| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google-Links werden umgeleitetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2012, 19:53
| #1 |
 |  Google-Links werden umgeleitet Im Firefox werden die Links zu rocketnews umgeleitet, im IE zu wechselnden Seiten. Beides nicht in allen Fällen, aber die Häufigkeit liegt doch wohl bei über 90 Prozent ... an ein Googeln ist somit praktisch nur mehr dort zu denken, wo der gewünschte Seitenaufruf sichtbar ist und kopiert werden kann. Ich habe OTL und Malwarebytes durchgeführt, hier die Logs: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 24.06.2012 18:28:32 - Run 2 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Dokumente und Einstellungen\Peter\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1023,49 Mb Total Physical Memory | 293,36 Mb Available Physical Memory | 28,66% Memory free 2,35 Gb Paging File | 1,60 Gb Available in Paging File | 67,91% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 25,33 Gb Free Space | 33,99% Space Free | Partition Type: NTFS Drive D: | 55,89 Gb Total Space | 19,85 Gb Free Space | 35,51% Space Free | Partition Type: NTFS Drive E: | 46,87 Gb Total Space | 26,26 Gb Free Space | 56,03% Space Free | Partition Type: NTFS Drive F: | 9,02 Gb Total Space | 5,91 Gb Free Space | 65,46% Space Free | Partition Type: FAT32 Computer Name: TS01 | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OXXOGames\GPlayer\GPlayer.exe (INTENIUM GmbH) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (RampartSvc) -- C:\Programme\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (nvcap) nVidia WDM Video Capture (universal) -- system32\DRIVERS\nvcap.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (Changer) -- File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (PVRUSBDriver) -- C:\WINDOWS\system32\drivers\PVRUSBDriver.sys (Windows (R) 2000 DDK provider) DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation) DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.) DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors) DRV - (Cap7134) MEDION (7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation) DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.) DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.) DRV - (SiSide) -- C:\WINDOWS\system32\drivers\siside.sys (Silicon Integrated Systems Corp.) DRV - (Intels51) -- C:\WINDOWS\system32\drivers\ctxs51.sys (Intel Corporation) DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider) DRV - (NPF) -- C:\Programme\DBoxBoot\PACKET.SYS () DRV - (atirage) -- C:\WINDOWS\system32\drivers\atiragem.sys (ATI Technologies Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\SearchScopes,DefaultScope = {D48E2B94-3837-449C-9D33-302F40B07492} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{D48E2B94-3837-449C-9D33-302F40B07492}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 19:01:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.27 17:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions [2012.05.03 12:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\ksvv2ks1.default\extensions [2012.06.22 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 10:05:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.10 18:49:01 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.0.0.1 ts1 O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: google.com ([picasa] http in Vertrauenswürdige Sites) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/70.11/uploader2.cab (UploadListView Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163670540453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163670532687 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124102B1-02EB-46DD-89A5-0BA3AABD0E23}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBAFAB6-886C-43DD-87CC-1109EFF1B98E}: DhcpNameServer = 10.1.62.1 10.1.62.2 10.1.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.16 11:16:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002.10.13 02:01:13 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5ad44b54-3cc4-11de-a984-006073e436ef}\Shell\AutoRun\command - "" = InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.24 17:31:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.06.24 10:16:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.23 14:57:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2012.06.22 19:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.06.22 16:50:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Desktop\Neuer Ordner [2012.06.22 16:26:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe [2012.06.22 11:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Malwarebytes [2012.06.22 11:14:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.22 11:14:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.22 11:14:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.22 11:14:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.22 10:47:20 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.22 10:47:20 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.06.22 09:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.06.22 09:37:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.06.21 00:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.06.13 08:13:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.24 18:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.24 18:04:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.24 17:31:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.06.24 16:24:16 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C9D6E7D8-6948-4ECE-8EEC-62B138489CBF}.job [2012.06.24 15:04:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.24 10:14:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.24 10:13:26 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Ogqtdaei.job [2012.06.24 10:13:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.23 14:59:30 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.06.22 19:01:41 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.06.22 16:54:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 16:26:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe [2012.06.22 16:25:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.22 10:47:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.06.22 10:47:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.06.21 22:07:36 | 000,376,395 | ---- | M] () -- C:\fraglist.luar [2012.06.21 19:02:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.21 18:54:55 | 000,043,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.13 20:23:47 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.13 20:20:46 | 000,495,942 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.13 20:20:46 | 000,475,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.13 20:20:46 | 000,092,044 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.13 20:20:46 | 000,076,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.13 11:11:52 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\PUTTY.RND [2012.06.13 11:08:00 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\winscp.rnd [2012.06.07 11:00:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll [2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.23 14:59:30 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.06.23 14:59:30 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.06.22 19:01:41 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.06.22 19:01:40 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.06.22 16:25:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.22 11:14:49 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 10:47:23 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.21 22:07:36 | 000,376,395 | ---- | C] () -- C:\fraglist.luar [2012.06.15 15:19:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2012.06.11 11:18:15 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Ogqtdaei.job [2012.05.10 23:29:52 | 000,160,016 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.04 18:41:37 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\.ptbt0 [2012.02.16 11:48:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.15 19:10:03 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2012.01.15 19:10:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2012.01.15 19:10:03 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2012.01.15 19:08:58 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.11.29 17:27:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2011.08.03 18:48:54 | 000,000,000 | RH-- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\f23291c8f32fe6e5bb6f8bd0a004057d [2011.05.27 17:57:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.14 16:05:39 | 000,002,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mdbu.bin [2011.01.16 23:33:26 | 000,265,274 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1644491937-73586283-839522115-1005-0.dat [2010.12.20 13:27:05 | 000,532,010 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1644491937-73586283-839522115-1003-0.dat [2010.12.20 13:27:02 | 000,267,010 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.12.20 12:06:53 | 000,000,312 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2010.12.20 11:53:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010.12.20 11:53:03 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010.12.20 11:53:03 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010.12.20 11:53:03 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010.12.20 11:53:03 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010.12.20 11:53:03 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010.12.20 11:53:03 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010.12.20 11:53:03 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010.12.20 11:53:03 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010.12.20 11:53:03 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010.12.20 11:53:03 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.12.20 11:53:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.12.20 11:53:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.12.20 11:53:03 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.12.20 11:53:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.12.20 11:53:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.12.20 11:53:03 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.12.20 11:53:03 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.12.20 11:53:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.05.10 16:59:00 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\winscp.rnd [2009.01.13 18:10:50 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\PUTTY.RND [2008.12.02 21:36:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\$_hpcst$.hpc [2007.11.06 10:12:36 | 000,001,739 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.01.20 12:43:45 | 000,000,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\default.pls [2006.12.01 08:23:16 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.26 19:36:08 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_PCM.exe < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.06.2012 18:28:32 - Run 2
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Dokumente und Einstellungen\Peter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1023,49 Mb Total Physical Memory | 293,36 Mb Available Physical Memory | 28,66% Memory free
2,35 Gb Paging File | 1,60 Gb Available in Paging File | 67,91% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 25,33 Gb Free Space | 33,99% Space Free | Partition Type: NTFS
Drive D: | 55,89 Gb Total Space | 19,85 Gb Free Space | 35,51% Space Free | Partition Type: NTFS
Drive E: | 46,87 Gb Total Space | 26,26 Gb Free Space | 56,03% Space Free | Partition Type: NTFS
Drive F: | 9,02 Gb Total Space | 5,91 Gb Free Space | 65,46% Space Free | Partition Type: FAT32
Computer Name: TS01 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Classic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Hercules\Classic Silver\Station2.exe" = C:\Programme\Hercules\Classic Silver\Station2.exe:*:Enabled:Hercules Webcam Station Evolution -- (Guillemot Corporation S.A.)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1A9CE281-8B9E-39C1-4600-AA3DE7AB1031}" = Nero 7 Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema XL II
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10033}" = Netviewer Support
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B31924E3-CC3B-4446-8BDB-0633B967F233}" = PVR USB Manager
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0 BD Edition
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D989BCC0-757C-4FB6-893C-512DF4382656}" = MetaFrame Presentation Server Client
"{E626BC5A-8AD0-4960-AEA0-8C3BD5C9867B}" = calibre
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"DBox II - Bootmanager" = DBox II - Bootmanager
"DBOX2 Image-Flashing-Assistent_is1" = DBOX2 Image-Flashing-Assistent 2.3.1 Multilanguage
"Digital Editions" = Adobe Digital Editions
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"InstallShield_{EB1DF3BB-7305-444F-A861-7B179CEEF78F}" = ACSI Camp Site Guide Europe 2011
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"Pano2exe" = Pano2exe 2.12
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"winscp3_is1" = WinSCP 4.2.7
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.06.2012 14:26:14 | Computer Name = TS01 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 15.06.2012 11:47:16 | Computer Name = TS01 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x800708ca" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 20.06.2012 22:19:58 | Computer Name = TS01 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x800708ca" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 21.06.2012 12:34:04 | Computer Name = TS01 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei E:\backupc\windows\$NtUninstallKB2709162$\spuninst\spuninst.inf. [ACCESS_VIOLATION
Exception!! EIP = 0x15e8c84] Bitte Avira informieren und die obige Datei übersenden!
