Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


Plagegeister aller Art und deren Bekämpfung: Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.02.2012, 18:19   #1
ncls
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


Hallo Forum,

ich habe den Zbot-Trojaner auf dem Laptop. Entdeckt hat es Microsoft Security Essentials. Wie in hxxp://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot beschrieben war eine exe-Datei mit Zufallsnamen in /AppData/Roaming/Ygep/uhop.exe. Die habe ich entfernt und den Eintrag im regedit auch, dann Neustart. Der Virenscan findet jetzt keinen Zbot mehr... Wie in hxxp://www.gaijin.at/mantrojan.php beschrieben, habe ich im Cmd-Window mit netstat -a die Verbindungen überprüft. Einige werden 'abgehört'.


1. Ist das ein eindeutiges Indiz dafür, dass der Trojaner noch nicht entfernt ist (weil schon Windows-Code infiziert ist)??? Oder kommt das unter Windows 7 eben vor? Echt ein beschissenes Gefühl, dass alles was man im Internet tut, abgehört wird...
2. Ich habe uhop.exe von Hand gelöscht vor dem Neustart. Hätte MSE auch infizierten Code detektiert und entfernt?!?
3. Aufgrund der Tatsache, dass der Virenscan grünes Licht gibt, der Trojaner aber (je nach eurer Antwort) noch da ist: Ist der einzige Ausweg, das System neu zu installieren???

Vielen Dank (vielen Dank für die Antworten (vor allem Frage drei))

Niclas

Alt 01.03.2012, 21:07   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 18.04.2012, 21:11   #3
ncls
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


OK, vielen Dank. Ich hab es endlich geschafft... Laptop ewig nicht mehr angeschalten... Hier der Malwarebyte-Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.18.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Niclas :: NICLAS-PC [Administrator]

Schutz: Aktiviert

18.04.2012 17:54:42
mbam-log-2012-04-18 (17-54-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469908
Laufzeit: 2 Stunde(n), 50 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET-Log füge ich später in diese Nachricht hier ein...

OK, hier der ESET-Log
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=266b6517c127aa43a06c64fa93cd9ca0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-19 12:56:04
# local_time=2012-04-19 02:56:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 100 94 33989023 87219991 0 0
# compatibility_mode=8192 67108863 100 0 680 680 0 0
# scanned=287763
# found=0
# cleaned=0
# scan_time=15716
Also das sieht ja (für meine Begriffe) sehr gut aus. Aber irgendwie trau ich dem nicht, weil beim cmd-Befehl netstat -a immernoch viele Verbindungen abgehört werden. Woher kommt dieses Verhalten?

Ein Trojaner wurde von Microsoft Security Essentials entfernt. Er wurde beschrieben als Malware, die hier auf dem Rechner Malware erzeugt. Wird diese neu erzeugte Malware auch von MBAM und ESET erkannt (schließlich stehen die wahrscheinlich in keiner der Viren-Signaturen, nach denen die beiden Programme suchen)?!? Wenn ja, dann muss ja jetzt alles sauber sein. Wenn nein, dann mach ich Windows7 besser neu drauf...

Was sagt der Fachmann??? Vielen herzlichen Dank.

Niclas

__________________________________________________
Edit:
Ich hab in einem anderen Thread hier im Forum gesehen, dass selbst nach einer 'Entwarnung' von MBAM und ESET die Anwendung OTL ausgeführt werden sollte. Das habe ich gemacht. In dem Log hier wurde mit Datei-Alter 30 Tage gesucht.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.04.2012 08:44:10 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = D:\Niclas\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,08% Memory free
3,98 Gb Paging File | 2,90 Gb Available in Paging File | 72,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,31 Gb Total Space | 20,76 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
Drive D: | 74,97 Gb Total Space | 47,13 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
Drive E: | 24,75 Gb Total Space | 16,12 Gb Free Space | 65,13% Space Free | Partition Type: NTFS
 
