Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick

eistorte · 01.05.2012, 14:53

Vor ein paar Tagen habe ich das Problem gehabt, meine Dateien auf dem USB-Stick nicht mehr öffnen zu können, das sie als .lnk Dateien verschlüsselt wurden. Bei der Suche nach ner Lösung meines Problems bin ich bei euch gelandet. Habe mir Malwarebytes Anti-Malware heruntergeladen und einen Scan durchgeführt. Hier die .log-Datei:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Torsten :: TORSTEN-PC [Administrator]

Schutz: Aktiviert

23.04.2012 21:10:38
mbam-log-2012-04-23 (21-10-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195208
Laufzeit: 7 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_express-burn.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe ihr könnt mir helfen, denn das DECRYPT-Programm meckert, dass die Dateien nicht 4k groß sind...

Habe die drei .log-Dateien nicht integrieren können...
Waren zu groß, und ich wusste nicht wie ich die anhängen kann

eistorte · 01.05.2012, 16:20

hier die drei logs:

cosinus · 01.05.2012, 16:39

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

eistorte · 02.05.2012, 06:05

Malware am Tag als es aufgetreten war: (23.04.12)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.23.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Torsten :: TORSTEN-PC [Administrator]

Schutz: Aktiviert

23.04.2012 21:10:38
mbam-log-2012-04-23 (21-10-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195208
Laufzeit: 7 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_express-burn.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Torsten\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malware gestern:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Torsten :: TORSTEN-PC [Administrator]

Schutz: Aktiviert

01.05.2012 19:24:00
mbam-log-2012-05-01 (19-24-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 455661
Laufzeit: 1 Stunde(n), 54 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Torsten\Downloads\DecryptHelper-0.5.2.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ec8298604909840a25758af3b4e714f
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-23 08:07:27
# local_time=2012-04-23 10:07:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 172742474 0 0
# compatibility_mode=8192 67108863 100 0 96 96 0 0
# scanned=49027
# found=1
# cleaned=1
# scan_time=1900
C:\$Recycle.Bin\S-1-5-21-2580248882-1228754705-3639742418-1000\$R3CQ87D.exe	Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ec8298604909840a25758af3b4e714f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 10:16:58
# local_time=2012-05-02 12:16:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 45543 173433255 0 0
# compatibility_mode=8192 67108863 100 0 690877 690877 0 0
# scanned=318078
# found=7
# cleaned=0
# scan_time=10091
C:\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6b310336-122f075d	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Documents and Settings\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\6b310336-122f075d	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul	Win32/Dursg.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files\pdfforge Toolbar\SearchSettings.dll	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files\pdfforge Toolbar\SearchSettings.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-7d4d9170	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Users\Torsten\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\24e14bc6-380af61f	multiple threats (unable to clean)	00000000000000000000000000000000	I

cosinus · 02.05.2012, 13:49

Zitat:

C:\Users\Torsten\Downloads\SoftonicDownloader_fuer_advanced-pdf-to-word.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

eistorte · 02.05.2012, 14:12

also mein Problem besteht nur auf dem Stick wie gesagt.
Auf dem Rechner selbst vermiss ich nichts.
Alles auf dem Stick wird angezeigt,
aber die Verzeichnisse halt nur noch als Dateien von 1, 3 kB Größe.
Der Decrypter meckert immer dass die mindestens 4 kB groß sein müssen...

LG Torsten

cosinus · 02.05.2012, 14:49

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

eistorte · 02.05.2012, 17:17

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.05.2012 17:25:12 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32
Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT
Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32
 
Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Torsten\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()
MOD - C:\Users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- system32\DRIVERS\snpstd3.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (WinDriver) -- C:\Windows\System32\drivers\windrvr.sys (Jungo)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = www.telekom.de/kundencenter
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Torsten\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2012.04.23 06:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.27 13:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 23:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.01 15:30:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]
 
[2010.11.04 21:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Extensions
[2012.04.28 15:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions
[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.04 22:14:34 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2012.03.30 09:55:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.27 14:53:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(152)
[2011.03.11 10:45:47 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(15)
[2011.08.17 16:28:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\coralietab@mozdev.org
[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com
[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml
[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml
[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TORSTEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RF4L1RUP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.24 23:15:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2012.02.17 20:59:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 20:59:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 20:59:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 20:59:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 20:59:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 20:59:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2519CB-F5EA-4D29-9D8C-6F5702F9F080}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 15:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.01 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.01 15:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.01 15:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.05.01 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\GHISLER
[2012.05.01 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\Torsten\Documents\Fahrtenbuch
[2012.05.01 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fahrtenbuch.de
[2012.05.01 14:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\fahrtenbuch.de
[2012.05.01 14:05:14 | 000,000,000 | ---D | C] -- C:\Fahrtenbuch 2009 Essential
[2012.04.24 23:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.24 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.23 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.23 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes
[2012.04.23 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.23 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.23 20:40:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.23 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.22 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey Software
[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey_Software
[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Frey Software
[2012.04.22 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FrMethods
[2012.04.22 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frey Software
[2012.04.22 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Frey Software
[2012.04.21 18:34:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job
[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job
[2012.05.02 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.02 17:13:52 | 000,635,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.02 17:13:52 | 000,603,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.02 17:13:52 | 000,129,580 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.02 17:13:52 | 000,107,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.02 15:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.02 15:03:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.05.01 18:53:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 16:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Torsten\defogger_reenable
[2012.05.01 15:30:26 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.05.01 15:15:15 | 000,000,588 | ---- | M] () -- C:\Users\Torsten\Desktop\Total Commander.lnk
[2012.05.01 14:24:18 | 000,000,813 | ---- | M] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk
[2012.04.28 15:54:38 | 000,002,771 | ---- | M] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk
[2012.04.27 17:11:11 | 000,002,821 | ---- | M] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF
[2012.04.22 01:11:17 | 000,348,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.10 19:31:04 | 000,002,331 | ---- | M] () -- C:\Windows\unins000.dat
[2012.04.10 19:31:00 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2012.04.08 18:03:53 | 000,040,448 | ---- | M] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.01 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Torsten\defogger_reenable
[2012.05.01 15:30:26 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.01 15:30:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.01 15:15:15 | 000,000,588 | ---- | C] () -- C:\Users\Torsten\Desktop\Total Commander.lnk
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2012.05.01 14:24:18 | 000,000,813 | ---- | C] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk
[2012.04.23 20:41:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.22 01:19:22 | 000,002,821 | ---- | C] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk
[2012.04.22 01:19:22 | 000,002,771 | ---- | C] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk
[2012.04.10 19:31:03 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.04.10 19:31:03 | 000,002,331 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 10:51:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.08 10:46:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.09 15:16:34 | 000,004,096 | -H-- | C] () -- C:\Users\Torsten\AppData\Local\keyfile3.drm
[2010.10.21 15:57:41 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.10.21 15:57:41 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.08.23 17:35:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.06.20 18:57:24 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.06.13 18:59:43 | 000,078,187 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010.06.07 19:14:13 | 000,040,448 | ---- | C] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.01 12:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.01 12:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.31 19:18:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.31 08:06:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.30 15:07:40 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat
[2010.05.30 15:06:57 | 000,203,206 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010.05.30 15:06:57 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010.05.30 12:59:15 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.30 12:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Torsten\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.11.04 22:30:02 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Torsten-Startup.job
[2012.05.02 09:47:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
[2010.12.16 01:44:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job
[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job
[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.13 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\.minecraft
[2010.08.06 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Adobe
[2010.06.17 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Amazon
[2011.12.25 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Apple Computer
[2011.01.24 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\BAUMHAUS
[2010.07.16 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.02 01:00:00 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\F-Secure
[2012.04.22 01:30:47 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Frey Software
[2012.05.01 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\GHISLER
[2011.07.20 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\go
[2010.05.30 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HP
[2011.12.04 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HPAppData
[2010.07.11 20:21:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HpUpdate
[2010.05.30 12:06:04 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Identities
[2010.05.30 12:10:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Macromedia
[2012.04.23 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Media Center Programs
[2012.04.22 01:19:24 | 000,000,000 | --SD | M] -- C:\Users\Torsten\AppData\Roaming\Microsoft
[2012.04.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Mozilla
[2011.08.13 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Software
[2011.12.04 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Swift Sound
[2012.02.26 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\OpenOffice.org
[2012.02.15 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Real
[2011.12.28 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Samsung
[2011.02.08 16:53:01 | 000,000,000 | RH-D | M] -- C:\Users\Torsten\AppData\Roaming\SecuROM
[2012.03.29 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Skype
[2011.05.28 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\skypePM
[2012.02.09 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Temp
[2012.02.15 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\vlc
[2011.06.13 15:34:08 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Windows Live Writer
[2010.08.15 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_01D06D3962F47C38BBE691.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_1ED092DF0DE30D12C174AC.exe
[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_3EE130D6F9A234DB0CB211.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_462B9F3DB2D9FFC473F402.exe
[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_52D1D2014398FFE0E4D526.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_6FEFF9B68218417F98F549.exe
[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_D30D829511B5431F32BB6F.exe
[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2012.03.18 19:16:21 | 000,106,408 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.18 19:16:21 | 000,101,288 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.18 19:16:23 | 000,021,416 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.07 17:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.05.2012 17:25:12 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32
Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT
Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32
 
Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3212FE16-D060-4E6C-A7FE-C7D86BF2A4B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{444F4CA2-EAF8-4FBC-A303-B10EFD4E1315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6321E021-CC3E-40AC-A799-4F31B2B6DC27}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{71C8D550-6AF5-4BBD-9B2D-F08662D3CDD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78399824-EA01-447A-8EE3-C2FF4F6E4142}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{84D772E1-FC61-48D0-87C1-FBBE6F3A27D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{991787D3-7AA8-43F6-AEAC-41D700E4F828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8521F25-4087-45F7-9672-9A438B89CBFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DFD919C3-4796-451C-9239-BA28EEE4B060}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030CC5FE-EB48-49CC-B2A3-A7A531DE26A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{135FF0C1-0FB1-4C73-B743-95CFFB377F2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1669EDB6-1EBC-425E-B447-A100F449FC9E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{26735393-1E5C-49C6-9309-0E8D49D9E9CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2918876D-EB8B-4D7E-B3F0-E55E0057D568}" = protocol=6 | dir=out | app=system | 
"{2D770BEF-133F-47EB-96CE-066C840C6D2B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2EF65799-2964-42B0-B761-55CDE215098B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4068FD12-F680-4107-AC9B-4813E7BBE8FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4785C283-5C7F-4ACE-AFA8-960BF198B649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4DBAECE8-7875-4319-B2EE-EA7B53D0C0CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5459B201-753A-4429-837B-3714C6F6BD8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5555E088-1009-4473-889C-430503B51D43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{6EF8E597-43A7-40AC-A272-86CDC61227AE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7249597A-044E-44D7-A6EA-ED84C3334313}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{755502A7-00C8-4D9B-A4EE-BAF5271BFF9B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{7F670B33-D79D-40B3-BD51-2E8E8934B683}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7FE29F26-2D0F-477D-AA0A-6B8102481584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{852CBA8F-B714-490B-AD5C-3FC06CBD3293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{872BDC75-4433-4BD2-A893-24659E3F7574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97723CFF-71AA-4ACF-A33C-2A42E0E30581}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9DCBD528-29EA-454D-A7C1-DEA9AC95D98D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{9E379C99-15B2-4D94-BE5B-8599C7B59D6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{B5BA316B-89C5-49E2-984C-1BBCB4B94FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{BA6EB70F-F490-4273-A34D-0AED0956DAC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{BC4DE5F7-84A5-4BA5-87AB-50E826854394}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{C5ED1BDC-1D78-446A-8E91-43FA4751A62C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CA8FF502-0E5B-4684-8373-0B66B0FC5A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC27AD37-E19B-4106-A736-646F07A297BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{CDF384F0-B2FD-460B-A005-36FA10DC69B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{D3AB3F53-EFAF-49DE-B3A3-E8B76A9867AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4FEE6A5-5094-473E-979F-A9743072A90F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{DC55607C-EA80-4559-909F-427AB92DBA58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{E0F4EF4A-C4F2-4735-BC3B-92B781313F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04F5067-C543-4EC5-8567-BD1E18C5AFF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEA6D2CC-23D4-493A-BFFB-986ABC549DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{E0639D19-255D-4A6E-86A6-F49890E661AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E65CB28D-8F9D-4A0E-AFF8-B6B5EE76E421}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2F58D151-E901-49F1-B467-7246F6A78A2C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{F14EF893-C228-424E-A5CE-B5CA422B1E34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}" = SRC-Tutor II  2nd Edition
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1F0FE76-83C6-47F2-BD0D-40FF96E47508}_is1" = Fahrtenbuch.de Version 10
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Express Manager +" = Express Manager +
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"F-Secure Product 444" = F-Secure Internet Security 2011
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 
"Shop for HP Supplies" = Shop for HP Supplies
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Skat-Online V9" = Skat-Online V9
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 15:19:48 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.320.5 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1654  Anfangszeit: 01cd27c8a25bf11a  Zeitpunkt der Beendigung:
 40
 
Error - 01.05.2012 15:23:35 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2012 03:45:05 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 08:49:40 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 11:18:26 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.42.2 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: b08  Anfangszeit: 01cd2874b0300656  Zeitpunkt der Beendigung:
 10
 
[ System Events ]
Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:22 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:31 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:02:00 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:02:08 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:03:41 | Computer Name = Torsten-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.05.2012 um 15:02:50 unerwartet heruntergefahren.
 
Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

eistorte · 02.05.2012, 17:19

OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.05.2012 17:25:12 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32
Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT
Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32
 
Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Torsten\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Programme\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Programme\F-Secure\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()
MOD - C:\Users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\F-Secure\FSGUI\strres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\gres.dll ()
MOD - C:\Programme\F-Secure\FSGUI\fsavures.eng ()
MOD - C:\Programme\F-Secure\FSGUI\flyerres.eng ()
MOD - C:\Programme\F-Secure\FSGUI\about.dll ()
MOD - C:\Programme\F-Secure\FSGUI\aboutres.dll ()
MOD - C:\Programme\F-Secure\FSPC\fspcfsm.eng ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FSDFWD) -- C:\Programme\F-Secure\FWES\program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FSMA) -- C:\Programme\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (FSORSPClient) -- C:\Programme\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- system32\DRIVERS\snpstd3.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (fsbts) -- C:\Windows\System32\drivers\fsbts.sys ()
DRV - (F-Secure Gatekeeper) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS) -- C:\Programme\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista) -- C:\Programme\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ACEDRV06) -- C:\Windows\System32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (WinDriver) -- C:\Windows\System32\drivers\windrvr.sys (Jungo)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = www.telekom.de/kundencenter
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.arcor.de/"
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Torsten\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2012.04.23 06:19:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.27 13:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.24 23:15:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.01 15:30:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.20 18:57:46 | 000,000,000 | ---D | M]
 