Error - 21.06.2012 12:34:05 | Computer Name = TS01 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei E:\backupc\windows\$NtUninstallKB2709162$\spuninst\updspapi.dll. [ACCESS_VIOLATION
Exception!! EIP = 0x0] Bitte Avira informieren und die obige Datei übersenden!
Error - 21.06.2012 12:34:05 | Computer Name = TS01 | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei E:\backupc\windows\$NtUninstallKB2718704$\spuninst\spuninst.inf. [ACCESS_VIOLATION
Exception!! EIP = 0x0] Bitte Avira informieren und die obige Datei übersenden!
Error - 21.06.2012 12:57:25 | Computer Name = TS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul nvcpl.dll, Version 6.13.10.3100, Fehleradresse 0x00020361.
Error - 21.06.2012 12:57:45 | Computer Name = TS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul nvcpl.dll, Version 6.13.10.3100, Fehleradresse 0x00020361.
Error - 21.06.2012 12:58:36 | Computer Name = TS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul nvcpl.dll, Version 6.13.10.3100, Fehleradresse 0x00020361.
Error - 21.06.2012 12:58:43 | Computer Name = TS01 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00009823.
[ System Events ]
Error - 21.06.2012 12:40:54 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 21.06.2012 13:01:35 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.06.2012 03:34:33 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.06.2012 04:03:34 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.06.2012 10:16:49 | Computer Name = TS01 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume4" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 22.06.2012 10:18:17 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.06.2012 10:18:17 | Computer Name = TS01 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
PCIIde
Error - 23.06.2012 08:38:07 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 23.06.2012 15:52:12 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 24.06.2012 04:15:04 | Computer Name = TS01 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.24.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Peter :: TS01 [Administrator] Schutz: Aktiviert 24.06.2012 19:03:23 mbam-log-2012-06-24 (19-03-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263032 Laufzeit: 8 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich bin schon ein etwas älteres Semester und wahrscheinlich ein wenig schwerfällig, aber ich habe versucht, die ähnlichen Threads zu lesen und die Tipps zu befolgen ... das Problem beschäftigt mich schon etwa 3 Wochen. Ich habe auch das Programm SmartPCFixer im Einsatz und mit dessen Hilfe einmal unter den automatisch startenden Programmen eines gefunden, das keinen Namen hatte (nur das Icon sichtbar). Nach dem Entfernen dieses Aufrufs war kurzzeitig Ruhe, aber eben nur kurzzeitig. Wäre toll, wenn Ihr mir helfen könntet. Schon mal herzlichen Dank im voraus! Peter |
|
28.06.2012, 10:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google-Links werden umgeleitet Das Log von Kasperksy bitte auch posten
__________________Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
02.07.2012, 16:07
| #3 |
| | Google-Links werden umgeleitet Hallo Arne,
__________________danke für deine Antwort. Entschuldige, bitte, dass ich nicht gleich reagiert habe - ich war übers Wochenende unterwegs. Das Problem zeigt sich übrigens jetzt wie durch Zauberei nicht mehr (Ich habe aber nichts wissentlich gemacht, ausser dass ich Malwarebytes auch gleich gekauft und aktiviert hab'). Es läuft also derzeit neben avira premium. Hier folgt nun zunächst das zuvor nicht gesendete Kaspersky-Log, der vollständige Malwarebytes-Scan läuft gerade. Log folgt mit getrennter Antwort. Code:
ATTFilter 17:59:24.0406 3824 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:59:24.0734 3824 ============================================================
17:59:24.0734 3824 Current date / time: 2012/06/24 17:59:24.0734
17:59:24.0734 3824 SystemInfo:
17:59:24.0734 3824
17:59:24.0734 3824 OS Version: 5.1.2600 ServicePack: 3.0
17:59:24.0734 3824 Product type: Workstation
17:59:24.0734 3824 ComputerName: TS01
17:59:24.0734 3824 UserName: Peter
17:59:24.0734 3824 Windows directory: C:\WINDOWS
17:59:24.0734 3824 System windows directory: C:\WINDOWS
17:59:24.0734 3824 Processor architecture: Intel x86
17:59:24.0734 3824 Number of processors: 1
17:59:24.0734 3824 Page size: 0x1000
17:59:24.0734 3824 Boot type: Normal boot
17:59:24.0734 3824 ============================================================
17:59:26.0906 3824 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:59:26.0921 3824 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:59:27.0046 3824 ============================================================
17:59:27.0046 3824 \Device\Harddisk0\DR0:
17:59:27.0046 3824 MBR partitions:
17:59:27.0046 3824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
17:59:27.0062 3824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6FC7CBF, BlocksNum 0x5DBB827
17:59:27.0093 3824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xCD83525, BlocksNum 0x121029C
17:59:27.0093 3824 \Device\Harddisk1\DR1:
17:59:27.0093 3824 MBR partitions:
17:59:27.0093 3824 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
17:59:27.0093 3824 ============================================================
17:59:27.0125 3824 C: <-> \Device\Harddisk1\DR1\Partition0
17:59:27.0156 3824 D: <-> \Device\Harddisk0\DR0\Partition0
17:59:27.0187 3824 E: <-> \Device\Harddisk0\DR0\Partition1
17:59:27.0203 3824 F: <-> \Device\Harddisk0\DR0\Partition2
17:59:27.0234 3824 ============================================================
17:59:27.0234 3824 Initialize success
17:59:27.0234 3824 ============================================================
17:59:29.0312 0680 ============================================================
17:59:29.0312 0680 Scan started
17:59:29.0312 0680 Mode: Manual;
17:59:29.0312 0680 ============================================================
17:59:29.0640 0680 Abiosdsk - ok
17:59:29.0656 0680 abp480n5 - ok
17:59:29.0687 0680 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:59:29.0687 0680 ACPI - ok
17:59:29.0734 0680 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:59:29.0750 0680 ACPIEC - ok
17:59:29.0828 0680 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:29.0828 0680 AdobeFlashPlayerUpdateSvc - ok
17:59:29.0843 0680 adpu160m - ok
17:59:29.0875 0680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:59:29.0875 0680 aec - ok
17:59:29.0937 0680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:59:29.0937 0680 AFD - ok
17:59:29.0953 0680 Aha154x - ok
17:59:29.0953 0680 aic78u2 - ok
17:59:29.0968 0680 aic78xx - ok
17:59:30.0046 0680 ALCXWDM (72963c1dc6f9e2e25165bae8d2444000) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:59:30.0062 0680 ALCXWDM - ok
17:59:30.0109 0680 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:59:30.0109 0680 Alerter - ok
17:59:30.0125 0680 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:59:30.0125 0680 ALG - ok
17:59:30.0140 0680 AliIde - ok
17:59:30.0156 0680 amsint - ok
17:59:30.0203 0680 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
17:59:30.0203 0680 androidusb - ok
17:59:30.0343 0680 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
17:59:30.0359 0680 AntiVirMailService - ok
17:59:30.0390 0680 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:59:30.0390 0680 AntiVirSchedulerService - ok
17:59:30.0437 0680 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:59:30.0437 0680 AntiVirService - ok
17:59:30.0500 0680 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:59:30.0515 0680 AntiVirWebService - ok
17:59:30.0593 0680 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:59:30.0593 0680 Apple Mobile Device - ok
17:59:30.0687 0680 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
17:59:30.0687 0680 AppMgmt - ok
17:59:30.0734 0680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:59:30.0734 0680 Arp1394 - ok
17:59:30.0750 0680 asc - ok