Computer Name: NICLAS-PC | User Name: Niclas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.19 08:40:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Niclas\Downloads\OTL.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.09 19:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.21 23:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011.10.21 23:47:04 | 000,743,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011.10.21 23:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011.10.21 23:47:02 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- E:\Treiber\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.08 14:50:02 | 000,542,264 | ---- | M] (Google) -- E:\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.29 18:17:28 | 004,470,600 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.08.11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.03.27 15:46:58 | 000,249,856 | R--- | M] (Teleca Sweden AB) -- E:\Sony Ericsson\PC Suite\Sync Manager\SyncIndicator.exe
PRC - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.03.02 11:55:24 | 000,634,947 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
PRC - [2006.03.02 11:54:16 | 000,290,816 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 23:46:12 | 000,051,848 | ---- | M] () -- E:\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- E:\Treiber\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.05.21 18:33:22 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.03.27 15:46:56 | 000,012,800 | R--- | M] () -- E:\Sony Ericsson\PC Suite\Sync Manager\SyncEngineAppps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.09 19:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.02 13:43:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.10.21 23:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- E:\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011.10.21 23:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- E:\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.04.19 07:25:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCCC6FCE-72D7-4CAC-8EEF-0F585E763B74}\MpKsl8fe3de76.sys -- (MpKsl8fe3de76)
DRV - [2011.10.21 23:46:56 | 000,185,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011.10.21 23:46:54 | 000,043,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011.10.21 23:46:48 | 000,017,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.10.21 23:46:46 | 000,039,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 17:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.07.29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.05.10 23:47:48 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.09.11 06:24:16 | 000,172,928 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009.07.16 11:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2006.11.07 11:32:00 | 000,046,976 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPKBCCID.sys -- (HPKBCCID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://meindepot.sbroker.de/mainframeset.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EC 7A F2 6D 6E CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.http: "184.73.39.100"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Firefox\components [2012.02.20 08:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.05.13 15:28:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Firefox\components [2012.02.20 08:47:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Firefox\plugins [2011.05.13 15:28:30 | 000,000,000 | ---D | M]
 
