,78MB 140.0.2.2 notwendig
HP Update Hewlett-Packard 13.05.2012 2,97MB 5.002.006.003 notwendig
I.R.I.S. OCR HP 13.05.2012 68,96MB 12.3.4.0 notwendig glaube ich
IB Updater Service 10.04.2013 3.0.4.6 unbekannt
Java 7 Update 21 Oracle 06.03.2013 129,00MB 7.0.210 notwendig galube ich
Java(TM) 6 Update 7 Sun Microsystems, Inc. 30.12.2008 137,00MB 1.6.0.70 notwendig galube ich
LevelOne WNC-0301 15.12.2008 1.00.0000 notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 25.05.2013 1.75.0.1300 notwendig galube ich
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 15.05.2013 183,00MB 2.2.30729 notwendig galube ich
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 09.01.2013 253,00MB 3.2.30729 notwendig galube ich
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.01.2013 notwendig galube ich
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 15.05.2013 4.0.30319 notwendig galube ich
Microsoft .NET Framework 4 Extended Microsoft Corporation 10.04.2013 4.0.30319 notwendig galube ich
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 17.02.2011 1 notwendig galube ich
Microsoft Silverlight Microsoft Corporation 15.03.2013 202,00MB 5.1.20125.0 notwendig galube ich
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 24.11.2009 1,74MB 3.1.0000 notwendig galube ich
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 08.02.2011 2,29MB 1.0.1215.0 notwendig galube ich
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 08.02.2011 1,45MB 1.0.1215.0 notwendig galube ich
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 17.02.2011 notwendig galube ich
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,11MB 8.0.50727.4053 notwendig galube ich
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.01.2012 5,28MB 8.0.61001 notwendig galube ich
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.03.2012 14,97MB 10.0.40219 notwendig galube ich
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.08.2009 2,67MB 4.20.9870.0 notwendig galube ich
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 2,77MB 4.20.9876.0 notwendig galube ich
NVIDIA Drivers NVIDIA Corporation 16.12.2008 notwendig
OpenMG Secure Module 4.7.00 Sony Corporation 14.07.2009 4.7.00.12140 notwendig galube ich
OpenOffice.org 3.0 OpenOffice.org 30.12.2008 349,00MB 3.0.9358 notwendig
PCI Audio Driver notwendig galube ich
QuickShare Linkury Inc. 15.05.2013 19,48MB 1.6.1.952 notwendig galube ich
SonicStage 4.3 Sony Corporation 14.07.2009 4.3 notwendig galube ich
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten Hewlett-Packard Co. 13.05.2012 4,87MB 22.50.231.0 unnötig
VAFPlayer Tuguu SL 09.04.2013 18,00MB 1.6.8 unnötig
Veetle TV Veetle, Inc 17.03.2012 0.9.19 notwendig
Windows Internet Explorer 8 Microsoft Corporation 28.02.2012 20090308.140743 notwendig
Windows Live Essentials Microsoft Corporation 08.02.2011 14.0.8117.0416 notwendig galube ich
Windows Media Format 11 runtime 18.02.2011 notwendig galube ich
Windows Media Player 11 18.02.2011 notwendig
Windows XP Service Pack 3 Microsoft Corporation 23.12.2008 20080414.031514 notwendig
ZTE Handset USB Driver ZTE Corporation 19.07.2012 5.2066.1.A11B02 notwendig

markusg 25.05.2013 17:15
bdeinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Avira SearchFree : beide
Google : beide
IB Updater
Java(TM) 6
Studie
VAFPlayer

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

krefelder1 25.05.2013 18:05
AdwCleaner Logfile:
Code:
# AdwCleaner v2.301 - Datei am 25/05/2013 um 18:57:08 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Tarik - YENER
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Selma\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Web Assistant Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\funmoods.crx
Datei Gelöscht : C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\funmoods-speeddial.crx
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\DOKUME~1\Selma\LOKALE~1\Temp\Smartbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
Ordner Gelöscht : C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\SwvUpdater
Ordner Gelöscht : C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\PackageAware
Ordner Gelöscht : C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\Smartbar
Ordner Gelöscht : C:\Programme\DomaIQ Uninstaller
Ordner Gelöscht : C:\Programme\Optimizer Pro
Ordner Gelöscht : C:\Programme\SweetIM