17:59:30.0765 0680 asc3350p - ok
17:59:30.0781 0680 asc3550 - ok
17:59:30.0859 0680 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:59:30.0921 0680 aspnet_state - ok
17:59:30.0937 0680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:59:30.0937 0680 AsyncMac - ok
17:59:30.0968 0680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:59:30.0968 0680 atapi - ok
17:59:30.0984 0680 Atdisk - ok
17:59:31.0031 0680 atirage (8ae4058ad345aa50ad0e58196c041e1c) C:\WINDOWS\system32\DRIVERS\atiragem.sys
17:59:31.0031 0680 atirage - ok
17:59:31.0078 0680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:59:31.0078 0680 Atmarpc - ok
17:59:31.0109 0680 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:59:31.0109 0680 AudioSrv - ok
17:59:31.0140 0680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:59:31.0140 0680 audstub - ok
17:59:31.0187 0680 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:59:31.0187 0680 avgntflt - ok
17:59:31.0218 0680 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:59:31.0218 0680 avipbb - ok
17:59:31.0250 0680 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:59:31.0265 0680 avkmgr - ok
17:59:31.0296 0680 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
17:59:31.0296 0680 AVMWAN - ok
17:59:31.0312 0680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:59:31.0312 0680 Beep - ok
17:59:31.0359 0680 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
17:59:31.0375 0680 BITS - ok
17:59:31.0484 0680 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Programme\Bonjour\mDNSResponder.exe
17:59:31.0500 0680 Bonjour Service - ok
17:59:31.0531 0680 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:59:31.0531 0680 Browser - ok
17:59:31.0578 0680 camfilt2 (088c0978203d59425a12b2a53fccd02b) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
17:59:31.0578 0680 camfilt2 - ok
17:59:31.0640 0680 Cap7134 (fdfe848c821f0666c4507a11717146c2) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
17:59:31.0640 0680 Cap7134 - ok
17:59:31.0671 0680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:59:31.0703 0680 cbidf2k - ok
17:59:31.0734 0680 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:59:31.0734 0680 CCDECODE - ok
17:59:31.0750 0680 cd20xrnt - ok
17:59:31.0796 0680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:59:31.0812 0680 Cdaudio - ok
17:59:31.0843 0680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:59:31.0843 0680 Cdfs - ok
17:59:31.0906 0680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:59:31.0921 0680 Cdrom - ok
17:59:31.0921 0680 Changer - ok
17:59:31.0984 0680 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:59:31.0984 0680 CiSvc - ok
17:59:32.0015 0680 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:59:32.0015 0680 ClipSrv - ok
17:59:32.0125 0680 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:32.0203 0680 clr_optimization_v2.0.50727_32 - ok
17:59:32.0281 0680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:32.0281 0680 clr_optimization_v4.0.30319_32 - ok
17:59:32.0296 0680 CmdIde - ok
17:59:32.0312 0680 COMSysApp - ok
17:59:32.0328 0680 Cpqarray - ok
17:59:32.0390 0680 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:59:32.0390 0680 CryptSvc - ok
17:59:32.0406 0680 dac2w2k - ok
17:59:32.0421 0680 dac960nt - ok
17:59:32.0468 0680 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:59:32.0484 0680 DcomLaunch - ok
17:59:32.0531 0680 dgderdrv - ok
17:59:32.0593 0680 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:59:32.0593 0680 Dhcp - ok
17:59:32.0609 0680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:59:32.0609 0680 Disk - ok
17:59:32.0625 0680 dmadmin - ok
17:59:32.0796 0680 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:59:32.0812 0680 dmboot - ok
17:59:32.0843 0680 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:59:32.0843 0680 dmio - ok
17:59:32.0890 0680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:59:32.0890 0680 dmload - ok
17:59:32.0968 0680 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:59:32.0968 0680 dmserver - ok
17:59:33.0015 0680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:59:33.0015 0680 DMusic - ok
17:59:33.0046 0680 DNE (ded00b959d94612c22f53538a9f0fc89) C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:59:33.0062 0680 DNE - ok
17:59:33.0093 0680 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
17:59:33.0093 0680 Dnscache - ok
17:59:33.0140 0680 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:59:33.0140 0680 Dot3svc - ok
17:59:33.0156 0680 dpti2o - ok
17:59:33.0203 0680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:59:33.0203 0680 drmkaud - ok
17:59:33.0265 0680 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:59:33.0265 0680 EapHost - ok
17:59:33.0312 0680 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:59:33.0312 0680 ERSvc - ok
17:59:33.0343 0680 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:59:33.0343 0680 Eventlog - ok
17:59:33.0406 0680 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
17:59:33.0406 0680 EventSystem - ok
17:59:33.0437 0680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:59:33.0437 0680 Fastfat - ok
17:59:33.0484 0680 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:59:33.0484 0680 FastUserSwitchingCompatibility - ok
17:59:33.0531 0680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:59:33.0531 0680 Fdc - ok
17:59:33.0546 0680 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:59:33.0578 0680 Fips - ok
17:59:33.0593 0680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:59:33.0625 0680 Flpydisk - ok
17:59:33.0656 0680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:59:33.0656 0680 FltMgr - ok
17:59:33.0750 0680 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:59:33.0750 0680 FontCache3.0.0.0 - ok
17:59:33.0812 0680 fpcibase (45b5129aeae91ea096a9bbebff99e098) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
17:59:33.0812 0680 fpcibase - ok
17:59:33.0859 0680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:59:33.0875 0680 Fs_Rec - ok
17:59:33.0921 0680 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:59:33.0921 0680 Ftdisk - ok
17:59:33.0953 0680 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:59:33.0953 0680 gameenum - ok
17:59:34.0000 0680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:59:34.0000 0680 Gpc - ok
17:59:34.0140 0680 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:59:34.0140 0680 gupdate - ok
17:59:34.0156 0680 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:59:34.0156 0680 gupdatem - ok
17:59:34.0218 0680 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:59:34.0218 0680 helpsvc - ok
17:59:34.0218 0680 HidServ - ok
17:59:34.0265 0680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:59:34.0265 0680 HidUsb - ok
17:59:34.0328 0680 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:59:34.0328 0680 hkmsvc - ok
17:59:34.0343 0680 hpn - ok
17:59:34.0406 0680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:59:34.0406 0680 HTTP - ok
17:59:34.0453 0680 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:59:34.0453 0680 HTTPFilter - ok
17:59:34.0468 0680 i2omgmt - ok
17:59:34.0484 0680 i2omp - ok
17:59:34.0515 0680 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:59:34.0515 0680 i8042prt - ok
17:59:34.0593 0680 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:59:34.0593 0680 IDriverT - ok
17:59:34.0718 0680 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:59:34.0750 0680 idsvc - ok
17:59:34.0781 0680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:59:34.0781 0680 Imapi - ok
17:59:34.0812 0680 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
17:59:34.0812 0680 ImapiService - ok
17:59:34.0843 0680 ini910u - ok
17:59:34.0859 0680 IntelIde - ok
17:59:34.0890 0680 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:59:34.0890 0680 intelppm - ok
17:59:34.0968 0680 Intels51 (bb801eb1898a22dfd412064e5c952ea5) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
17:59:34.0968 0680 Intels51 - ok