[2009.11.27 13:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niclas\AppData\Roaming\mozilla\Extensions
[2012.02.27 22:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions
[2011.01.31 20:05:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.24 13:19:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 09:53:17 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\DeviceDetection@logitech.com
[2012.01.17 14:49:58 | 000,001,853 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\d4rbktpd.default\searchplugins\idealode.xml
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\{E3631030-7C02-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EaseUs Tray] E:\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] E:\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [EvtMgr6] E:\Treiber\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] E:\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] E:\fwupdate.exe (BL)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Suite for Smartphones] E:\Sony Ericsson\PC Suite\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] E:\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] E:\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [mRouterConfig] C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
O4 - HKCU..\Run: [TwoFingerScroll] D:\Treiber\Two-Finger-Scroll\TwoFingerScroll.exe ()
O4 - Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = E:\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25EA19F3-B43E-4CBF-AA2D-CFA82DBDD0F0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC0B04C-E7D2-4B16-9E2A-CBF42A6BB11F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.18 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\Niclas\AppData\Roaming\Malwarebytes
[2012.04.18 17:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.06 17:57:40 | 000,000,000 | ---D | C] -- D:\Niclas\Eigene Dokumente\LinuxDistros
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.19 08:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.19 08:01:13 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.04.19 03:33:52 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 03:33:52 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 03:31:28 | 000,699,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.19 03:31:28 | 000,654,488 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.19 03:31:28 | 000,149,374 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.19 03:31:28 | 000,122,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.19 03:26:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.19 03:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.19 03:25:34 | 1602,711,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 15:57:36 | 000,448,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 16:33:25 | 000,043,656 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011.12.28 16:20:33 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.12.28 16:20:32 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.12.28 16:20:31 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.12.28 16:20:31 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.12.28 16:20:31 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.05.10 13:48:22 | 000,000,017 | ---- | C] () -- C:\Users\Niclas\AppData\Roaming\SYS386LT.DAT
[2011.05.10 13:45:20 | 000,000,005 | ---- | C] () -- C:\Users\Niclas\AppData\Roaming\LZ1CPROT
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.02 11:08:25 | 000,000,019 | ---- | C] () -- C:\Windows\rocksoft.ini
[2011.01.26 17:36:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.06.13 20:15:04 | 000,019,456 | ---- | C] () -- C:\Users\Niclas\AppData\Local\WebpageIcons.db
[2010.06.11 00:27:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.28 17:57:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.04.19 03:27:21 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Dropbox
[2011.01.31 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.17 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\gtk-2.0
[2011.11.14 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Imaxel
[2011.11.25 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Leadertech
[2011.06.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Lohninfo2011
[2012.02.28 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Pidy
[2012.02.29 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Qawy
[2011.02.02 11:10:32 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Rockwell Software
[2011.06.28 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\TeamViewer
[2010.10.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Teleca
[2010.11.12 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Tracker Software
[2011.02.28 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Vensim
[2011.06.29 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Win LohnInfo
[2012.04.19 08:01:13 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2011.08.25 14:08:47 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.07 12:59:11 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Adobe
[2011.05.25 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Apple Computer
[2010.09.14 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Corel
[2010.05.06 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\CyberLink
[2010.12.21 11:26:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Download Manager
[2012.04.19 03:27:21 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Dropbox
[2012.01.08 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\dvdcss
[2011.01.31 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.17 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\gtk-2.0
[2009.11.26 05:45:07 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Identities
[2011.11.14 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Imaxel
[2011.11.25 09:47:29 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\InstallShield
[2011.11.25 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Leadertech
[2011.11.25 10:09:28 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Logishrd
[2011.11.25 10:09:09 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Logitech
[2011.06.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Lohninfo2011
[2009.11.27 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Macromedia
[2012.04.18 17:53:10 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Malwarebytes
[2009.12.26 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MathematicaPlayer
[2009.12.04 22:32:58 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MathWorks
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Media Center Programs
[2012.01.04 16:09:10 | 000,000,000 | --SD | M] -- C:\Users\Niclas\AppData\Roaming\Microsoft
[2010.12.19 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Microsoft Corporation
[2010.06.14 17:13:25 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MiKTeX
[2009.11.27 13:31:53 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Mozilla
[2009.12.07 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Nero
[2012.02.28 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Pidy
[2012.02.29 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Qawy
[2011.02.02 11:10:32 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Rockwell Software
[2012.02.29 12:38:24 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Skype
[2012.02.29 09:11:50 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\SkypePM
[2010.10.21 00:50:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Sony Ericsson
[2011.06.28 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\TeamViewer
[2010.10.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Teleca
[2010.11.12 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Tracker Software
[2011.02.28 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Vensim
[2012.04.06 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\vlc
[2011.12.23 02:33:01 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\VMware
[2011.06.29 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Win LohnInfo
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.25 10:23:47 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Niclas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\cyrename.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe
[2009.09.23 16:47:53 | 001,234,944 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkmlsmf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
--- --- ---
__________________
Alt 19.04.2012, 08:56   #4
ncls
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


__________________________________________________
Edit:
Ich hab in einem anderen Thread hier im Forum (http://www.trojaner-board.de/106264-...-entfernt.html) gesehen, dass selbst nach einer 'Entwarnung' von MBAM und ESET die Anwendung OTL ausgeführt werden sollte. Das habe ich gemacht, auch weil ich noch etwas misstrauisch bin, was diesen kack Trojaner angeht... (Wer programmiert sowas?!?). Ich vermute z. Bsp. auch, dass mir in den Firefoxeinstellungen was verändert wurde. Dort war zum Beispiel ein komische PRoxy-Adresse eingetragen und deshalb konnte Firefox keine Seiten laden. (Die Proxy-Adresse wird im Log ersichtlich, ich hab die Einstellung jetzt auf automatisch geändert und es funktioniert. (Das nur als Erklärung, warum ich noch misstrauisch bin...)). Es wurde ein Custom-Scan mit
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
gemacht, wie im anderen Thread beschrieben.