[2010.11.04 21:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Extensions
[2012.04.28 15:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions
[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.04 22:14:34 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2012.03.30 09:55:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.27 14:53:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(152)
[2011.03.11 10:45:47 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}(15)
[2011.08.17 16:28:14 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\coralietab@mozdev.org
[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com
[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml
[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml
[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.01 15:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\TORSTEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RF4L1RUP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.04.24 23:15:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2012.02.17 20:59:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 20:59:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 20:59:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 20:59:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 20:59:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 20:59:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2519CB-F5EA-4D29-9D8C-6F5702F9F080}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Torsten\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: AutorunsDisabled - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 15:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.01 15:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.05.01 15:29:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.01 15:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.05.01 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.05.01 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2012.05.01 15:15:13 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\GHISLER
[2012.05.01 14:24:33 | 000,000,000 | ---D | C] -- C:\Users\Torsten\Documents\Fahrtenbuch
[2012.05.01 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fahrtenbuch.de
[2012.05.01 14:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\fahrtenbuch.de
[2012.05.01 14:05:14 | 000,000,000 | ---D | C] -- C:\Fahrtenbuch 2009 Essential
[2012.04.24 23:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.24 23:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.23 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.23 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes
[2012.04.23 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.23 20:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.23 20:40:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.23 20:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.22 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey Software
[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Local\Frey_Software
[2012.04.22 01:30:47 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Frey Software
[2012.04.22 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FrMethods
[2012.04.22 01:19:22 | 000,000,000 | ---D | C] -- C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frey Software
[2012.04.22 01:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Frey Software
[2012.04.21 18:34:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.19 19:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job
[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job
[2012.05.02 17:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.02 17:13:52 | 000,635,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.02 17:13:52 | 000,603,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.02 17:13:52 | 000,129,580 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.02 17:13:52 | 000,107,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 17:03:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.05.02 15:04:34 | 000,070,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.02 15:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.02 15:03:38 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012.05.01 18:53:35 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 16:09:26 | 000,000,000 | ---- | M] () -- C:\Users\Torsten\defogger_reenable
[2012.05.01 15:30:26 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.05.01 15:15:15 | 000,000,588 | ---- | M] () -- C:\Users\Torsten\Desktop\Total Commander.lnk
[2012.05.01 14:24:18 | 000,000,813 | ---- | M] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk
[2012.04.28 15:54:38 | 000,002,771 | ---- | M] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk
[2012.04.27 17:11:11 | 000,002,821 | ---- | M] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF
[2012.04.27 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF
[2012.04.22 01:11:17 | 000,348,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.10 19:31:04 | 000,002,331 | ---- | M] () -- C:\Windows\unins000.dat
[2012.04.10 19:31:00 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe
[2012.04.08 18:03:53 | 000,040,448 | ---- | M] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Torsten\Documents\*.tmp files -> C:\Users\Torsten\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.01 16:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Torsten\defogger_reenable
[2012.05.01 15:30:26 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.01 15:30:26 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:40 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012.05.01 15:26:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.01 15:15:15 | 000,000,588 | ---- | C] () -- C:\Users\Torsten\Desktop\Total Commander.lnk
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2012.05.01 15:15:13 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2012.05.01 14:24:18 | 000,000,813 | ---- | C] () -- C:\Users\Torsten\Desktop\Fahrtenbuch.lnk
[2012.04.23 20:41:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.22 01:19:22 | 000,002,821 | ---- | C] () -- C:\Users\Torsten\Desktop\Seefunk - Theorie (SRC & LRC).lnk
[2012.04.22 01:19:22 | 000,002,771 | ---- | C] () -- C:\Users\Torsten\Desktop\SRC-Tutor II - 2nd Edition.lnk
[2012.04.10 19:31:03 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.04.10 19:31:03 | 000,002,331 | ---- | C] () -- C:\Windows\unins000.dat
[2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.08 10:51:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.08 10:46:58 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.09 15:16:34 | 000,004,096 | -H-- | C] () -- C:\Users\Torsten\AppData\Local\keyfile3.drm
[2010.10.21 15:57:41 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.10.21 15:57:41 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.08.23 17:35:16 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.06.20 18:57:24 | 000,023,688 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.06.13 18:59:43 | 000,078,187 | ---- | C] () -- C:\Windows\hpqins05.dat
[2010.06.07 19:14:13 | 000,040,448 | ---- | C] () -- C:\Users\Torsten\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.01 12:55:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.01 12:55:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.31 19:18:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.31 08:06:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.05.30 15:07:40 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat
[2010.05.30 15:06:57 | 000,203,206 | ---- | C] () -- C:\Windows\hpwins20.dat
[2010.05.30 15:06:57 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2010.05.30 12:59:15 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.30 12:22:46 | 000,070,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.30 12:05:58 | 000,000,680 | ---- | C] () -- C:\Users\Torsten\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.11.04 22:30:02 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Registry Reviver-Torsten-Startup.job
[2012.05.02 09:47:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.02 09:43:22 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
[2010.12.16 01:44:59 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job
[2012.05.02 17:44:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job
[2012.05.02 17:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.13 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\.minecraft
[2010.08.06 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Adobe
[2010.06.17 16:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Amazon
[2011.12.25 12:30:48 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Apple Computer
[2011.01.24 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\BAUMHAUS
[2010.07.16 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.02 01:00:00 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\F-Secure
[2012.04.22 01:30:47 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Frey Software
[2012.05.01 15:15:13 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\GHISLER
[2011.07.20 11:28:26 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\go
[2010.05.30 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HP
[2011.12.04 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HPAppData
[2010.07.11 20:21:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\HpUpdate
[2010.05.30 12:06:04 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Identities
[2010.05.30 12:10:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Macromedia
[2012.04.23 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Media Center Programs
[2012.04.22 01:19:24 | 000,000,000 | --SD | M] -- C:\Users\Torsten\AppData\Roaming\Microsoft
[2012.04.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Mozilla
[2011.08.13 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Software
[2011.12.04 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\NCH Swift Sound
[2012.02.26 14:43:24 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\OpenOffice.org
[2012.02.15 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Real
[2011.12.28 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Samsung
[2011.02.08 16:53:01 | 000,000,000 | RH-D | M] -- C:\Users\Torsten\AppData\Roaming\SecuROM
[2012.03.29 19:12:37 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Skype
[2011.05.28 16:02:58 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\skypePM
[2012.02.09 22:34:12 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Temp
[2012.02.15 22:40:16 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\vlc
[2011.06.13 15:34:08 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Windows Live Writer
[2010.08.15 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\Torsten\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_01D06D3962F47C38BBE691.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_1ED092DF0DE30D12C174AC.exe
[2012.04.22 01:19:24 | 000,149,770 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_3EE130D6F9A234DB0CB211.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_462B9F3DB2D9FFC473F402.exe
[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_52D1D2014398FFE0E4D526.exe
[2012.04.22 01:19:24 | 000,182,735 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_6FEFF9B68218417F98F549.exe
[2012.04.22 01:19:24 | 000,010,134 | R--- | M] () -- C:\Users\Torsten\AppData\Roaming\Microsoft\Installer\{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}\_D30D829511B5431F32BB6F.exe
[2007.08.29 15:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2012.03.18 19:16:21 | 000,106,408 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.18 19:16:21 | 000,101,288 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.18 19:16:23 | 000,021,416 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Torsten\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.07 17:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.05.2012 17:25:12 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Torsten\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,49% Memory free
6,23 Gb Paging File | 4,97 Gb Available in Paging File | 79,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,15 Gb Total Space | 489,42 Gb Free Space | 84,95% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,38 Gb Free Space | 61,87% Space Free | Partition Type: FAT32
Drive J: | 1,89 Gb Total Space | 1,66 Gb Free Space | 87,84% Space Free | Partition Type: FAT
Drive N: | 14,92 Gb Total Space | 14,02 Gb Free Space | 94,02% Space Free | Partition Type: FAT32
 
Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3212FE16-D060-4E6C-A7FE-C7D86BF2A4B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{444F4CA2-EAF8-4FBC-A303-B10EFD4E1315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6321E021-CC3E-40AC-A799-4F31B2B6DC27}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{71C8D550-6AF5-4BBD-9B2D-F08662D3CDD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78399824-EA01-447A-8EE3-C2FF4F6E4142}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{84D772E1-FC61-48D0-87C1-FBBE6F3A27D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{991787D3-7AA8-43F6-AEAC-41D700E4F828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8521F25-4087-45F7-9672-9A438B89CBFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DFD919C3-4796-451C-9239-BA28EEE4B060}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030CC5FE-EB48-49CC-B2A3-A7A531DE26A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{135FF0C1-0FB1-4C73-B743-95CFFB377F2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1669EDB6-1EBC-425E-B447-A100F449FC9E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{26735393-1E5C-49C6-9309-0E8D49D9E9CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2918876D-EB8B-4D7E-B3F0-E55E0057D568}" = protocol=6 | dir=out | app=system | 
"{2D770BEF-133F-47EB-96CE-066C840C6D2B}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2EF65799-2964-42B0-B761-55CDE215098B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4068FD12-F680-4107-AC9B-4813E7BBE8FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4785C283-5C7F-4ACE-AFA8-960BF198B649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4DBAECE8-7875-4319-B2EE-EA7B53D0C0CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5459B201-753A-4429-837B-3714C6F6BD8A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5555E088-1009-4473-889C-430503B51D43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{6EF8E597-43A7-40AC-A272-86CDC61227AE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7249597A-044E-44D7-A6EA-ED84C3334313}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{755502A7-00C8-4D9B-A4EE-BAF5271BFF9B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{7F670B33-D79D-40B3-BD51-2E8E8934B683}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{7FE29F26-2D0F-477D-AA0A-6B8102481584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{852CBA8F-B714-490B-AD5C-3FC06CBD3293}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{872BDC75-4433-4BD2-A893-24659E3F7574}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{97723CFF-71AA-4ACF-A33C-2A42E0E30581}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9DCBD528-29EA-454D-A7C1-DEA9AC95D98D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{9E379C99-15B2-4D94-BE5B-8599C7B59D6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{B5BA316B-89C5-49E2-984C-1BBCB4B94FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{BA6EB70F-F490-4273-A34D-0AED0956DAC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{BC4DE5F7-84A5-4BA5-87AB-50E826854394}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{C5ED1BDC-1D78-446A-8E91-43FA4751A62C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CA8FF502-0E5B-4684-8373-0B66B0FC5A85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC27AD37-E19B-4106-A736-646F07A297BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{CDF384F0-B2FD-460B-A005-36FA10DC69B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{D3AB3F53-EFAF-49DE-B3A3-E8B76A9867AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4FEE6A5-5094-473E-979F-A9743072A90F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{DC55607C-EA80-4559-909F-427AB92DBA58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{E0F4EF4A-C4F2-4735-BC3B-92B781313F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F04F5067-C543-4EC5-8567-BD1E18C5AFF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEA6D2CC-23D4-493A-BFFB-986ABC549DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{E0639D19-255D-4A6E-86A6-F49890E661AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E65CB28D-8F9D-4A0E-AFF8-B6B5EE76E421}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{2F58D151-E901-49F1-B467-7246F6A78A2C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{F14EF893-C228-424E-A5CE-B5CA422B1E34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E66B0CF-DCAA-4092-A6E0-4EF01292EA86}" = SRC-Tutor II  2nd Edition
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}" = HP Officejet All-In-One Series
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1F0FE76-83C6-47F2-BD0D-40FF96E47508}_is1" = Fahrtenbuch.de Version 10
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3737952-FF6E-4E72-BDEE-B0DC1C69F80B}" = BPD_HPSU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Express Manager +" = Express Manager +
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"F-Secure Product 444" = F-Secure Internet Security 2011
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007 
"Shop for HP Supplies" = Shop for HP Supplies
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Skat-Online V9" = Skat-Online V9
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 13:23:09 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 15:19:48 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 6.0.320.5 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1654  Anfangszeit: 01cd27c8a25bf11a  Zeitpunkt der Beendigung:
 40
 
Error - 01.05.2012 15:23:35 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.05.2012 15:24:19 | Computer Name = Torsten-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.05.2012 03:45:05 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 08:49:40 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.05.2012 11:18:26 | Computer Name = Torsten-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.42.2 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: b08  Anfangszeit: 01cd2874b0300656  Zeitpunkt der Beendigung:
 10
 
[ System Events ]
Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:01 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:22 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:00:31 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:01:38 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:02:00 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:02:08 | Computer Name = Torsten-PC | Source = F-Secure Gatekeeper | ID = 327681
Description = 
 
Error - 02.05.2012 09:03:41 | Computer Name = Torsten-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 02.05.2012 um 15:02:50 unerwartet heruntergefahren.
 