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\a2dfd9e735be46
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gelöscht : HKCU\Software\IB Updater
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Web Assistant
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\a2dfd9e735be46
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\Software\DomaIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\TENCENT
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=bndlr&chnl=bndlr&cd=2XzutAtN2Y1L1QzutDtDtBtCzyyBzy0ByByEzy0E0Czy0ByBtN0D0TzutBtDtCtBtDyBtCyD&cr=987554263 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [11761 octets] - [25/05/2013 18:57:08]

########## EOF - C:\AdwCleaner[S1].txt - [11822 octets] ##########
--- --- ---

markusg 25.05.2013 18:19
Neustarten bitte.
Hitman Pro - Download - Filepony

Hitmanpro laden, doppelklicken.
Auf scan klicken.
Dann nichts löschen, auf Log speichern, bzw als xml exportieren, dieses dann posten, bzw packen und anhängen

krefelder1 25.05.2013 18:40
es wurden keine bedrohungen gefunden stand da, ich hab zweimal weiter geklickt, jetzt steht da schliessen

markusg 25.05.2013 18:42
ok, neustarten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

krefelder1 25.05.2013 19:02
OTL Logfile:
Code:
OTL logfile created on: 25.05.2013 19:49:48 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Selma\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,10% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 75,82 Gb Free Space | 81,39% Space Free | Partition Type: NTFS
Drive D: | 83,38 Gb Total Space | 14,94 Gb Free Space | 17,91% Space Free | Partition Type: NTFS
Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: YENER | User Name: Tarik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Selma\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\cbee94ec6a0fe649e3b4643cea6e1259\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3198.30359__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3198.30363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3198.30341__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3198.30366__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3198.30473__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3198.30443__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3198.30418__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3198.30351__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3198.30507__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3198.30508__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3198.30351__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3198.30365__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3198.30364__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3198.30451__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3198.30452__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3198.30450__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3198.30533__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3198.30531__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3198.30422__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3198.30464__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3198.30421__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3198.30368__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3198.30354__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3198.30367__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3198.30437__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3198.30373__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3198.30436__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3198.30413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3198.30420__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3198.30418__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3198.30420__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3198.30440__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3198.30346_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3198.30487_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3198.30523__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3198.30537__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3198.30335__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3198.30487__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3198.30358__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3198.30497__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3198.30338__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3198.30494__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3198.30340__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3198.30346__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3198.30339__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3198.30337__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3198.30496__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3198.30336__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (LVRS) -- system32\DRIVERS\lvrs.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (zghsmdm) -- C:\WINDOWS\system32\drivers\zghsmdm.sys (ZTE Incorporated)
DRV - (massfilter_hs) -- C:\WINDOWS\system32\drivers\massfilter_hs.sys (HandSet Incorporated)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (cmpci) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{77BEC163-D389-42c1-91A4-C758846296A5}: C:\Programme\Video downloader\Firefox
 
[2013.05.07 20:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 19:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.12 19:32:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\BearShareWebSearch.xml
 