Hier das OTL Logfile (Datei-Alter 30 Tage):
Code:
ATTFilter
OTL logfile created on: 19.04.2012 08:44:10 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = D:\Niclas\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,08% Memory free
3,98 Gb Paging File | 2,90 Gb Available in Paging File | 72,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,31 Gb Total Space | 20,76 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
Drive D: | 74,97 Gb Total Space | 47,13 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
Drive E: | 24,75 Gb Total Space | 16,12 Gb Free Space | 65,13% Space Free | Partition Type: NTFS
 
Computer Name: NICLAS-PC | User Name: Niclas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.19 08:40:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Niclas\Downloads\OTL.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.09 19:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.21 23:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011.10.21 23:47:04 | 000,743,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011.10.21 23:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011.10.21 23:47:02 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- E:\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- E:\Treiber\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.09.09 18:09:37 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.08 14:50:02 | 000,542,264 | ---- | M] (Google) -- E:\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.29 18:17:28 | 004,470,600 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.08.11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- E:\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.03.27 15:46:58 | 000,249,856 | R--- | M] (Teleca Sweden AB) -- E:\Sony Ericsson\PC Suite\Sync Manager\SyncIndicator.exe
PRC - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.03.02 11:55:24 | 000,634,947 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
PRC - [2006.03.02 11:54:16 | 000,290,816 | ---- | M] (Intuwave Ltd.) -- C:\Programme\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 23:46:12 | 000,051,848 | ---- | M] () -- E:\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- E:\Treiber\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.05.21 18:33:22 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.03.27 15:46:56 | 000,012,800 | R--- | M] () -- E:\Sony Ericsson\PC Suite\Sync Manager\SyncEngineAppps.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.09 19:06:13 | 002,983,808 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.02 13:43:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.10.21 23:47:12 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- E:\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011.10.21 23:47:04 | 000,060,552 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- E:\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012.04.19 07:25:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCCC6FCE-72D7-4CAC-8EEF-0F585E763B74}\MpKsl8fe3de76.sys -- (MpKsl8fe3de76)
DRV - [2011.10.21 23:46:56 | 000,185,480 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011.10.21 23:46:54 | 000,043,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011.10.21 23:46:48 | 000,017,032 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.10.21 23:46:46 | 000,039,560 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 17:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.07.29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.05.10 23:47:48 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.01.20 06:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.09.11 06:24:16 | 000,172,928 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009.07.16 11:20:26 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2006.11.07 11:32:00 | 000,046,976 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HPKBCCID.sys -- (HPKBCCID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://meindepot.sbroker.de/mainframeset.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F EC 7A F2 6D 6E CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="
FF - prefs.js..network.proxy.http: "184.73.39.100"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: E:\Firefox\components [2012.02.20 08:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.05.13 15:28:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: E:\Firefox\components [2012.02.20 08:47:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: E:\Firefox\plugins [2011.05.13 15:28:30 | 000,000,000 | ---D | M]
 