Error - 02.05.2012 09:05:24 | Computer Name = Torsten-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

[/code]

cosinus · 02.05.2012, 18:55

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7PRFA_de
IE - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - user.js - File not found
[2010.12.24 03:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.27 14:53:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com
[2012.02.14 21:57:36 | 000,000,931 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml
[2012.05.01 21:27:23 | 000,001,610 | ---- | M] () -- C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found.
O3 - HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

eistorte · 02.05.2012, 19:32

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2580248882-1228754705-3639742418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b106b661-3e1b-4015-af5c-195e909f35c6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b106b661-3e1b-4015-af5c-195e909f35c6}\ not found.
HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{90463F81-D63A-4255-B12B-64F060292FEB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90463F81-D63A-4255-B12B-64F060292FEB}\ not found.
Registry key HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\rf4l1rup.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\conduit.xml moved successfully.
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\searchplugins\ixquick-https---deutsch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B106B661-3E1B-4015-AF5C-195E909F35C6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}\ not found.
Registry value HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{838c7280-a13c-11e0-8260-0021856885ee}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f31010ac-b449-11df-94c5-0021856885ee}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Torsten
->Temp folder emptied: 26083312 bytes
->Temporary Internet Files folder emptied: 2508042 bytes
->Java cache emptied: 26947772 bytes
->FireFox cache emptied: 94091873 bytes
->Flash cache emptied: 8073 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70947 bytes
RecycleBin emptied: 93201946 bytes
 
Total Files Cleaned = 232,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Torsten
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_202700

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 02.05.2012, 19:51

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

eistorte · 02.05.2012, 20:13

Code:

ATTFilter

21:09:35.0888 4636	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
21:09:36.0046 4636	============================================================
21:09:36.0046 4636	Current date / time: 2012/05/02 21:09:36.0046
21:09:36.0046 4636	SystemInfo:
21:09:36.0046 4636	
21:09:36.0046 4636	OS Version: 6.0.6002 ServicePack: 2.0
21:09:36.0046 4636	Product type: Workstation
21:09:36.0046 4636	ComputerName: TORSTEN-PC
21:09:36.0047 4636	UserName: Torsten
21:09:36.0047 4636	Windows directory: C:\Windows
21:09:36.0047 4636	System windows directory: C:\Windows
21:09:36.0047 4636	Processor architecture: Intel x86
21:09:36.0047 4636	Number of processors: 2
21:09:36.0047 4636	Page size: 0x1000
21:09:36.0047 4636	Boot type: Normal boot
21:09:36.0047 4636	============================================================
21:09:37.0351 4636	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:09:37.0379 4636	Drive \Device\Harddisk4\DR4 - Size: 0x3BB63FE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:37.0380 4636	Drive \Device\Harddisk5\DR5 - Size: 0x79400000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:37.0381 4636	============================================================
21:09:37.0381 4636	\Device\Harddisk0\DR0:
21:09:37.0381 4636	MBR partitions:
21:09:37.0381 4636	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4804F000
21:09:37.0401 4636	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4804F83F, BlocksNum 0x2807682
21:09:37.0401 4636	\Device\Harddisk4\DR4:
21:09:37.0401 4636	MBR partitions:
21:09:37.0401 4636	\Device\Harddisk4\DR4\Partition0: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
21:09:37.0401 4636	\Device\Harddisk5\DR5:
21:09:37.0402 4636	MBR partitions:
21:09:37.0402 4636	============================================================
21:09:37.0524 4636	C: <-> \Device\Harddisk0\DR0\Partition0
21:09:37.0524 4636	D: <-> \Device\Harddisk0\DR0\Partition1
21:09:37.0525 4636	============================================================
21:09:37.0525 4636	Initialize success
21:09:37.0525 4636	============================================================
21:09:48.0844 4516	============================================================
21:09:48.0844 4516	Scan started
21:09:48.0844 4516	Mode: Manual; SigCheck; TDLFS; 
21:09:48.0844 4516	============================================================
21:09:49.0508 4516	ACEDRV06        (44010948bde6ade50dd1386657c73e83) C:\Windows\system32\drivers\ACEDRV06.sys
21:09:49.0594 4516	ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
21:09:49.0594 4516	ACEDRV06 - detected UnsignedFile.Multi.Generic (1)
21:09:49.0732 4516	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:09:49.0763 4516	ACPI - ok
21:09:49.0847 4516	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:49.0856 4516	AdobeARMservice - ok
21:09:49.0912 4516	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:49.0925 4516	AdobeFlashPlayerUpdateSvc - ok
21:09:49.0970 4516	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:09:49.0991 4516	adp94xx - ok
21:09:50.0045 4516	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:09:50.0060 4516	adpahci - ok
21:09:50.0082 4516	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:09:50.0096 4516	adpu160m - ok
21:09:50.0122 4516	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:09:50.0135 4516	adpu320 - ok
21:09:50.0165 4516	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:09:50.0183 4516	AeLookupSvc - ok
21:09:50.0242 4516	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:09:50.0258 4516	AFD - ok
21:09:50.0288 4516	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:09:50.0300 4516	agp440 - ok
21:09:50.0326 4516	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:09:50.0339 4516	aic78xx - ok
21:09:50.0356 4516	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:09:50.0380 4516	ALG - ok
21:09:50.0394 4516	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:09:50.0406 4516	aliide - ok
21:09:50.0421 4516	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:09:50.0433 4516	amdagp - ok
21:09:50.0448 4516	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:09:50.0460 4516	amdide - ok
21:09:50.0476 4516	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:09:50.0500 4516	AmdK7 - ok
21:09:50.0510 4516	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:09:50.0530 4516	AmdK8 - ok
21:09:50.0558 4516	androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
21:09:50.0586 4516	androidusb - ok
21:09:50.0610 4516	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:09:50.0622 4516	Appinfo - ok
21:09:50.0748 4516	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:50.0757 4516	Apple Mobile Device - ok
21:09:50.0779 4516	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:09:50.0789 4516	arc - ok
21:09:50.0805 4516	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:09:50.0817 4516	arcsas - ok
21:09:50.0853 4516	ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
21:09:50.0858 4516	ASPI ( UnsignedFile.Multi.Generic ) - warning
21:09:50.0858 4516	ASPI - detected UnsignedFile.Multi.Generic (1)
21:09:50.0865 4516	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:50.0888 4516	AsyncMac - ok
21:09:50.0906 4516	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:09:50.0919 4516	atapi - ok
21:09:50.0983 4516	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:09:51.0004 4516	AudioEndpointBuilder - ok
21:09:51.0008 4516	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:09:51.0030 4516	Audiosrv - ok
21:09:51.0063 4516	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:09:51.0087 4516	Beep - ok
21:09:51.0140 4516	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:09:51.0169 4516	BFE - ok
21:09:51.0252 4516	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
21:09:51.0292 4516	BITS - ok
21:09:51.0321 4516	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:09:51.0353 4516	blbdrive - ok
21:09:51.0472 4516	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:09:51.0491 4516	Bonjour Service - ok
21:09:51.0528 4516	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:09:51.0545 4516	bowser - ok
21:09:51.0570 4516	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:09:51.0595 4516	BrFiltLo - ok
21:09:51.0606 4516	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:09:51.0631 4516	BrFiltUp - ok
21:09:51.0654 4516	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:09:51.0685 4516	Browser - ok
21:09:51.0707 4516	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:09:51.0761 4516	Brserid - ok
21:09:51.0775 4516	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:09:51.0821 4516	BrSerWdm - ok
21:09:51.0838 4516	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:09:51.0871 4516	BrUsbMdm - ok
21:09:51.0885 4516	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:09:51.0918 4516	BrUsbSer - ok
21:09:51.0931 4516	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:09:51.0964 4516	BTHMODEM - ok
21:09:51.0988 4516	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:52.0007 4516	cdfs - ok
21:09:52.0028 4516	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:52.0043 4516	cdrom - ok
21:09:52.0058 4516	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:09:52.0073 4516	CertPropSvc - ok
21:09:52.0082 4516	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:09:52.0102 4516	circlass - ok
21:09:52.0141 4516	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:09:52.0154 4516	CLFS - ok
21:09:52.0209 4516	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:52.0221 4516	clr_optimization_v2.0.50727_32 - ok
21:09:52.0294 4516	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:52.0307 4516	clr_optimization_v4.0.30319_32 - ok
21:09:52.0318 4516	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:09:52.0330 4516	cmdide - ok
21:09:52.0346 4516	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:09:52.0360 4516	Compbatt - ok
21:09:52.0363 4516	COMSysApp - ok
21:09:52.0384 4516	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:09:52.0395 4516	crcdisk - ok
21:09:52.0404 4516	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:09:52.0428 4516	Crusoe - ok
21:09:52.0445 4516	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:09:52.0465 4516	CryptSvc - ok
21:09:52.0533 4516	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:09:52.0560 4516	DcomLaunch - ok
21:09:52.0598 4516	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:09:52.0613 4516	DfsC - ok
21:09:52.0773 4516	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:09:52.0827 4516	DFSR - ok
21:09:52.0979 4516	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:09:53.0006 4516	Dhcp - ok
21:09:53.0057 4516	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:09:53.0074 4516	disk - ok
21:09:53.0126 4516	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:09:53.0144 4516	Dnscache - ok
21:09:53.0189 4516	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:09:53.0217 4516	dot3svc - ok
21:09:53.0248 4516	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:09:53.0281 4516	Dot4 - ok
21:09:53.0298 4516	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:09:53.0328 4516	Dot4Print - ok
21:09:53.0339 4516	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:09:53.0371 4516	dot4usb - ok
21:09:53.0395 4516	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:09:53.0428 4516	DPS - ok
21:09:53.0459 4516	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:09:53.0484 4516	drmkaud - ok
21:09:53.0557 4516	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:53.0587 4516	DXGKrnl - ok
21:09:53.0636 4516	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:09:53.0669 4516	e1express - ok
21:09:53.0707 4516	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:09:53.0740 4516	E1G60 - ok
21:09:53.0751 4516	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:09:53.0777 4516	EapHost - ok
21:09:53.0833 4516	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:09:53.0852 4516	Ecache - ok
21:09:53.0921 4516	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:09:53.0939 4516	ehRecvr - ok
21:09:53.0964 4516	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:09:53.0981 4516	ehSched - ok
21:09:53.0987 4516	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:09:54.0002 4516	ehstart - ok
21:09:54.0035 4516	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:09:54.0058 4516	elxstor - ok
21:09:54.0124 4516	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:09:54.0150 4516	EMDMgmt - ok
21:09:54.0181 4516	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:09:54.0212 4516	ErrDev - ok
21:09:54.0240 4516	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:09:54.0270 4516	EventSystem - ok
21:09:54.0328 4516	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:09:54.0346 4516	exfat - ok
21:09:54.0486 4516	F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys
21:09:54.0503 4516	F-Secure Gatekeeper - ok
21:09:54.0545 4516	F-Secure Gatekeeper Handler Starter (744930b68b68dae55c5977dae3953236) C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
21:09:54.0562 4516	F-Secure Gatekeeper Handler Starter - ok
21:09:54.0592 4516	F-Secure HIPS   (adf12d222dcc220229f9f46cdac1d668) C:\Program Files\F-Secure\HIPS\drivers\fshs.sys
21:09:54.0608 4516	F-Secure HIPS - ok
21:09:54.0638 4516	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:09:54.0663 4516	fastfat - ok
21:09:54.0679 4516	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:09:54.0710 4516	fdc - ok
21:09:54.0757 4516	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:09:54.0789 4516	fdPHost - ok
21:09:54.0794 4516	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:09:54.0848 4516	FDResPub - ok
21:09:54.0873 4516	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:09:54.0890 4516	FileInfo - ok
21:09:54.0911 4516	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:09:54.0942 4516	Filetrace - ok
21:09:54.0958 4516	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:54.0989 4516	flpydisk - ok
21:09:55.0015 4516	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:09:55.0027 4516	FltMgr - ok
21:09:55.0114 4516	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:09:55.0134 4516	FontCache - ok
21:09:55.0223 4516	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:09:55.0232 4516	FontCache3.0.0.0 - ok
21:09:55.0253 4516	fsbts           (343786e182b9c9ae3066e00dec650f50) C:\Windows\system32\Drivers\fsbts.sys
21:09:55.0263 4516	fsbts - ok
21:09:55.0386 4516	FSDFWD          (d49cdf34eb4cb1de1acd33b7147be8e9) C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
21:09:55.0405 4516	FSDFWD - ok
21:09:55.0454 4516	FSES            (f83475d1843e0d7ca0d8dbb93250ebc9) C:\Windows\system32\drivers\fses.sys
21:09:55.0464 4516	FSES - ok
21:09:55.0495 4516	FSFW            (581bf8dfc691b7d3be0cb0c49bba4755) C:\Windows\system32\drivers\fsdfw.sys
21:09:55.0506 4516	FSFW - ok
21:09:55.0573 4516	FSMA            (e558a4679046589969ef9c79bbed6bd1) C:\Program Files\F-Secure\Common\FSMA32.EXE
21:09:55.0586 4516	FSMA - ok
21:09:55.0615 4516	FSORSPClient    (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
21:09:55.0629 4516	FSORSPClient - ok
21:09:55.0659 4516	fsvista         (667af2f3f0f5d8ae7cfd60bb2ce4d600) C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys
21:09:55.0672 4516	fsvista - ok
21:09:55.0690 4516	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:55.0707 4516	Fs_Rec - ok
21:09:55.0728 4516	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:09:55.0744 4516	gagp30kx - ok
21:09:55.0771 4516	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:55.0783 4516	GEARAspiWDM - ok
21:09:55.0849 4516	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:09:55.0885 4516	gpsvc - ok
21:09:55.0959 4516	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:09:55.0973 4516	gupdate - ok
21:09:56.0033 4516	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:09:56.0052 4516	HdAudAddService - ok
21:09:56.0099 4516	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:56.0133 4516	HDAudBus - ok
21:09:56.0160 4516	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:09:56.0214 4516	HidBth - ok
21:09:56.0223 4516	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:09:56.0277 4516	HidIr - ok
21:09:56.0327 4516	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
21:09:56.0345 4516	hidserv - ok
21:09:56.0369 4516	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:56.0393 4516	HidUsb - ok
21:09:56.0420 4516	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:09:56.0453 4516	hkmsvc - ok
21:09:56.0477 4516	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:09:56.0493 4516	HpCISSs - ok
21:09:56.0570 4516	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:09:56.0578 4516	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:09:56.0579 4516	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:09:56.0621 4516	hpqddsvc        (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:09:56.0628 4516	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:09:56.0628 4516	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:09:56.0687 4516	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:09:56.0710 4516	HTTP - ok