17:59:35.0000 0680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:59:35.0000 0680 Ip6Fw - ok
17:59:35.0046 0680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:59:35.0046 0680 IpFilterDriver - ok
17:59:35.0062 0680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:59:35.0062 0680 IpInIp - ok
17:59:35.0109 0680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:59:35.0109 0680 IpNat - ok
17:59:35.0140 0680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:59:35.0140 0680 IPSec - ok
17:59:35.0156 0680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:59:35.0156 0680 IRENUM - ok
17:59:35.0187 0680 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:59:35.0187 0680 isapnp - ok
17:59:35.0312 0680 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Programme\Java\jre6\bin\jqs.exe
17:59:35.0312 0680 JavaQuickStarterService - ok
17:59:35.0343 0680 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:59:35.0343 0680 Kbdclass - ok
17:59:35.0375 0680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:59:35.0390 0680 kmixer - ok
17:59:35.0421 0680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:59:35.0421 0680 KSecDD - ok
17:59:35.0468 0680 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
17:59:35.0468 0680 lanmanserver - ok
17:59:35.0515 0680 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:59:35.0515 0680 lanmanworkstation - ok
17:59:35.0531 0680 lbrtfdc - ok
17:59:35.0609 0680 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
17:59:35.0609 0680 LightScribeService - ok
17:59:35.0656 0680 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:59:35.0656 0680 LmHosts - ok
17:59:35.0687 0680 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:59:35.0687 0680 MBAMProtector - ok
17:59:35.0796 0680 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:59:35.0812 0680 MBAMService - ok
17:59:35.0843 0680 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:59:35.0843 0680 MBAMSwissArmy - ok
17:59:35.0921 0680 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:59:35.0921 0680 MDM - ok
17:59:35.0984 0680 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:59:35.0984 0680 Messenger - ok
17:59:36.0031 0680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:59:36.0046 0680 mnmdd - ok
17:59:36.0078 0680 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:59:36.0093 0680 mnmsrvc - ok
17:59:36.0125 0680 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:59:36.0125 0680 Modem - ok
17:59:36.0140 0680 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:59:36.0140 0680 Mouclass - ok
17:59:36.0187 0680 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:59:36.0187 0680 mouhid - ok
17:59:36.0218 0680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:59:36.0218 0680 MountMgr - ok
17:59:36.0296 0680 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
17:59:36.0296 0680 MozillaMaintenance - ok
17:59:36.0343 0680 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
17:59:36.0343 0680 MPE - ok
17:59:36.0359 0680 mraid35x - ok
17:59:36.0406 0680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:59:36.0406 0680 MRxDAV - ok
17:59:36.0468 0680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:59:36.0468 0680 MRxSmb - ok
17:59:36.0500 0680 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:59:36.0500 0680 MSDTC - ok
17:59:36.0531 0680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:59:36.0531 0680 Msfs - ok
17:59:36.0546 0680 MSIServer - ok
17:59:36.0593 0680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:59:36.0593 0680 MSKSSRV - ok
17:59:36.0609 0680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:59:36.0609 0680 MSPCLOCK - ok
17:59:36.0640 0680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:59:36.0640 0680 MSPQM - ok
17:59:36.0671 0680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:59:36.0671 0680 mssmbios - ok
17:59:36.0703 0680 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:59:36.0703 0680 MSTEE - ok
17:59:36.0750 0680 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
17:59:36.0750 0680 ms_mpu401 - ok
17:59:36.0796 0680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:59:36.0796 0680 Mup - ok
17:59:36.0828 0680 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:59:36.0828 0680 NABTSFEC - ok
17:59:36.0890 0680 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:59:36.0906 0680 napagent - ok
17:59:36.0953 0680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:59:36.0953 0680 NDIS - ok
17:59:36.0984 0680 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:59:36.0984 0680 NdisIP - ok
17:59:37.0000 0680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:59:37.0000 0680 NdisTapi - ok
17:59:37.0046 0680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:59:37.0046 0680 Ndisuio - ok
17:59:37.0078 0680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:59:37.0078 0680 NdisWan - ok
17:59:37.0109 0680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:59:37.0109 0680 NDProxy - ok
17:59:37.0156 0680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:59:37.0156 0680 NetBIOS - ok
17:59:37.0187 0680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:59:37.0187 0680 NetBT - ok
17:59:37.0234 0680 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:59:37.0234 0680 NetDDE - ok
17:59:37.0250 0680 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:59:37.0250 0680 NetDDEdsdm - ok
17:59:37.0281 0680 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:59:37.0281 0680 Netlogon - ok
17:59:37.0312 0680 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:59:37.0312 0680 Netman - ok
17:59:37.0406 0680 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:59:37.0406 0680 NetTcpPortSharing - ok
17:59:37.0437 0680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:59:37.0437 0680 NIC1394 - ok
17:59:37.0468 0680 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
17:59:37.0484 0680 Nla - ok
17:59:37.0562 0680 NPF (9f700584e974a15820c2abf414088b0d) C:\Programme\DBoxBoot\PACKET.SYS
17:59:37.0562 0680 NPF - ok
17:59:37.0593 0680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:59:37.0593 0680 Npfs - ok
17:59:37.0640 0680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:59:37.0671 0680 Ntfs - ok
17:59:37.0703 0680 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:59:37.0703 0680 NtLmSsp - ok
17:59:37.0765 0680 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:59:37.0765 0680 NtmsSvc - ok
17:59:37.0796 0680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:59:37.0812 0680 Null - ok
17:59:37.0890 0680 nv (cf6896702f8c2af241dd27d0220ae80e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:59:37.0890 0680 nv - ok
17:59:37.0906 0680 nvcap - ok
17:59:37.0937 0680 NVSvc (89b35f1ec857a5cab5818043d909883b) C:\WINDOWS\system32\nvsvc32.exe
17:59:37.0953 0680 NVSvc - ok
17:59:37.0984 0680 NVXBAR (fd2a67960ef39d7359005b75711a20ca) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
17:59:37.0984 0680 NVXBAR - ok
17:59:38.0031 0680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:59:38.0031 0680 NwlnkFlt - ok
17:59:38.0046 0680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:59:38.0046 0680 NwlnkFwd - ok
17:59:38.0078 0680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:59:38.0093 0680 ohci1394 - ok
17:59:38.0156 0680 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:59:38.0171 0680 ose - ok
17:59:38.0218 0680 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
17:59:38.0218 0680 Parport - ok
17:59:38.0250 0680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:59:38.0250 0680 PartMgr - ok
17:59:38.0281 0680 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:59:38.0296 0680 ParVdm - ok
17:59:38.0312 0680 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:59:38.0328 0680 PCI - ok
17:59:38.0328 0680 PCIDump - ok
17:59:38.0375 0680 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:59:38.0375 0680 PCIIde - ok
17:59:38.0812 0680 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:59:38.0906 0680 Pcmcia - ok