[2009.11.27 13:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niclas\AppData\Roaming\mozilla\Extensions
[2012.02.27 22:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions
[2011.01.31 20:05:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.24 13:19:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.25 09:53:17 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Niclas\AppData\Roaming\mozilla\Firefox\Profiles\d4rbktpd.default\extensions\DeviceDetection@logitech.com
[2012.01.17 14:49:58 | 000,001,853 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\d4rbktpd.default\searchplugins\idealode.xml
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\{E3631030-7C02-11DA-A72B-0800200C9A66}.XPI
() (No name found) -- C:\USERS\NICLAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D4RBKTPD.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [EaseUs Tray] E:\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] E:\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [EvtMgr6] E:\Treiber\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] E:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] E:\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] E:\fwupdate.exe (BL)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Suite for Smartphones] E:\Sony Ericsson\PC Suite\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] E:\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] E:\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [mRouterConfig] C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe (Intuwave Ltd.)
O4 - HKCU..\Run: [TwoFingerScroll] D:\Treiber\Two-Finger-Scroll\TwoFingerScroll.exe ()
O4 - Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Niclas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = E:\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25EA19F3-B43E-4CBF-AA2D-CFA82DBDD0F0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC0B04C-E7D2-4B16-9E2A-CBF42A6BB11F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.18 22:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.18 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\Niclas\AppData\Roaming\Malwarebytes
[2012.04.18 17:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.06 17:57:40 | 000,000,000 | ---D | C] -- D:\Niclas\Eigene Dokumente\LinuxDistros
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.19 08:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.19 08:01:13 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.04.19 03:33:52 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 03:33:52 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.19 03:31:28 | 000,699,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.19 03:31:28 | 000,654,488 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.19 03:31:28 | 000,149,374 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.19 03:31:28 | 000,122,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.19 03:26:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.19 03:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.19 03:25:34 | 1602,711,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 15:57:36 | 000,448,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 16:33:25 | 000,043,656 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2011.12.28 16:20:33 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.12.28 16:20:32 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.12.28 16:20:31 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.12.28 16:20:31 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.12.28 16:20:31 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.05.10 13:48:22 | 000,000,017 | ---- | C] () -- C:\Users\Niclas\AppData\Roaming\SYS386LT.DAT
[2011.05.10 13:45:20 | 000,000,005 | ---- | C] () -- C:\Users\Niclas\AppData\Roaming\LZ1CPROT
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.02 11:08:25 | 000,000,019 | ---- | C] () -- C:\Windows\rocksoft.ini
[2011.01.26 17:36:35 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.06.13 20:15:04 | 000,019,456 | ---- | C] () -- C:\Users\Niclas\AppData\Local\WebpageIcons.db
[2010.06.11 00:27:58 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.05.28 17:57:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.04.19 03:27:21 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Dropbox
[2011.01.31 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.17 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\gtk-2.0
[2011.11.14 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Imaxel
[2011.11.25 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Leadertech
[2011.06.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Lohninfo2011
[2012.02.28 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Pidy
[2012.02.29 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Qawy
[2011.02.02 11:10:32 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Rockwell Software
[2011.06.28 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\TeamViewer
[2010.10.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Teleca
[2010.11.12 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Tracker Software
[2011.02.28 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Vensim
[2011.06.29 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Win LohnInfo
[2012.04.19 08:01:13 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2011.08.25 14:08:47 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.07 12:59:11 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Adobe
[2011.05.25 13:45:41 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Apple Computer
[2010.09.14 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Corel
[2010.05.06 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\CyberLink
[2010.12.21 11:26:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Download Manager
[2012.04.19 03:27:21 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Dropbox
[2012.01.08 14:29:57 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\dvdcss
[2011.01.31 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.17 21:51:40 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\gtk-2.0
[2009.11.26 05:45:07 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Identities
[2011.11.14 22:59:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Imaxel
[2011.11.25 09:47:29 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\InstallShield
[2011.11.25 10:23:48 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Leadertech
[2011.11.25 10:09:28 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Logishrd
[2011.11.25 10:09:09 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Logitech
[2011.06.29 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Lohninfo2011
[2009.11.27 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Macromedia
[2012.04.18 17:53:10 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Malwarebytes
[2009.12.26 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MathematicaPlayer
[2009.12.04 22:32:58 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MathWorks
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Media Center Programs
[2012.01.04 16:09:10 | 000,000,000 | --SD | M] -- C:\Users\Niclas\AppData\Roaming\Microsoft
[2010.12.19 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Microsoft Corporation
[2010.06.14 17:13:25 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\MiKTeX
[2009.11.27 13:31:53 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Mozilla
[2009.12.07 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Nero
[2012.02.28 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Pidy
[2012.02.29 16:17:42 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Qawy
[2011.02.02 11:10:32 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Rockwell Software
[2012.02.29 12:38:24 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Skype
[2012.02.29 09:11:50 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\SkypePM
[2010.10.21 00:50:56 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Sony Ericsson
[2011.06.28 20:35:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\TeamViewer
[2010.10.21 01:16:30 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Teleca
[2010.11.12 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Tracker Software
[2011.02.28 00:57:33 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Vensim
[2012.04.06 18:39:14 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\vlc
[2011.12.23 02:33:01 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\VMware
[2011.06.29 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Niclas\AppData\Roaming\Win LohnInfo
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Niclas\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.25 10:23:47 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Niclas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\cyrename.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe
[2009.09.23 16:47:53 | 001,234,944 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkmlsmf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe
[2010.04.17 22:20:34 | 000,022,528 | ---- | M] () -- C:\Users\Niclas\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
--- --- ---

sorry für den doppel-Post... Wenn ich könnte, würde ich es ja ändern.