21:09:56.0748 4516	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:09:56.0763 4516	i2omp - ok
21:09:56.0821 4516	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:56.0846 4516	i8042prt - ok
21:09:56.0920 4516	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:09:56.0940 4516	iaStorV - ok
21:09:57.0086 4516	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:09:57.0120 4516	idsvc - ok
21:09:57.0146 4516	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:09:57.0161 4516	iirsp - ok
21:09:57.0219 4516	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:09:57.0251 4516	IKEEXT - ok
21:09:57.0280 4516	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:09:57.0295 4516	intelide - ok
21:09:57.0310 4516	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:57.0342 4516	intelppm - ok
21:09:57.0364 4516	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:09:57.0397 4516	IPBusEnum - ok
21:09:57.0406 4516	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:57.0426 4516	IpFilterDriver - ok
21:09:57.0454 4516	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:09:57.0466 4516	iphlpsvc - ok
21:09:57.0469 4516	IpInIp - ok
21:09:57.0485 4516	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:09:57.0505 4516	IPMIDRV - ok
21:09:57.0526 4516	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:57.0546 4516	IPNAT - ok
21:09:57.0685 4516	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:09:57.0705 4516	iPod Service - ok
21:09:57.0752 4516	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:09:57.0775 4516	IRENUM - ok
21:09:57.0786 4516	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:09:57.0799 4516	isapnp - ok
21:09:57.0836 4516	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:57.0851 4516	iScsiPrt - ok
21:09:57.0869 4516	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:09:57.0880 4516	iteatapi - ok
21:09:57.0891 4516	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:09:57.0903 4516	iteraid - ok
21:09:57.0914 4516	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:57.0926 4516	kbdclass - ok
21:09:57.0942 4516	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:09:57.0965 4516	kbdhid - ok
21:09:58.0009 4516	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:09:58.0026 4516	KeyIso - ok
21:09:58.0062 4516	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:09:58.0087 4516	KSecDD - ok
21:09:58.0154 4516	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:09:58.0191 4516	KtmRm - ok
21:09:58.0237 4516	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
21:09:58.0257 4516	LanmanServer - ok
21:09:58.0292 4516	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:09:58.0313 4516	LanmanWorkstation - ok
21:09:58.0325 4516	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:58.0357 4516	lltdio - ok
21:09:58.0384 4516	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:09:58.0418 4516	lltdsvc - ok
21:09:58.0424 4516	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:09:58.0479 4516	lmhosts - ok
21:09:58.0504 4516	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:09:58.0515 4516	LSI_FC - ok
21:09:58.0531 4516	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:09:58.0542 4516	LSI_SAS - ok
21:09:58.0566 4516	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:09:58.0576 4516	LSI_SCSI - ok
21:09:58.0589 4516	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:09:58.0609 4516	luafv - ok
21:09:58.0631 4516	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:09:58.0641 4516	MBAMProtector - ok
21:09:58.0749 4516	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:09:58.0767 4516	MBAMService - ok
21:09:58.0938 4516	McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
21:09:58.0951 4516	McComponentHostService - ok
21:09:58.0964 4516	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:09:58.0977 4516	Mcx2Svc - ok
21:09:58.0991 4516	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:09:59.0003 4516	megasas - ok
21:09:59.0051 4516	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:09:59.0069 4516	MegaSR - ok
21:09:59.0096 4516	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:09:59.0125 4516	MMCSS - ok
21:09:59.0136 4516	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:09:59.0167 4516	Modem - ok
21:09:59.0173 4516	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:09:59.0205 4516	monitor - ok
21:09:59.0215 4516	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:59.0224 4516	mouclass - ok
21:09:59.0241 4516	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:59.0260 4516	mouhid - ok
21:09:59.0267 4516	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:09:59.0277 4516	MountMgr - ok
21:09:59.0340 4516	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:09:59.0350 4516	MozillaMaintenance - ok
21:09:59.0385 4516	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:09:59.0396 4516	mpio - ok
21:09:59.0412 4516	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:09:59.0429 4516	mpsdrv - ok
21:09:59.0482 4516	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:09:59.0503 4516	MpsSvc - ok
21:09:59.0539 4516	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:09:59.0550 4516	Mraid35x - ok
21:09:59.0585 4516	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:09:59.0599 4516	MRxDAV - ok
21:09:59.0638 4516	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:59.0651 4516	mrxsmb - ok
21:09:59.0690 4516	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:59.0704 4516	mrxsmb10 - ok
21:09:59.0725 4516	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:59.0738 4516	mrxsmb20 - ok
21:09:59.0799 4516	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:09:59.0813 4516	msahci - ok
21:09:59.0944 4516	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:09:59.0961 4516	msdsm - ok
21:09:59.0977 4516	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:10:00.0013 4516	MSDTC - ok
21:10:00.0043 4516	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:10:00.0074 4516	Msfs - ok
21:10:00.0087 4516	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:10:00.0102 4516	msisadrv - ok
21:10:00.0141 4516	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:10:00.0174 4516	MSiSCSI - ok
21:10:00.0179 4516	msiserver - ok
21:10:00.0204 4516	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:10:00.0236 4516	MSKSSRV - ok
21:10:00.0251 4516	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:00.0283 4516	MSPCLOCK - ok
21:10:00.0297 4516	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:10:00.0328 4516	MSPQM - ok
21:10:00.0359 4516	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:10:00.0379 4516	MsRPC - ok
21:10:00.0390 4516	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:00.0406 4516	mssmbios - ok
21:10:00.0415 4516	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:10:00.0446 4516	MSTEE - ok
21:10:00.0461 4516	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:10:00.0478 4516	Mup - ok
21:10:00.0530 4516	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:10:00.0559 4516	napagent - ok
21:10:00.0599 4516	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:10:00.0618 4516	NativeWifiP - ok
21:10:00.0677 4516	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:10:00.0704 4516	NDIS - ok
21:10:00.0730 4516	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:00.0754 4516	NdisTapi - ok
21:10:00.0768 4516	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:00.0799 4516	Ndisuio - ok
21:10:00.0833 4516	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:00.0858 4516	NdisWan - ok
21:10:00.0871 4516	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:10:00.0896 4516	NDProxy - ok
21:10:00.0922 4516	Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
21:10:00.0929 4516	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:00.0929 4516	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:00.0944 4516	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:10:00.0975 4516	NetBIOS - ok
21:10:01.0010 4516	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:10:01.0037 4516	netbt - ok
21:10:01.0075 4516	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:10:01.0093 4516	Netlogon - ok
21:10:01.0135 4516	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:10:01.0170 4516	Netman - ok
21:10:01.0201 4516	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:10:01.0237 4516	netprofm - ok
21:10:01.0329 4516	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:01.0345 4516	NetTcpPortSharing - ok
21:10:01.0359 4516	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:10:01.0374 4516	nfrd960 - ok
21:10:01.0398 4516	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:10:01.0433 4516	NlaSvc - ok
21:10:01.0511 4516	nmwcd           (e380bbcad640304737650367ddfa2366) C:\Windows\system32\drivers\nmwcd.sys
21:10:01.0534 4516	nmwcd - ok
21:10:01.0550 4516	nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
21:10:01.0575 4516	nmwcdc - ok
21:10:01.0593 4516	nmwcdcm         (9c9ff3ec04021234d6f440acbd3b70c1) C:\Windows\system32\drivers\nmwcdcm.sys
21:10:01.0614 4516	nmwcdcm - ok
21:10:01.0643 4516	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:10:01.0669 4516	Npfs - ok
21:10:01.0674 4516	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:10:01.0707 4516	nsi - ok
21:10:01.0712 4516	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:10:01.0743 4516	nsiproxy - ok
21:10:01.0842 4516	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:10:01.0884 4516	Ntfs - ok
21:10:01.0909 4516	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:10:01.0962 4516	ntrigdigi - ok
21:10:01.0971 4516	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:10:02.0002 4516	Null - ok
21:10:02.0815 4516	nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:10:03.0153 4516	nvlddmkm - ok
21:10:03.0292 4516	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:10:03.0305 4516	nvraid - ok
21:10:03.0324 4516	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:10:03.0336 4516	nvstor - ok
21:10:03.0359 4516	nvsvc           (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
21:10:03.0371 4516	nvsvc - ok
21:10:03.0385 4516	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:10:03.0398 4516	nv_agp - ok
21:10:03.0401 4516	NwlnkFlt - ok
21:10:03.0406 4516	NwlnkFwd - ok
21:10:03.0425 4516	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:03.0444 4516	ohci1394 - ok
21:10:03.0515 4516	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:03.0529 4516	ose - ok
21:10:03.0616 4516	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:10:03.0646 4516	p2pimsvc - ok
21:10:03.0654 4516	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:10:03.0683 4516	p2psvc - ok
21:10:03.0706 4516	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:10:03.0760 4516	Parport - ok
21:10:03.0781 4516	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:10:03.0798 4516	partmgr - ok
21:10:03.0809 4516	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:10:03.0842 4516	Parvdm - ok
21:10:03.0862 4516	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:10:03.0874 4516	PcaSvc - ok
21:10:03.0898 4516	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:10:03.0910 4516	pci - ok
21:10:03.0940 4516	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:10:03.0949 4516	pciide - ok
21:10:03.0972 4516	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:10:03.0982 4516	pcmcia - ok
21:10:04.0059 4516	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:10:04.0104 4516	PEAUTH - ok
21:10:04.0233 4516	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:10:04.0276 4516	pla - ok
21:10:04.0397 4516	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:10:04.0423 4516	PlugPlay - ok
21:10:04.0448 4516	Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
21:10:04.0454 4516	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:10:04.0454 4516	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:10:04.0517 4516	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:10:04.0546 4516	PNRPAutoReg - ok
21:10:04.0554 4516	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:10:04.0583 4516	PNRPsvc - ok
21:10:04.0623 4516	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:10:04.0654 4516	PolicyAgent - ok
21:10:04.0717 4516	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:10:04.0748 4516	PptpMiniport - ok
21:10:04.0763 4516	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:10:04.0795 4516	Processor - ok
21:10:04.0813 4516	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:10:04.0830 4516	ProfSvc - ok
21:10:04.0854 4516	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:10:04.0865 4516	ProtectedStorage - ok
21:10:04.0903 4516	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:10:04.0919 4516	PSched - ok
21:10:05.0168 4516	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:10:05.0202 4516	ql2300 - ok
21:10:05.0252 4516	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:10:05.0264 4516	ql40xx - ok
21:10:05.0306 4516	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:10:05.0322 4516	QWAVE - ok
21:10:05.0338 4516	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:10:05.0351 4516	QWAVEdrv - ok
21:10:05.0366 4516	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:10:05.0390 4516	RasAcd - ok
21:10:05.0409 4516	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:10:05.0436 4516	RasAuto - ok
21:10:05.0451 4516	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:05.0475 4516	Rasl2tp - ok
21:10:05.0505 4516	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:10:05.0528 4516	RasMan - ok
21:10:05.0553 4516	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:05.0575 4516	RasPppoe - ok
21:10:05.0606 4516	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:10:05.0620 4516	RasSstp - ok
21:10:05.0657 4516	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:10:05.0678 4516	rdbss - ok
21:10:05.0686 4516	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:05.0710 4516	RDPCDD - ok
21:10:05.0737 4516	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:10:05.0762 4516	rdpdr - ok
21:10:05.0766 4516	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:10:05.0790 4516	RDPENCDD - ok
21:10:05.0845 4516	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:10:05.0860 4516	RDPWD - ok
21:10:05.0905 4516	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:10:05.0930 4516	RemoteAccess - ok
21:10:05.0957 4516	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:10:05.0978 4516	RemoteRegistry - ok
21:10:05.0998 4516	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:10:06.0011 4516	RpcLocator - ok
21:10:06.0054 4516	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:10:06.0089 4516	RpcSs - ok
21:10:06.0116 4516	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:10:06.0148 4516	rspndr - ok
21:10:06.0198 4516	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:10:06.0215 4516	SamSs - ok