17:59:38.0921 0680 PDCOMP - ok
17:59:38.0937 0680 PDFRAME - ok
17:59:38.0953 0680 PDRELI - ok
17:59:38.0968 0680 PDRFRAME - ok
17:59:38.0984 0680 perc2 - ok
17:59:39.0000 0680 perc2hib - ok
17:59:39.0093 0680 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
17:59:39.0109 0680 pfc - ok
17:59:39.0281 0680 PhTVTune (94e7f6107c70251059ae4d01b1d76124) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
17:59:39.0281 0680 PhTVTune - ok
17:59:39.0640 0680 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:59:39.0640 0680 PlugPlay - ok
17:59:39.0750 0680 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:59:39.0750 0680 PolicyAgent - ok
17:59:39.0875 0680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:59:39.0875 0680 PptpMiniport - ok
17:59:39.0890 0680 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:59:39.0890 0680 ProtectedStorage - ok
17:59:39.0953 0680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:59:39.0953 0680 PSched - ok
17:59:40.0046 0680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:59:40.0046 0680 Ptilink - ok
17:59:40.0093 0680 PVRUSBDriver (5f9c7ab71e0a534319209771ceea324e) C:\WINDOWS\system32\Drivers\PVRUSBDriver.sys
17:59:40.0093 0680 PVRUSBDriver - ok
17:59:40.0140 0680 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:59:40.0140 0680 PxHelp20 - ok
17:59:40.0156 0680 ql1080 - ok
17:59:40.0156 0680 Ql10wnt - ok
17:59:40.0171 0680 ql12160 - ok
17:59:40.0187 0680 ql1240 - ok
17:59:40.0203 0680 ql1280 - ok
17:59:40.0265 0680 RampartSvc (e80485d820845d373cb003f7500e4d29) C:\Programme\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
17:59:40.0281 0680 RampartSvc - ok
17:59:40.0312 0680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:59:40.0312 0680 RasAcd - ok
17:59:40.0359 0680 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:59:40.0359 0680 RasAuto - ok
17:59:40.0406 0680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:59:40.0406 0680 Rasl2tp - ok
17:59:40.0453 0680 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:59:40.0453 0680 RasMan - ok
17:59:40.0468 0680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:59:40.0468 0680 RasPppoe - ok
17:59:40.0500 0680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:59:40.0500 0680 Raspti - ok
17:59:40.0531 0680 RCFOX (5c72bbc9ca332847e0913168d917d2ee) C:\WINDOWS\system32\Drivers\RCFOX.sys
17:59:40.0546 0680 RCFOX - ok
17:59:40.0562 0680 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
17:59:40.0562 0680 rcvpn - ok
17:59:40.0593 0680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:59:40.0593 0680 Rdbss - ok
17:59:40.0625 0680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:59:40.0625 0680 RDPCDD - ok
17:59:40.0656 0680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:59:40.0656 0680 rdpdr - ok
17:59:40.0703 0680 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:59:40.0718 0680 RDPWD - ok
17:59:40.0750 0680 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:59:40.0765 0680 RDSessMgr - ok
17:59:40.0796 0680 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:59:40.0812 0680 redbook - ok
17:59:40.0843 0680 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:59:40.0843 0680 RemoteAccess - ok
17:59:40.0906 0680 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
17:59:40.0906 0680 RemoteRegistry - ok
17:59:40.0953 0680 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
17:59:40.0953 0680 RimUsb - ok
17:59:41.0000 0680 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
17:59:41.0000 0680 RpcLocator - ok
17:59:41.0062 0680 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:59:41.0078 0680 RpcSs - ok
17:59:41.0109 0680 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
17:59:41.0125 0680 RSVP - ok
17:59:41.0156 0680 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:59:41.0156 0680 SamSs - ok
17:59:41.0187 0680 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:59:41.0187 0680 SCardSvr - ok
17:59:41.0250 0680 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:59:41.0250 0680 Schedule - ok
17:59:41.0296 0680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:59:41.0296 0680 Secdrv - ok
17:59:41.0343 0680 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:59:41.0343 0680 seclogon - ok
17:59:41.0375 0680 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:59:41.0375 0680 SENS - ok
17:59:41.0406 0680 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:59:41.0406 0680 serenum - ok
17:59:41.0437 0680 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:59:41.0437 0680 Serial - ok
17:59:41.0484 0680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:59:41.0515 0680 Sfloppy - ok
17:59:41.0562 0680 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:59:41.0562 0680 SharedAccess - ok
17:59:41.0609 0680 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:59:41.0609 0680 ShellHWDetection - ok
17:59:41.0625 0680 Simbad - ok
17:59:41.0671 0680 sisagp (941f2dd2cf7f5558d52c62c5fa2cdc06) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
17:59:41.0671 0680 sisagp - ok
17:59:41.0703 0680 SiSide (982fd755516012bfd582ef20c6a123ff) C:\WINDOWS\system32\DRIVERS\siside.sys
17:59:41.0703 0680 SiSide - ok
17:59:41.0718 0680 sisidex (5aed8bf3bf7df795d70146d4af4a2580) C:\WINDOWS\system32\drivers\sisidex.sys
17:59:41.0718 0680 sisidex - ok
17:59:41.0765 0680 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
17:59:41.0765 0680 SISNIC - ok
17:59:41.0796 0680 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
17:59:41.0812 0680 SISNICXP - ok
17:59:41.0843 0680 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
17:59:41.0843 0680 sisperf - ok
17:59:42.0125 0680 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:59:42.0218 0680 Skype C2C Service - ok
17:59:42.0312 0680 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
17:59:42.0312 0680 SkypeUpdate - ok
17:59:42.0437 0680 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:59:42.0437 0680 SLIP - ok
17:59:42.0968 0680 SNPSTD3 (9cd6ffc9f5b999eb5df69b9177d9848f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
17:59:43.0093 0680 SNPSTD3 - ok
17:59:43.0187 0680 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
17:59:43.0187 0680 Sony SCSI Helper Service - ok
17:59:43.0281 0680 Sparrow - ok
17:59:43.0312 0680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:59:43.0312 0680 splitter - ok
17:59:43.0359 0680 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:59:43.0359 0680 Spooler - ok
17:59:43.0390 0680 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:59:43.0390 0680 sr - ok
17:59:43.0437 0680 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
17:59:43.0437 0680 srservice - ok
17:59:43.0500 0680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:59:43.0500 0680 Srv - ok
17:59:43.0531 0680 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
17:59:43.0546 0680 ssadbus - ok
17:59:43.0578 0680 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
17:59:43.0578 0680 ssadmdfl - ok
17:59:43.0625 0680 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
17:59:43.0625 0680 ssadmdm - ok
17:59:43.0687 0680 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
17:59:43.0687 0680 ssadserd - ok
17:59:43.0734 0680 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:59:43.0734 0680 SSDPSRV - ok
17:59:43.0765 0680 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:59:43.0765 0680 ssmdrv - ok
17:59:43.0828 0680 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:59:43.0843 0680 stisvc - ok
17:59:43.0890 0680 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:59:43.0890 0680 streamip - ok
17:59:43.0906 0680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:59:43.0906 0680 swenum - ok
17:59:43.0937 0680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:59:43.0937 0680 swmidi - ok
17:59:43.0953 0680 SwPrv - ok
17:59:43.0968 0680 symc810 - ok
17:59:43.0984 0680 symc8xx - ok
17:59:44.0000 0680 sym_hi - ok
17:59:44.0000 0680 sym_u3 - ok
17:59:44.0046 0680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:59:44.0046 0680 sysaudio - ok