Alt 19.04.2012, 09:14   #5
ncls
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


Hallo, ich hab von dem OTL noch das Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 19.04.2012 08:44:10 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = D:\Niclas\Downloads
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,08% Memory free
3,98 Gb Paging File | 2,90 Gb Available in Paging File | 72,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 49,31 Gb Total Space | 20,76 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
Drive D: | 74,97 Gb Total Space | 47,13 Gb Free Space | 62,87% Space Free | Partition Type: NTFS
Drive E: | 24,75 Gb Total Space | 16,12 Gb Free Space | 65,13% Space Free | Partition Type: NTFS
 
Computer Name: NICLAS-PC | User Name: Niclas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47961301-9266-43CA-8107-31C4B7D41031}" = SecurDisc Viewer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5754AB15-F61B-4B9B-91AA-E286F55CFA8B}" = PDF-XChange Viewer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9FEDC9A3-C4B5-4D45-8E9D-63477E251031}" = InCD Reader
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArgoUML" = ArgoUML 0.34
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"CDex" = CDex extraction audio
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"dm Digi Foto" = dm Digi Foto
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Google Calendar Sync" = Google Calendar Sync
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"Lenovo EasyCamera" = Lenovo EasyCamera
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TubeMaster++" = TubeMaster++ 2.5
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinPcapInst" = WinPcap 4.1.2
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Miners4k" = Miners4k
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Structorizer" = Structorizer
"The MathWorks Download Agent" = The MathWorks Download Agent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2012 12:17:59 | Computer Name = Niclas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msseces.exe, Version: 2.1.1116.0,
 Zeitstempel: 0x4df92ebd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012af5  ID des fehlerhaften
 Prozesses: 0x1690  Startzeit der fehlerhaften Anwendung: 0x01ccee58dee1869c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Security Client\msseces.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1d15bfec-5a4c-11e1-98f4-0c6076e030c5
 
Error - 18.02.2012 14:03:55 | Computer Name = Niclas-PC | Source = VSS | ID = 8194
Description = 
 
Error - 29.02.2012 08:51:01 | Computer Name = Niclas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msseces.exe, Version: 2.1.1116.0,
 Zeitstempel: 0x4df92ebd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000d161  ID des fehlerhaften
 Prozesses: 0x1d04  Startzeit der fehlerhaften Anwendung: 0x01ccf6e0c9903b32  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Security Client\msseces.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 07d2bcc3-62d4-11e1-98f4-0c6076e030c5
 
Error - 29.02.2012 08:52:50 | Computer Name = Niclas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msseces.exe, Version: 2.1.1116.0,
 Zeitstempel: 0x4df92ebd  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000d161  ID des fehlerhaften
 Prozesses: 0x1cac  Startzeit der fehlerhaften Anwendung: 0x01ccf6e10abea973  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Security Client\msseces.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 48b29d9b-62d4-11e1-98f4-0c6076e030c5
 
Error - 29.02.2012 09:18:59 | Computer Name = Niclas-PC | Source = VSS | ID = 8194
Description = 
 
Error - 29.02.2012 19:41:47 | Computer Name = Niclas-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 02.04.2012 16:21:39 | Computer Name = Niclas-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 06.04.2012 10:52:08 | Computer Name = Niclas-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 18.04.2012 15:14:05 | Computer Name = Niclas-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 18.04.2012 21:59:49 | Computer Name = Niclas-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 03.02.2012 21:40:49 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.22  Interface: 192.168.178.22  Metric:
 256
 
Error - 03.02.2012 21:40:49 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 03.02.2012 21:41:23 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.22  Interface: 192.168.178.22  Metric:
 256
 
Error - 03.02.2012 21:41:23 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 03.02.2012 21:42:05 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.22  Interface: 192.168.178.22  Metric:
 256
 
Error - 03.02.2012 21:42:05 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 03.02.2012 21:42:39 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.22  Interface: 192.168.178.22  Metric:
 256
 