21:10:06.0231 4516	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:10:06.0246 4516	sbp2port - ok
21:10:06.0269 4516	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:10:06.0297 4516	SCardSvr - ok
21:10:06.0359 4516	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:10:06.0388 4516	Schedule - ok
21:10:06.0414 4516	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:10:06.0439 4516	SCPolicySvc - ok
21:10:06.0472 4516	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:10:06.0492 4516	SDRSVC - ok
21:10:06.0506 4516	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:10:06.0560 4516	secdrv - ok
21:10:06.0566 4516	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:10:06.0599 4516	seclogon - ok
21:10:06.0614 4516	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:10:06.0635 4516	SENS - ok
21:10:06.0658 4516	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:10:06.0678 4516	Serenum - ok
21:10:06.0702 4516	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:10:06.0722 4516	Serial - ok
21:10:06.0729 4516	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:10:06.0748 4516	sermouse - ok
21:10:06.0768 4516	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:10:06.0790 4516	SessionEnv - ok
21:10:06.0797 4516	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:10:06.0812 4516	sffdisk - ok
21:10:06.0819 4516	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:10:06.0838 4516	sffp_mmc - ok
21:10:06.0853 4516	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:10:06.0873 4516	sffp_sd - ok
21:10:06.0889 4516	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:10:06.0922 4516	sfloppy - ok
21:10:06.0961 4516	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:10:06.0983 4516	SharedAccess - ok
21:10:07.0021 4516	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:10:07.0037 4516	ShellHWDetection - ok
21:10:07.0052 4516	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:10:07.0064 4516	sisagp - ok
21:10:07.0070 4516	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:10:07.0082 4516	SiSRaid2 - ok
21:10:07.0101 4516	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:10:07.0113 4516	SiSRaid4 - ok
21:10:07.0366 4516	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:10:07.0486 4516	slsvc - ok
21:10:07.0621 4516	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:10:07.0649 4516	SLUINotify - ok
21:10:07.0696 4516	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:10:07.0721 4516	Smb - ok
21:10:07.0746 4516	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:10:07.0763 4516	SNMPTRAP - ok
21:10:07.0784 4516	SNPSTD3 - ok
21:10:07.0810 4516	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:10:07.0826 4516	spldr - ok
21:10:07.0860 4516	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:10:07.0880 4516	Spooler - ok
21:10:07.0938 4516	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:10:07.0958 4516	srv - ok
21:10:08.0002 4516	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:10:08.0020 4516	srv2 - ok
21:10:08.0063 4516	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:10:08.0080 4516	srvnet - ok
21:10:08.0136 4516	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
21:10:08.0153 4516	ssadbus - ok
21:10:08.0171 4516	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:10:08.0186 4516	ssadmdfl - ok
21:10:08.0206 4516	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
21:10:08.0225 4516	ssadmdm - ok
21:10:08.0253 4516	ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
21:10:08.0271 4516	ssadserd - ok
21:10:08.0298 4516	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:10:08.0333 4516	SSDPSRV - ok
21:10:08.0377 4516	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:10:08.0397 4516	SstpSvc - ok
21:10:08.0563 4516	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:10:08.0613 4516	stisvc - ok
21:10:08.0635 4516	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:10:08.0650 4516	swenum - ok
21:10:08.0688 4516	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:10:08.0718 4516	swprv - ok
21:10:08.0729 4516	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:10:08.0744 4516	Symc8xx - ok
21:10:08.0756 4516	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:10:08.0770 4516	Sym_hi - ok
21:10:08.0781 4516	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:10:08.0796 4516	Sym_u3 - ok
21:10:08.0843 4516	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:10:08.0866 4516	SysMain - ok
21:10:08.0898 4516	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:10:08.0911 4516	TabletInputService - ok
21:10:08.0940 4516	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:10:08.0958 4516	TapiSrv - ok
21:10:08.0970 4516	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:10:08.0992 4516	TBS - ok
21:10:09.0085 4516	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:10:09.0110 4516	Tcpip - ok
21:10:09.0120 4516	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:10:09.0151 4516	Tcpip6 - ok
21:10:09.0190 4516	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:10:09.0203 4516	tcpipreg - ok
21:10:09.0218 4516	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:10:09.0242 4516	TDPIPE - ok
21:10:09.0261 4516	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:10:09.0284 4516	TDTCP - ok
21:10:09.0324 4516	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:10:09.0344 4516	tdx - ok
21:10:09.0363 4516	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:10:09.0376 4516	TermDD - ok
21:10:09.0420 4516	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:10:09.0446 4516	TermService - ok
21:10:09.0498 4516	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:10:09.0517 4516	Themes - ok
21:10:09.0549 4516	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:10:09.0581 4516	THREADORDER - ok
21:10:09.0593 4516	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:10:09.0627 4516	TrkWks - ok
21:10:09.0668 4516	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:10:09.0693 4516	TrustedInstaller - ok
21:10:09.0714 4516	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:09.0745 4516	tssecsrv - ok
21:10:09.0768 4516	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:10:09.0785 4516	tunmp - ok
21:10:09.0791 4516	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:10:09.0808 4516	tunnel - ok
21:10:09.0829 4516	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:10:09.0839 4516	uagp35 - ok
21:10:09.0865 4516	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:10:09.0881 4516	udfs - ok
21:10:09.0902 4516	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:10:09.0923 4516	UI0Detect - ok
21:10:09.0932 4516	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:10:09.0942 4516	uliagpkx - ok
21:10:09.0969 4516	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:10:09.0981 4516	uliahci - ok
21:10:10.0002 4516	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:10:10.0011 4516	UlSata - ok
21:10:10.0025 4516	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:10:10.0035 4516	ulsata2 - ok
21:10:10.0047 4516	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:10:10.0068 4516	umbus - ok
21:10:10.0119 4516	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:10:10.0142 4516	upnphost - ok
21:10:10.0174 4516	upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:10:10.0189 4516	upperdev - ok
21:10:10.0223 4516	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:10.0239 4516	usbccgp - ok
21:10:10.0259 4516	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:10:10.0293 4516	usbcir - ok
21:10:10.0314 4516	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:10:10.0329 4516	usbehci - ok
21:10:10.0364 4516	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:10:10.0381 4516	usbhub - ok
21:10:10.0391 4516	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:10:10.0424 4516	usbohci - ok
21:10:10.0431 4516	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:10:10.0450 4516	usbprint - ok
21:10:10.0479 4516	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:10:10.0494 4516	usbscan - ok
21:10:10.0519 4516	UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:10:10.0534 4516	UsbserFilt - ok
21:10:10.0545 4516	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:10.0561 4516	USBSTOR - ok
21:10:10.0565 4516	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:10.0581 4516	usbuhci - ok
21:10:10.0601 4516	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:10:10.0618 4516	UxSms - ok
21:10:10.0662 4516	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:10:10.0684 4516	vds - ok
21:10:10.0714 4516	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:10.0737 4516	vga - ok
21:10:10.0744 4516	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:10:10.0768 4516	VgaSave - ok
21:10:10.0779 4516	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:10:10.0791 4516	viaagp - ok
21:10:10.0801 4516	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:10:10.0825 4516	ViaC7 - ok
21:10:10.0836 4516	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:10:10.0848 4516	viaide - ok
21:10:10.0855 4516	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:10:10.0867 4516	volmgr - ok
21:10:10.0915 4516	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:10:10.0932 4516	volmgrx - ok
21:10:10.0976 4516	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:10:10.0992 4516	volsnap - ok
21:10:11.0013 4516	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:10:11.0026 4516	vsmraid - ok
21:10:11.0107 4516	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:10:11.0143 4516	VSS - ok
21:10:11.0194 4516	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:10:11.0221 4516	W32Time - ok
21:10:11.0260 4516	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:10:11.0313 4516	WacomPen - ok
21:10:11.0329 4516	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:11.0354 4516	Wanarp - ok
21:10:11.0358 4516	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:10:11.0383 4516	Wanarpv6 - ok
21:10:11.0421 4516	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:10:11.0447 4516	wcncsvc - ok
21:10:11.0486 4516	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:10:11.0513 4516	WcsPlugInService - ok
21:10:11.0525 4516	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:10:11.0541 4516	Wd - ok
21:10:11.0589 4516	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:10:11.0615 4516	Wdf01000 - ok
21:10:11.0651 4516	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:10:11.0685 4516	WdiServiceHost - ok
21:10:11.0688 4516	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:10:11.0723 4516	WdiSystemHost - ok
21:10:11.0747 4516	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:10:11.0769 4516	WebClient - ok
21:10:11.0821 4516	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:10:11.0842 4516	Wecsvc - ok
21:10:11.0862 4516	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:10:11.0889 4516	wercplsupport - ok
21:10:11.0910 4516	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:10:11.0938 4516	WerSvc - ok
21:10:12.0021 4516	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:10:12.0041 4516	WinDefend - ok
21:10:12.0108 4516	WinDriver       (596b3dda2527219c01fbc40ca60987ca) C:\Windows\system32\Drivers\windrvr.sys
21:10:12.0117 4516	WinDriver ( UnsignedFile.Multi.Generic ) - warning
21:10:12.0117 4516	WinDriver - detected UnsignedFile.Multi.Generic (1)
21:10:12.0122 4516	WinHttpAutoProxySvc - ok
21:10:12.0181 4516	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:10:12.0208 4516	Winmgmt - ok
21:10:12.0328 4516	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:10:12.0368 4516	WinRM - ok
21:10:12.0436 4516	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:10:12.0462 4516	Wlansvc - ok
21:10:12.0509 4516	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:10:12.0533 4516	WmiAcpi - ok
21:10:12.0580 4516	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:10:12.0606 4516	wmiApSrv - ok
21:10:12.0735 4516	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:10:12.0765 4516	WMPNetworkSvc - ok
21:10:12.0781 4516	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:10:12.0802 4516	WPCSvc - ok
21:10:12.0839 4516	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:10:12.0852 4516	WPDBusEnum - ok
21:10:12.0885 4516	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:10:12.0896 4516	WpdUsb - ok
21:10:13.0027 4516	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:10:13.0047 4516	WPFFontCache_v0400 - ok
21:10:13.0068 4516	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:10:13.0087 4516	ws2ifsl - ok
21:10:13.0137 4516	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
21:10:13.0154 4516	wscsvc - ok
21:10:13.0158 4516	WSearch - ok
21:10:13.0310 4516	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:10:13.0360 4516	wuauserv - ok
21:10:13.0525 4516	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:13.0557 4516	WUDFRd - ok
21:10:13.0591 4516	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:10:13.0625 4516	wudfsvc - ok
21:10:13.0640 4516	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:10:13.0788 4516	\Device\Harddisk0\DR0 - ok
21:10:13.0793 4516	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
21:10:13.0938 4516	\Device\Harddisk4\DR4 - ok
21:10:13.0944 4516	MBR (0x1B8)     (3ef4844650b69d790a968f53a285cf9d) \Device\Harddisk5\DR5
21:10:23.0109 4516	\Device\Harddisk5\DR5 - ok
21:10:23.0113 4516	Boot (0x1200)   (82389c3b3017a8b1e2046b9280855d7e) \Device\Harddisk0\DR0\Partition0
21:10:23.0115 4516	\Device\Harddisk0\DR0\Partition0 - ok
21:10:23.0118 4516	Boot (0x1200)   (3fdf902778cd9802f5f9055a31d8cbc9) \Device\Harddisk0\DR0\Partition1
21:10:23.0119 4516	\Device\Harddisk0\DR0\Partition1 - ok
21:10:23.0124 4516	Boot (0x1200)   (76c5873152a0fc74d2ec51582862df81) \Device\Harddisk4\DR4\Partition0
21:10:23.0125 4516	\Device\Harddisk4\DR4\Partition0 - ok
21:10:23.0126 4516	============================================================
21:10:23.0126 4516	Scan finished
21:10:23.0126 4516	============================================================
21:10:23.0137 4276	Detected object count: 7
21:10:23.0137 4276	Actual detected object count: 7
21:10:52.0538 4276	ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0538 4276	ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0540 4276	ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0540 4276	ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0541 4276	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0541 4276	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0543 4276	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0543 4276	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0546 4276	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0546 4276	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0547 4276	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0547 4276	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:10:52.0549 4276	WinDriver ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:52.0549 4276	WinDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 02.05.2012, 20:23