O1 HOSTS File: ([2013.05.24 02:28:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre7\bin\jusched.exe" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367951915296 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} MSN Games - Free Online Games (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8148B82B-35C9-4FB5-95F6-2F977E7B358A}: DhcpNameServer = 192.168.0.1 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8CA466C-02F5-46C7-8BEA-5D7902FD2754}: DhcpNameServer = 192.168.0.1 192.168.0.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.15 23:25:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "wscsvc"
MsConfig - Services: "wuauserv"
MsConfig - Services: "Netlogon"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.25 19:47:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Selma\Desktop\OTL.exe
[2013.05.25 19:33:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.25 18:51:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Selma\Recent
[2013.05.25 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2013.05.25 17:44:54 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2013.05.25 14:54:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.25 14:44:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Malwarebytes
[2013.05.25 14:44:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.25 14:44:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.25 14:44:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.25 14:44:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.24 07:03:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.24 02:22:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.05.24 02:21:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.24 02:21:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.24 02:21:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.24 02:21:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.24 02:21:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.24 02:20:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.24 02:20:31 | 005,070,388 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Selma\Desktop\ComboFix.exe
[2013.05.24 02:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.07 21:04:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Avira
[2013.05.07 20:58:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.05.07 20:57:56 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.05.07 20:57:52 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.07 20:57:52 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.07 20:57:52 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.07 20:57:52 | 000,000,000 | ---D | C] -- C:\Programme\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.25 19:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Selma\Desktop\OTL.exe
[2013.05.25 19:45:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.25 19:44:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.25 19:43:59 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2013.05.25 19:27:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.25 18:55:48 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Desktop\adwcleaner.exe
[2013.05.25 18:38:39 | 000,017,571 | ---- | M] () -- C:\Dokumente und Einstellungen\Selma\Desktop\asdsdf.odt
[2013.05.25 18:36:54 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.05.25 17:44:56 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.05.25 14:44:41 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.24 02:33:11 | 000,494,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.24 02:33:10 | 000,517,264 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.24 02:33:10 | 000,101,294 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.24 02:33:10 | 000,084,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.24 02:28:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.24 02:22:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.05.24 02:16:54 | 005,070,388 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Selma\Desktop\ComboFix.exe
[2013.05.24 01:54:19 | 000,000,020 | ---- | M] () -- C:\GINA.TEXT
[2013.05.24 01:54:08 | 000,000,041 | ---- | M] () -- C:\WLANCUGINA.TEXT
[2013.05.15 19:34:41 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.07 20:58:56 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.05.07 20:57:26 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.07 20:57:26 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.07 20:57:26 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.07 20:57:26 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.25 18:55:48 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Desktop\adwcleaner.exe
[2013.05.25 18:38:38 | 000,017,571 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Desktop\asdsdf.odt
[2013.05.25 18:36:54 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.05.25 18:36:54 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.05.25 18:32:09 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.25 17:44:56 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.05.25 14:44:41 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.24 02:22:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013.05.24 02:22:22 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.05.24 02:21:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.24 02:21:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.24 02:21:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.24 02:21:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.24 02:21:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.07 20:58:56 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.07.19 12:43:09 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Selma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.19 12:40:36 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
[2012.02.27 13:57:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
========== ZeroAccess Check ==========
 
[2008.12.23 23:29:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.08.16 21:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3A8C
[2012.01.28 01:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2012.01.28 01:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2013.05.25 19:43:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2012.04.04 08:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2013.05.24 01:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\CallingID
[2009.07.29 20:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Leadertech
[2009.06.12 19:43:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\MSNInstaller
[2012.09.20 20:48:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\Octoshape
[2008.12.30 23:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\OpenOffice.org
[2013.05.25 18:26:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Selma\Anwendungsdaten\player
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.08.22 03:01:25 | 000,000,000 | ---D | M] -- C:\23c526b05163ef159e7203f3
[2010.08.13 23:41:37 | 000,000,000 | ---D | M] -- C:\70bd98718451df19be
[2008.12.29 21:34:19 | 000,000,000 | ---D | M] -- C:\ATI
[2013.05.24 02:22:26 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2013.05.24 00:03:47 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.05.25 18:37:17 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008.12.15 23:25:27 | 000,000,000 | ---D | M] -- C:\DELL
[2008.12.15 23:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2013.05.25 18:57:14 | 000,000,000 | R--D | M] -- C:\Programme
[2013.05.24 02:36:27 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.05.25 14:54:40 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2013.05.14 10:51:05 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.05.25 18:53:03 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2013.05.24 07:03:31 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2008.12.15 23:23:01 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.12.15 23:28:32 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.05.25 18:32:09 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2004.08.04 12:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.12.23 23:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.12.23 23:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 12:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.12.23 23:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.12.23 23:26:37 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 12:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.02.12 21:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\dell\iastor\iastor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATABUS.SYS  >
[2006.03.17 02:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 12:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 12:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 12:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.09.16 01:15:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.09.16 01:15:03 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.09.16 01:15:03 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.05.25 19:43:14 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\Selma\NTUSER.DAT
[2013.05.25 19:55:03 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Selma\ntuser.dat.LOG
[2013.05.25 19:43:13 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Selma\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >

< End of report >
--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 25.05.2013 19:49:48 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Selma\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,10% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,16 Gb Total Space | 75,82 Gb Free Space | 81,39% Space Free | Partition Type: NTFS
Drive D: | 83,38 Gb Total Space | 14,94 Gb Free Space | 17,91% Space Free | Partition Type: NTFS
Drive E: | 9,76 Gb Total Space | 9,76 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: YENER | User Name: Tarik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Steam\SteamApps\tarik2404\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\tarik2404\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\ceytey\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\ceytey\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Veetle\Player\VeetleNet.exe" = C:\Programme\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Programme\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Programme\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"C:\Programme\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Programme\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Netzwerkkommunikator -- (Hewlett-Packard Co.)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\WINDOWS\system32\ARFC\wrtc.exe" = C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B960E43-42B1-D958-12B6-88A3DEF7CEFB}" = CCC Help Japanese
"{0E9ABDEF-5FAC-B171-C484-67DB5730AC69}" = Catalyst Control Center Localization French
"{10909ECB-4E5C-3741-92D8-892CE6DF45ED}" = CCC Help Chinese Traditional
"{11AD7C3D-84A5-36B7-85E5-24C0546AA508}" = Catalyst Control Center Localization Korean
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{1EF3E59B-1E0A-4CD8-29FE-D18216F773E1}" = Catalyst Control Center Localization Japanese
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25117F80-C687-9C3D-53F3-B33397486604}" = Catalyst Control Center Localization Chinese Standard
"{25F877A7-ED17-B24D-4F5F-5EAC45F1CB3F}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2E2800AA-65C8-8B98-615C-15A891B213A6}" = Skins
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33589109-2893-02A4-216C-B1F538E00542}" = CCC Help Danish
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40B40866-E5DE-C3B9-FDEC-5CB2F457F97B}" = Catalyst Control Center Localization Norwegian
"{48B02CEE-FB3A-2147-659E-C3A7D6974615}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D277E7B-3E3A-F455-D222-877908905C08}" = ccc-utility
"{531FCCC2-D389-8177-E201-64A76B219D41}" = CCC Help Spanish
"{5509B2D4-6C8C-5802-098F-731ACB2C7EBC}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58C73513-84AC-F0B9-88D2-8350D855CF1F}" = ccc-core-preinstall
"{591BAE63-9979-D115-F4FC-99C34037660F}" = CCC Help Norwegian
"{5DAC0EA2-CB68-0367-B4AD-3D57D7ED545F}" = Catalyst Control Center Localization German
"{5F442BE2-6141-F63E-12A4-6AD73F502D3A}" = CCC Help Korean
"{615D2326-4764-3A33-B528-4A304027C73F}" = Catalyst Control Center Localization Chinese Traditional
"{67A96F7B-3E01-3853-2A5C-46614643CB0E}" = CCC Help Greek
"{6868DA9B-C852-A391-38CA-987F24DC50FE}" = CCC Help French
"{6BC89022-8D15-9867-6883-188537717B4E}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{718C7413-EA42-B1C3-2DEB-8E374F39D37B}" = Catalyst Control Center Localization Turkish
"{7543D36E-0E26-F4C7-81C6-8AA1FFC1D91B}" = CCC Help Russian
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D437ED-9F01-B734-1A42-AEDE9C7A2AC3}" = Catalyst Control Center Localization Greek
"{7B80C74C-A860-C000-B482-BEE262AC119C}" = Catalyst Control Center Localization Swedish
"{7E26A397-AE75-8561-0035-25B4452CE710}" = Catalyst Control Center Localization Portuguese
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85F4FFFE-F46A-6515-F91A-C6ECD506360D}" = CCC Help Finnish
"{86091ED2-9AEC-EC3C-9D52-1DF74BC7A046}" = CCC Help Turkish
"{874D18FD-E184-33C0-C9BF-39CBA129E4E0}" = CCC Help Czech
"{896DA477-E765-21A4-CAD0-3DEA1CA1A7C7}" = Catalyst Control Center Localization Spanish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BA5295E-6620-BD6A-2162-6938987663DE}" = Catalyst Control Center Localization Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DFD641-39A3-B514-DA6E-09721D8AF212}" = CCC Help Polish
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A20D14F-C231-7C30-3351-67B45FA291D0}" = Catalyst Control Center Graphics Previews Common
"{9D066891-BAC6-69FD-3748-F9605D534EB2}" = CCC Help English
"{9EA28F86-CEB6-4CCB-4237-B28B3E9D3E28}" = Catalyst Control Center Core Implementation
"{9F80638E-49AB-EA41-600B-73C2AF557F75}" = CCC Help Italian
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A89E61C1-F94D-8B2F-528D-30A89646BE2C}" = Catalyst Control Center Localization Thai
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABE460CC-827E-38E4-81CA-7453EC054417}" = Catalyst Control Center Localization Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF860F85-54A3-4A28-879B-BF9E6E325776}" = QuickShare
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B8CA75DA-BE9F-AD69-785B-46FC8DA2A68A}" = Catalyst Control Center Localization Russian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C215CAC9-AF8A-58EA-1C1E-FD3624C44F4F}" = Catalyst Control Center Graphics Full Existing
"{C328473B-FE2A-0056-C630-BDB551375B57}" = CCC Help Hungarian
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA200E8-F2D7-AA05-82FE-03DE0BE895F9}" = CCC Help Swedish
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D176C249-CC54-2EC8-771F-85F43C86CC14}" = Catalyst Control Center Graphics Full New
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
"{D64894E9-63FD-8902-C0EA-480CA8FD879F}" = CCC Help Portuguese
"{D7B05732-0914-1199-69D7-1BA5B5E26195}" = Catalyst Control Center Localization Italian
"{D7D41A3D-66F1-C862-6B6E-047F118CEC30}" = Catalyst Control Center Localization Polish
"{DA847F4E-E30F-00A4-3A19-789FD91A9294}" = Catalyst Control Center Localization Czech
"{DD938153-4D70-5949-0570-AC7E6F0C537E}" = Catalyst Control Center Localization Finnish
"{DEE7D279-C395-604E-CC66-99195310CA9A}" = CCC Help Chinese Standard
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{F00516E3-3CC6-85B8-E3EB-78BE10FC7775}" = Catalyst Control Center Localization Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = LevelOne WNC-0301
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FB2E3023-687C-9B8A-9ACD-582E5379EF3B}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"FusionSoft DVD Player XP_is1" = FusionSoft DVD Player XP Version 4.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = LevelOne WNC-0301
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Driver" = PCI Audio Driver
"Veetle TV" = Veetle TV
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.05.2013 13:37:14 | Computer Name = YENER | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
Error - 15.05.2013 17:23:56 | Computer Name = YENER | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 15.05.2013 17:29:30 | Computer Name = YENER | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 15.05.2013 17:29:34 | Computer Name = YENER | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 15.05.2013 17:50:53 | Computer Name = YENER | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 23.05.2013 20:03:52 | Computer Name = YENER | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 23.05.2013 20:03:52 | Computer Name = YENER | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 25.05.2013 08:54:58 | Computer Name = YENER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.75.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.05.2013 08:55:59 | Computer Name = YENER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.75.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.05.2013 08:56:03 | Computer Name = YENER | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.75.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 25.05.2013 12:40:07 | Computer Name = YENER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet:  %%2
 