Error - 03.02.2012 21:42:39 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
Error - 03.02.2012 21:42:58 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67110872
Description = Failed Route change:  Action: DelRoute  Destination: 192.168.178.255

 Netmask: 255.255.255.255  Gateway: 192.168.178.22  Interface: 192.168.178.22  Metric:
 256
 
Error - 03.02.2012 21:42:58 | Computer Name = Niclas-PC | Source = acvpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
 242 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED 
 
[ Media Center Events ]
Error - 27.01.2012 22:43:28 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 03:43:28 - Fehler beim Herstellen der Internetverbindung.  03:43:28 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.01.2012 22:43:36 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 03:43:33 - Fehler beim Herstellen der Internetverbindung.  03:43:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.01.2012 23:43:41 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 04:43:41 - Fehler beim Herstellen der Internetverbindung.  04:43:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 27.01.2012 23:43:49 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 04:43:46 - Fehler beim Herstellen der Internetverbindung.  04:43:46 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 00:43:55 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 05:43:55 - Fehler beim Herstellen der Internetverbindung.  05:43:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 00:44:03 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 05:44:00 - Fehler beim Herstellen der Internetverbindung.  05:44:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 01:44:08 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 06:44:08 - Fehler beim Herstellen der Internetverbindung.  06:44:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 01:44:16 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 06:44:13 - Fehler beim Herstellen der Internetverbindung.  06:44:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 19:07:47 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 00:07:47 - Fehler beim Herstellen der Internetverbindung.  00:07:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.01.2012 19:07:59 | Computer Name = Niclas-PC | Source = MCUpdate | ID = 0
Description = 00:07:52 - Fehler beim Herstellen der Internetverbindung.  00:07:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 23.07.2011 13:35:10 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 250119
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 16.09.2011 15:45:00 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 152
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2011 17:41:29 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5268
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2011 18:27:28 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2743
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error - 08.11.2011 15:34:26 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26077
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 05.12.2011 07:42:37 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9405
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2011 12:37:34 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 63124
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2011 13:35:18 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3438
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 26.01.2012 18:56:59 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 63
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 06.02.2012 18:34:28 | Computer Name = Niclas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 114458 seconds with 26040 seconds of active time.  This session ended with
 a crash.
 
[ System Events ]
Error - 15.04.2012 12:42:16 | Computer Name = Niclas-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.121.620.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8101.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 15.04.2012 12:42:16 | Computer Name = Niclas-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%860 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.121.620.0     Aktualisierungsquelle: %%851     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x86&eng=2.0.8001.0&sig=11.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Signaturtyp:
 %%801     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\NETZWERKDIENST     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8101.0     Fehlercode: 0x80072ee7     Fehlerbeschreibung: Der
 Servername oder die Serveradresse konnte nicht verarbeitet werden. 
 
Error - 18.04.2012 11:27:04 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 18.04.2012 11:27:39 | Computer Name = Niclas-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 18.04.2012 11:37:34 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 18.04.2012 11:39:35 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Google Update Service (gupdate) erreicht.
 
Error - 18.04.2012 11:39:35 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 18.04.2012 16:27:34 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 18.04.2012 16:27:38 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 18.04.2012 21:26:17 | Computer Name = Niclas-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
Da ist zum Beispiel bei 'Last 10 Event Log Errors' ein Hinweis (bzw. mehrere) ab dem 18.02.2012. msseces.exe (Microsoft Security Client) wird da als fehlerhaft bezeichnet. Am 17.02.2012 ist die Anwendung uhop.exe (so hieß bei mir der Trojaner) entstanden. Es steht datumsmäßig also in unmittelbarem Zusammenhang. Hat der Trojaner msseces.exe verändert???

Ich würde gerne noch einen benutzerdefinierten Scan mit Datei-Alter 90 Tage machen, doch leider schält OTL nach dem Einfügen des Custom Scans und Drücken der Taste 'Quick Scan' das Dateil-Alter automatisch wieder auf 30 Tage zurück. Gibt es da Abhilfe?