17:59:44.0093 0680 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:59:44.0093 0680 SysmonLog - ok
17:59:44.0125 0680 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:59:44.0140 0680 TapiSrv - ok
17:59:44.0187 0680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:59:44.0203 0680 Tcpip - ok
17:59:44.0234 0680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:59:44.0250 0680 TDPIPE - ok
17:59:44.0265 0680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:59:44.0265 0680 TDTCP - ok
17:59:44.0312 0680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:59:44.0312 0680 TermDD - ok
17:59:44.0375 0680 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:59:44.0375 0680 TermService - ok
17:59:44.0421 0680 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:59:44.0421 0680 Themes - ok
17:59:44.0468 0680 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
17:59:44.0468 0680 TlntSvr - ok
17:59:44.0484 0680 TosIde - ok
17:59:44.0515 0680 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:59:44.0531 0680 TrkWks - ok
17:59:44.0562 0680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:59:44.0578 0680 Udfs - ok
17:59:44.0593 0680 ultra - ok
17:59:44.0656 0680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:59:44.0656 0680 Update - ok
17:59:44.0703 0680 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:59:44.0703 0680 upnphost - ok
17:59:44.0750 0680 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:59:44.0765 0680 UPS - ok
17:59:44.0828 0680 USB28xxBGA (67d8495cdad131ddbd602e8f9d5b06fb) C:\WINDOWS\system32\DRIVERS\emBDA.sys
17:59:44.0828 0680 USB28xxBGA - ok
17:59:44.0859 0680 USB28xxOEM (639e78cc98caf18f89dd94cf24e6e46d) C:\WINDOWS\system32\DRIVERS\emOEM.sys
17:59:44.0859 0680 USB28xxOEM - ok
17:59:44.0906 0680 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:59:44.0906 0680 usbaudio - ok
17:59:44.0953 0680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:59:44.0953 0680 usbccgp - ok
17:59:44.0968 0680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:59:44.0968 0680 usbehci - ok
17:59:45.0015 0680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:59:45.0015 0680 usbhub - ok
17:59:45.0046 0680 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:59:45.0046 0680 usbohci - ok
17:59:45.0078 0680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:59:45.0078 0680 usbscan - ok
17:59:45.0093 0680 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:59:45.0093 0680 usbstor - ok
17:59:45.0140 0680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:59:45.0140 0680 VgaSave - ok
17:59:45.0156 0680 ViaIde - ok
17:59:45.0171 0680 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:59:45.0171 0680 VolSnap - ok
17:59:45.0234 0680 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:59:45.0234 0680 VSS - ok
17:59:45.0265 0680 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:59:45.0281 0680 W32Time - ok
17:59:45.0296 0680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:59:45.0312 0680 Wanarp - ok
17:59:45.0359 0680 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:59:45.0359 0680 wceusbsh - ok
17:59:45.0437 0680 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:59:45.0437 0680 Wdf01000 - ok
17:59:45.0453 0680 WDICA - ok
17:59:45.0500 0680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:59:45.0500 0680 wdmaud - ok
17:59:45.0531 0680 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:59:45.0546 0680 WebClient - ok
17:59:45.0609 0680 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:59:45.0625 0680 winmgmt - ok
17:59:45.0687 0680 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:59:45.0687 0680 WmdmPmSN - ok
17:59:45.0765 0680 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
17:59:45.0765 0680 Wmi - ok
17:59:45.0812 0680 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:59:45.0812 0680 WmiApSrv - ok
17:59:45.0968 0680 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
17:59:46.0015 0680 WMPNetworkSvc - ok
17:59:46.0187 0680 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:59:46.0203 0680 WPFFontCache_v0400 - ok
17:59:46.0281 0680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:59:46.0281 0680 WS2IFSL - ok
17:59:46.0328 0680 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:59:46.0328 0680 wscsvc - ok
17:59:46.0375 0680 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:59:46.0375 0680 WSTCODEC - ok
17:59:46.0406 0680 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:59:46.0406 0680 wuauserv - ok
17:59:46.0453 0680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:59:46.0453 0680 WudfPf - ok
17:59:46.0484 0680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:59:46.0484 0680 WudfRd - ok
17:59:46.0515 0680 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:59:46.0515 0680 WudfSvc - ok
17:59:46.0578 0680 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:59:46.0593 0680 WZCSVC - ok
17:59:46.0671 0680 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:59:46.0671 0680 x10nets - ok
17:59:46.0718 0680 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:59:46.0718 0680 xmlprov - ok
17:59:46.0765 0680 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
17:59:47.0234 0680 \Device\Harddisk0\DR0 - ok
17:59:47.0265 0680 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
17:59:47.0734 0680 \Device\Harddisk1\DR1 - ok
17:59:47.0750 0680 Boot (0x1200) (0ee5bd4b49ccf4302616e874527268f4) \Device\Harddisk0\DR0\Partition0
17:59:47.0750 0680 \Device\Harddisk0\DR0\Partition0 - ok
17:59:47.0781 0680 Boot (0x1200) (158e777da5d5e4827176c8cdbac86316) \Device\Harddisk0\DR0\Partition1
17:59:47.0781 0680 \Device\Harddisk0\DR0\Partition1 - ok
17:59:47.0812 0680 Boot (0x1200) (0ef24f52973d1f679bba50c6c635cfc7) \Device\Harddisk0\DR0\Partition2
17:59:47.0812 0680 \Device\Harddisk0\DR0\Partition2 - ok
17:59:47.0812 0680 Boot (0x1200) (84c761c7ff825a3af440d4e49a023d9e) \Device\Harddisk1\DR1\Partition0
17:59:47.0812 0680 \Device\Harddisk1\DR1\Partition0 - ok
17:59:47.0828 0680 ============================================================
17:59:47.0828 0680 Scan finished
17:59:47.0828 0680 ============================================================
17:59:47.0843 3652 Detected object count: 0
17:59:47.0843 3652 Actual detected object count: 0
18:01:05.0312 0652 ============================================================
18:01:05.0312 0652 Scan started
18:01:05.0312 0652 Mode: Manual; SigCheck; TDLFS;
18:01:05.0312 0652 ============================================================
18:01:05.0406 0652 Abiosdsk - ok
18:01:05.0421 0652 abp480n5 - ok
18:01:05.0468 0652 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:01:06.0156 0652 ACPI - ok
18:01:06.0187 0652 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:01:06.0343 0652 ACPIEC - ok
18:01:06.0406 0652 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:06.0437 0652 AdobeFlashPlayerUpdateSvc - ok
18:01:06.0453 0652 adpu160m - ok
18:01:06.0484 0652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:01:06.0671 0652 aec - ok
18:01:06.0718 0652 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:01:06.0781 0652 AFD - ok
18:01:06.0796 0652 Aha154x - ok
18:01:06.0812 0652 aic78u2 - ok
18:01:06.0828 0652 aic78xx - ok
18:01:06.0906 0652 ALCXWDM (72963c1dc6f9e2e25165bae8d2444000) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:01:07.0109 0652 ALCXWDM - ok
18:01:07.0140 0652 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
18:01:07.0312 0652 Alerter - ok
18:01:07.0328 0652 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
18:01:07.0421 0652 ALG - ok
18:01:07.0437 0652 AliIde - ok
18:01:07.0453 0652 amsint - ok
18:01:07.0484 0652 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
18:01:07.0781 0652 androidusb - ok
18:01:07.0890 0652 AntiVirMailService (b9b5dfafea592bd4ca967824ebb42e3d) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
18:01:07.0953 0652 AntiVirMailService - ok