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

eistorte · 02.05.2012, 23:25

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-02.03 - Torsten 03.05.2012   0:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1892 [GMT 2:00]
ausgeführt von:: c:\users\Torsten\Downloads\ComboFix.exe
AV: F-Secure Internet Security 2011 10.50 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: F-Secure Internet Security 2011 10.50 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: F-Secure Internet Security 2011 10.50 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Torsten\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\users\Torsten\Documents\~WRL0005.tmp
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDriver
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-02 bis 2012-05-02  ))))))))))))))))))))))))))))))
.
.
2012-05-02 22:06 . 2012-05-02 22:11	--------	d-----w-	c:\users\Torsten\AppData\Local\temp
2012-05-02 22:06 . 2012-05-02 22:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-02 18:27 . 2012-05-02 18:27	--------	d-----w-	C:\_OTL
2012-05-01 13:36 . 2012-05-01 13:36	--------	d-----w-	c:\program files\Common Files\Java
2012-05-01 13:35 . 2012-05-01 13:35	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-01 13:26 . 2012-05-01 13:26	--------	d-----w-	c:\programdata\McAfee Security Scan
2012-05-01 13:26 . 2012-05-01 13:26	--------	d-----w-	c:\programdata\McAfee
2012-05-01 13:26 . 2012-05-01 13:26	--------	d-----w-	c:\program files\McAfee Security Scan
2012-05-01 13:26 . 2012-05-01 13:37	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-01 13:15 . 2012-05-01 13:15	--------	d-----w-	C:\totalcmd
2012-05-01 13:15 . 2012-05-01 13:15	--------	d-----w-	c:\users\Torsten\AppData\Roaming\GHISLER
2012-05-01 13:15 . 2012-04-27 06:00	545	----a-w-	c:\windows\UC.PIF
2012-05-01 13:15 . 2012-04-27 06:00	545	----a-w-	c:\windows\RAR.PIF
2012-05-01 13:15 . 2012-04-27 06:00	545	----a-w-	c:\windows\LHA.PIF
2012-05-01 13:15 . 2012-04-27 06:00	545	----a-w-	c:\windows\ARJ.PIF
2012-05-01 12:24 . 2012-05-01 12:24	--------	d-----w-	c:\program files\fahrtenbuch.de
2012-05-01 12:05 . 2012-05-01 12:05	--------	d-----w-	C:\Fahrtenbuch 2009 Essential
2012-05-01 06:38 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F09A6A0B-3A5A-4BF8-A5E8-5514E6077005}\mpengine.dll
2012-04-24 21:15 . 2012-04-24 21:15	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-04-24 21:15 . 2012-04-24 21:15	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-24 21:15 . 2012-04-24 21:15	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-23 19:34 . 2012-04-23 19:34	--------	d-----w-	c:\program files\ESET
2012-04-23 18:41 . 2012-04-23 18:41	--------	d-----w-	c:\users\Torsten\AppData\Roaming\Malwarebytes
2012-04-23 18:40 . 2012-04-23 18:40	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-23 18:40 . 2012-05-01 16:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-23 18:40 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-22 20:50 . 2012-04-22 20:50	--------	d-----w-	c:\users\Torsten\AppData\Local\Frey Software
2012-04-21 23:30 . 2012-04-22 20:50	--------	d-----w-	c:\users\Torsten\AppData\Local\Frey_Software
2012-04-21 23:30 . 2012-04-21 23:30	--------	d-----w-	c:\users\Torsten\AppData\Roaming\Frey Software
2012-04-21 23:22 . 2012-04-21 23:22	--------	d-----w-	c:\programdata\FrMethods
2012-04-21 23:19 . 2012-04-21 23:19	--------	d-----w-	c:\program files\Frey Software
2012-04-21 16:34 . 2012-04-21 16:34	--------	d-----w-	c:\windows\Downloaded Installations
2012-04-19 17:17 . 2012-04-19 17:17	--------	d-----w-	c:\program files\Microsoft
2012-04-11 23:41 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 23:41 . 2012-02-29 15:11	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 23:41 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 23:41 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:41 . 2012-03-06 06:39	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 23:41 . 2012-03-06 06:39	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-10 17:31 . 2011-09-23 12:43	1623552	----a-w-	c:\program files\Mozilla Firefox\plugins\NpFv530.dll
2012-04-10 17:31 . 2012-04-10 17:31	715038	----a-w-	c:\windows\unins000.exe
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 13:37 . 2011-09-08 15:08	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 13:35 . 2010-05-31 20:00	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2010-05-31 04:34	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 19:37 . 2009-05-21 18:21	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-02-15 19:37 . 2009-05-21 16:57	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-02-14 15:45 . 2012-03-14 05:27	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 05:27	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 05:27	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 05:27	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 05:27	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-04-24 21:15 . 2011-09-30 17:03	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-18 21416]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2011-12-23 200360]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2011-12-23 1654440]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-22 3508624]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-15 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
S2 ACEDRV06;ACEDRV06;c:\windows\system32\drivers\ACEDRV06.sys [2011-01-08 99840]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:37]
.
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 15:32]
.
2010-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-03 15:32]
.
2012-05-02 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2010-05-30 10:00]
.
2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{3EDFA3D9-1562-4873-ADA8-334CF0195835}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{47ABB4EA-925E-41EE-A0C4-5EBEF7038EBF}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{EA7F53D4-0A73-4954-A944-6867BA99D162}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Torsten\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\rf4l1rup.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS - Deutsch
FF - prefs.js: browser.startup.homepage - hxxp://www.arcor.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-03 00:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j*z* \OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2580248882-1228754705-3639742418-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ü*l* \OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5676)
c:\program files\F-Secure\Spam Control\fsscoepl.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure\Common\FSMA32.EXE
c:\program files\F-Secure\Common\FSHDLL32.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\windows\System32\rundll32.exe
c:\program files\F-Secure\ORSP Client\fsorsp.exe
c:\program files\F-Secure\FWES\Program\fsdfwd.exe
c:\windows\system32\conime.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-03  00:16:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-02 22:16
.
Vor Suchlauf: 17 Verzeichnis(se), 525.637.353.472 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 525.978.996.736 Bytes frei
.
- - End Of File - - 1293B0ED88C7F65954DFA9DE44B57AB0

--- --- ---

Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick

Log-Analyse und Auswertung: Verzeichnisse öffnen nach Verschlüsselungstrojaner auf Stick