Ich merke gerade, dass einige Ordner in der Systempartition im Explorer nicht mehr geöffnet werden können (Zugriff verweigert). Das war eigentlich nie der Fall... Ich schieb mal alles auf den Wurm... Eine kurze Frage: Soll ich einfach gleich Win7 neu drauf machen, dann sparen wir uns alle die tausend Logs etc...??? Oder schaffen die Tools es, alles wieder hin zu biegen?!? Ich vermute ja fast eine Neuinstallation kostet am wenigsten Nerven und Zeit. (Wenn man die Neuinstallation der ganzen Programme nicht mitrechnet...). Aber dann ist es wenigstens 100% sicher.


Alt 19.04.2012, 18:01   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Standard

Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


Hm, haben ESET und MBAM nie was gefunden in der Zwischenzeit? Mein letztes Posting hier in diesem Strang war ja am 1.3. also vor fast drei Wochen

Zitat:
Ein Trojaner wurde von Microsoft Security Essentials entfernt.
Hilft nicht weiter
Wenn es dir nicht ausmacht, klar kannst du auch einfach eine Neuinstallation machen
__________________
--> Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war

Antwort

Themen zu Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war
antworten, entdeck, entfernt, entfernt?, entfernung, erreichbar, forum, frage, gelöscht, gen, infiziert, infizierte, internet, microsoft, microsoft security, netstat, neustart., regedit, scan, security, system, system neu, verbindungen, virenscan, win, win32, win32/zbot, windows 7, wirklich, zbot, zbot-trojaner


« Ihr Windowssystem wurde aus Sicherheitsgründen blockiert (50 € Virus) | Trojaner: Mediys.A »


Ähnliche Themen: Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war


  1. Ich werde das Gefühl nicht los dass mit meinem Rechner etwas nicht stimmt .. (einfrieren, langsam,..)
    Log-Analyse und Auswertung - 04.05.2014 (1)
  2. PC läuft nach ZBot Entfernung langsamer
    Log-Analyse und Auswertung - 17.11.2013 (27)
  3. GVU Trojaner nach Entfernung wirklich weg?
    Log-Analyse und Auswertung - 07.08.2013 (13)
  4. trojan.zbot.ed bei Routinescan gefunden, wirklich restlos entsorgt?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (8)
  5. PWS:Win32/Zbot.gen!AJ - keine Entfernung über MSE möglich
    Log-Analyse und Auswertung - 14.04.2013 (9)
  6. Trojan.sirefef und Trojan.Phax.thegen6 - war die Entfernung erfolgreich?
    Log-Analyse und Auswertung - 17.10.2012 (4)
  7. Ukash Virus - Malwarebytes erfolgreich - wirklich sicher?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  8. GVU/BKA Trojaner, wie weiß ich, dass er wirklich weg ist?
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (26)
  9. Trojanerbekämpfung ist nicht erfolgreich
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  10. Trojaner ZBot - erfolgreich gelöscht?
    Log-Analyse und Auswertung - 04.01.2011 (36)
  11. Virenbefall, wird nicht von avira antivir und avast gefunden, xp neuinstallation nicht erfolgreich
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (3)
  12. Antimalware Doctor Befall - Entfernung erfolgreich? -Log check
    Plagegeister aller Art und deren Bekämpfung - 14.08.2010 (21)
  13. Antispyware Soft - Entfernung bei WinXP 32 erfolgreich?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2010 (3)
  14. Windows XP SP3 Antimalware Doctor Entfernung erfolgreich?
    Log-Analyse und Auswertung - 12.05.2010 (9)
  15. TR/Vundo.Gen und TR/Spy.ZBot.aeik erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2010 (3)
  16. Virus oder nicht,dass ist hier die Frage
    Log-Analyse und Auswertung - 17.02.2009 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war - Hallo Forum, ich habe den Zbot-Trojaner auf dem Laptop. Entdeckt hat es Microsoft Security Essentials. Wie in hxxp://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot beschrieben war eine exe-Datei mit Zufallsnamen in /AppData/Roaming/Ygep/uhop.exe. Die habe ich entfernt - Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war...
Archiv
Du betrachtest: Indiz dass Entfernung von Zbot nicht wirklich erfolgreich war auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55