Error - 25.05.2013 12:52:13 | Computer Name = YENER | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.13 für die Netzwerkkarte mit der Netzwerkadresse
 00116B6382B1 wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 12:52:13 | Computer Name = YENER | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.12 für die Netzwerkkarte mit der Netzwerkadresse
 0021979B749E wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 12:52:21 | Computer Name = YENER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet:  %%2
 
Error - 25.05.2013 12:59:13 | Computer Name = YENER | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.12 für die Netzwerkkarte mit der Netzwerkadresse
 0021979B749E wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 12:59:13 | Computer Name = YENER | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.13 für die Netzwerkkarte mit der Netzwerkadresse
 00116B6382B1 wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 12:59:20 | Computer Name = YENER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet:  %%2
 
Error - 25.05.2013 13:36:11 | Computer Name = YENER | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 25.05.2013 13:44:01 | Computer Name = YENER | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.12 für die Netzwerkkarte mit der Netzwerkadresse
 0021979B749E wurde durch  den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.05.2013 13:44:07 | Computer Name = YENER | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet:  %%2
 
 
< End of report >
--- --- ---

markusg 28.05.2013 09:42
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=0c3d794b-0929-400a-b646-0f8c391b8ae7&searchtype=ds&q={searchTerms}&installDate=09/04/2013
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2000478354-515967899-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre7\bin\jusched.exe" File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131