18:01:08.0000 0652 AntiVirSchedulerService (67b1d78711b4386c26241096326ee14a) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:01:08.0015 0652 AntiVirSchedulerService - ok
18:01:08.0031 0652 AntiVirService (845c4e7ae211edad5e0b832126f56932) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:01:08.0046 0652 AntiVirService - ok
18:01:08.0109 0652 AntiVirWebService (30d71e0c149943a8985d02ea0944f2fe) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:01:08.0156 0652 AntiVirWebService - ok
18:01:08.0234 0652 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:08.0250 0652 Apple Mobile Device - ok
18:01:08.0343 0652 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
18:01:08.0453 0652 AppMgmt - ok
18:01:08.0500 0652 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:01:08.0718 0652 Arp1394 - ok
18:01:08.0734 0652 asc - ok
18:01:08.0750 0652 asc3350p - ok
18:01:08.0765 0652 asc3550 - ok
18:01:08.0828 0652 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:01:08.0859 0652 aspnet_state - ok
18:01:08.0875 0652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:01:09.0078 0652 AsyncMac - ok
18:01:09.0109 0652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:01:09.0296 0652 atapi - ok
18:01:09.0312 0652 Atdisk - ok
18:01:09.0343 0652 atirage (8ae4058ad345aa50ad0e58196c041e1c) C:\WINDOWS\system32\DRIVERS\atiragem.sys
18:01:09.0578 0652 atirage - ok
18:01:09.0609 0652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:01:09.0828 0652 Atmarpc - ok
18:01:09.0859 0652 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
18:01:10.0062 0652 AudioSrv - ok
18:01:10.0109 0652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:10.0296 0652 audstub - ok
18:01:10.0328 0652 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:01:10.0359 0652 avgntflt - ok
18:01:10.0375 0652 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:01:10.0390 0652 avipbb - ok
18:01:10.0421 0652 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:01:10.0437 0652 avkmgr - ok
18:01:10.0484 0652 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
18:01:10.0718 0652 AVMWAN - ok
18:01:10.0734 0652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:01:10.0953 0652 Beep - ok
18:01:11.0421 0652 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
18:01:11.0656 0652 BITS - ok
18:01:11.0765 0652 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Programme\Bonjour\mDNSResponder.exe
18:01:11.0781 0652 Bonjour Service - ok
18:01:11.0828 0652 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
18:01:12.0062 0652 Browser - ok
18:01:12.0093 0652 camfilt2 (088c0978203d59425a12b2a53fccd02b) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
18:01:12.0125 0652 camfilt2 ( UnsignedFile.Multi.Generic ) - warning
18:01:12.0125 0652 camfilt2 - detected UnsignedFile.Multi.Generic (1)
18:01:12.0156 0652 Cap7134 (fdfe848c821f0666c4507a11717146c2) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
18:01:12.0234 0652 Cap7134 - ok
18:01:12.0265 0652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:12.0468 0652 cbidf2k - ok
18:01:12.0515 0652 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:01:12.0750 0652 CCDECODE - ok
18:01:12.0765 0652 cd20xrnt - ok
18:01:12.0796 0652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:13.0031 0652 Cdaudio - ok
18:01:13.0046 0652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:13.0281 0652 Cdfs - ok
18:01:13.0312 0652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:13.0546 0652 Cdrom - ok
18:01:13.0562 0652 Changer - ok
18:01:13.0609 0652 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
18:01:13.0828 0652 CiSvc - ok
18:01:13.0859 0652 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
18:01:14.0109 0652 ClipSrv - ok
18:01:14.0187 0652 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:14.0203 0652 clr_optimization_v2.0.50727_32 - ok
18:01:14.0265 0652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:01:14.0296 0652 clr_optimization_v4.0.30319_32 - ok
18:01:14.0296 0652 CmdIde - ok
18:01:14.0312 0652 COMSysApp - ok
18:01:14.0343 0652 Cpqarray - ok
18:01:14.0375 0652 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
18:01:14.0578 0652 CryptSvc - ok
18:01:14.0593 0652 dac2w2k - ok
18:01:14.0609 0652 dac960nt - ok
18:01:14.0656 0652 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:01:14.0734 0652 DcomLaunch - ok
18:01:14.0750 0652 dgderdrv - ok
18:01:14.0796 0652 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
18:01:15.0015 0652 Dhcp - ok
18:01:15.0062 0652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:15.0281 0652 Disk - ok
18:01:15.0281 0652 dmadmin - ok
18:01:15.0437 0652 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:01:15.0687 0652 dmboot - ok
18:01:15.0718 0652 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:01:15.0921 0652 dmio - ok
18:01:15.0953 0652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:01:16.0171 0652 dmload - ok
18:01:16.0218 0652 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
18:01:16.0421 0652 dmserver - ok
18:01:16.0453 0652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:01:16.0703 0652 DMusic - ok
18:01:16.0750 0652 DNE (ded00b959d94612c22f53538a9f0fc89) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:01:16.0796 0652 DNE - ok
18:01:16.0828 0652 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
18:01:16.0968 0652 Dnscache - ok
18:01:17.0015 0652 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
18:01:17.0250 0652 Dot3svc - ok
18:01:17.0265 0652 dpti2o - ok
18:01:17.0296 0652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:01:17.0500 0652 drmkaud - ok
18:01:17.0531 0652 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
18:01:17.0781 0652 EapHost - ok
18:01:17.0828 0652 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
18:01:18.0062 0652 ERSvc - ok
18:01:18.0109 0652 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:01:18.0140 0652 Eventlog - ok
18:01:18.0187 0652 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
18:01:18.0234 0652 EventSystem - ok
18:01:18.0265 0652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:01:18.0468 0652 Fastfat - ok
18:01:18.0500 0652 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:01:18.0593 0652 FastUserSwitchingCompatibility - ok
18:01:18.0640 0652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:01:18.0843 0652 Fdc - ok
18:01:18.0859 0652 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:01:19.0109 0652 Fips - ok
18:01:19.0125 0652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:01:19.0343 0652 Flpydisk - ok
18:01:19.0390 0652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:01:19.0625 0652 FltMgr - ok
18:01:19.0718 0652 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:19.0734 0652 FontCache3.0.0.0 - ok
18:01:19.0796 0652 fpcibase (45b5129aeae91ea096a9bbebff99e098) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
18:01:20.0015 0652 fpcibase - ok
18:01:20.0046 0652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:01:20.0312 0652 Fs_Rec - ok
18:01:20.0328 0652 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:01:20.0531 0652 Ftdisk - ok
18:01:20.0546 0652 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:01:20.0781 0652 gameenum - ok
18:01:20.0812 0652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:01:21.0015 0652 Gpc - ok
18:01:21.0125 0652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:01:21.0140 0652 gupdate - ok
18:01:21.0140 0652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:01:21.0156 0652 gupdatem - ok
18:01:21.0218 0652 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:01:21.0437 0652 helpsvc - ok
18:01:21.0453 0652 HidServ - ok
18:01:21.0500 0652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:01:21.0671 0652 HidUsb - ok
18:01:21.0703 0652 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
18:01:21.0921 0652 hkmsvc - ok
18:01:21.0953 0652 hpn - ok
18:01:21.0984 0652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:01:22.0015 0652 HTTP - ok
18:01:22.0062 0652 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
18:01:22.0265 0652 HTTPFilter - ok
18:01:22.0265 0652 i2omgmt - ok
18:01:22.0281 0652 i2omp - ok
18:01:22.0312 0652 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:01:22.0531 0652 i8042prt - ok
18:01:22.0609 0652 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:01:22.0625 0652 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:01:22.0625 0652 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:01:22.0750 0652 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:01:22.0796 0652 idsvc - ok
18:01:22.0828 0652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:01:23.0031 0652 Imapi - ok
18:01:23.0062 0652 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
18:01:23.0281 0652 ImapiService - ok
18:01:23.0296 0652 ini910u - ok
18:01:23.0312 0652 IntelIde - ok
18:01:23.0359 0652 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:01:23.0546 0652 intelppm - ok
18:01:23.0609 0652 Intels51 (bb801eb1898a22dfd412064e5c952ea5) C:\WINDOWS\system32\DRIVERS\ctxs51.sys
18:01:23.0671 0652 Intels51 - ok
18:01:23.0687 0652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:01:23.0921 0652 Ip6Fw - ok
18:01:23.0953 0652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:01:24.0156 0652 IpFilterDriver - ok
18:01:24.0187 0652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:01:24.0390 0652 IpInIp - ok
18:01:24.0421 0652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:01:24.0609 0652 IpNat - ok
18:01:24.0640 0652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:01:24.0859 0652 IPSec - ok
18:01:24.0875 0652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:01:24.0968 0652 IRENUM - ok
18:01:24.0984 0652 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:01:25.0156 0652 isapnp - ok
18:01:25.0265 0652 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Programme\Java\jre6\bin\jqs.exe
18:01:25.0281 0652 JavaQuickStarterService - ok
18:01:25.0328 0652 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:01:25.0531 0652 Kbdclass - ok
18:01:25.0546 0652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:01:25.0765 0652 kmixer - ok
18:01:25.0812 0652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:01:25.0875 0652 KSecDD - ok
18:01:25.0921 0652 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
18:01:25.0953 0652 lanmanserver - ok
18:01:26.0000 0652 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
18:01:26.0046 0652 lanmanworkstation - ok
18:01:26.0062 0652 lbrtfdc - ok
18:01:26.0125 0652 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
18:01:26.0140 0652 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:01:26.0140 0652 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:01:26.0171 0652 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
18:01:26.0375 0652 LmHosts - ok
18:01:26.0390 0652 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:01:26.0406 0652 MBAMProtector - ok
18:01:26.0500 0652 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
18:01:26.0546 0652 MBAMService - ok
18:01:26.0578 0652 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
18:01:26.0593 0652 MBAMSwissArmy - ok
18:01:26.0671 0652 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
18:01:26.0687 0652 MDM - ok
18:01:26.0734 0652 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
18:01:26.0968 0652 Messenger - ok
18:01:27.0000 0652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:01:27.0187 0652 mnmdd - ok
18:01:27.0218 0652 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
18:01:27.0406 0652 mnmsrvc - ok
18:01:27.0453 0652 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:01:27.0640 0652 Modem - ok
18:01:27.0671 0652 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:01:27.0859 0652 Mouclass - ok
18:01:27.0890 0652 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:01:28.0078 0652 mouhid - ok
18:01:28.0109 0652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:01:28.0312 0652 MountMgr - ok
18:01:28.0359 0652 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:01:28.0375 0652 MozillaMaintenance - ok
18:01:28.0406 0652 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
18:01:28.0625 0652 MPE - ok
18:01:28.0625 0652 mraid35x - ok
18:01:28.0671 0652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:01:28.0875 0652 MRxDAV - ok
18:01:28.0921 0652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:01:29.0046 0652 MRxSmb - ok
18:01:29.0078 0652 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
18:01:29.0281 0652 MSDTC - ok
18:01:29.0312 0652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:01:29.0484 0652 Msfs - ok
18:01:29.0500 0652 MSIServer - ok
18:01:29.0546 0652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:01:29.0750 0652 MSKSSRV - ok
18:01:29.0781 0652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:01:29.0968 0652 MSPCLOCK - ok
18:01:30.0000 0652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:01:30.0203 0652 MSPQM - ok
18:01:30.0218 0652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:01:30.0437 0652 mssmbios - ok
18:01:30.0453 0652 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:01:30.0640 0652 MSTEE - ok
18:01:30.0687 0652 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
18:01:30.0875 0652 ms_mpu401 - ok
18:01:30.0921 0652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:01:30.0968 0652 Mup - ok
18:01:31.0000 0652 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:01:31.0203 0652 NABTSFEC - ok
18:01:31.0265 0652 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
18:01:31.0468 0652 napagent - ok
18:01:31.0531 0652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:01:31.0750 0652 NDIS - ok
18:01:31.0765 0652 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:01:31.0968 0652 NdisIP - ok
18:01:32.0000 0652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:01:32.0031 0652 NdisTapi - ok
18:01:32.0062 0652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:01:32.0265 0652 Ndisuio - ok
18:01:32.0296 0652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:01:32.0484 0652 NdisWan - ok
18:01:32.0531 0652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:01:32.0593 0652 NDProxy - ok
18:01:32.0640 0652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:01:32.0843 0652 NetBIOS - ok
18:01:32.0875 0652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:01:33.0062 0652 NetBT - ok
18:01:33.0109 0652 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:01:33.0296 0652 NetDDE - ok
18:01:33.0312 0652 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:01:33.0500 0652 NetDDEdsdm - ok
18:01:33.0546 0652 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:01:33.0750 0652 Netlogon - ok
18:01:33.0796 0652 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
18:01:33.0968 0652 Netman - ok
18:01:34.0062 0652 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:01:34.0078 0652 NetTcpPortSharing - ok
18:01:34.0093 0652 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:01:34.0281 0652 NIC1394 - ok
18:01:34.0328 0652 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
18:01:34.0343 0652 Nla - ok
18:01:34.0421 0652 NPF (9f700584e974a15820c2abf414088b0d) C:\Programme\DBoxBoot\PACKET.SYS
18:01:34.0437 0652 NPF ( UnsignedFile.Multi.Generic ) - warning
18:01:34.0437 0652 NPF - detected UnsignedFile.Multi.Generic (1)
18:01:34.0453 0652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:01:34.0640 0652 Npfs - ok
18:01:34.0703 0652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:01:34.0906 0652 Ntfs - ok
18:01:34.0953 0652 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:01:35.0156 0652 NtLmSsp - ok
18:01:35.0203 0652 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
18:01:35.0437 0652 NtmsSvc - ok
18:01:35.0468 0652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:01:35.0687 0652 Null - ok
18:01:35.0765 0652 nv (cf6896702f8c2af241dd27d0220ae80e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:01:35.0875 0652 nv - ok
18:01:35.0890 0652 nvcap - ok
18:01:35.0921 0652 NVSvc (89b35f1ec857a5cab5818043d909883b) C:\WINDOWS\system32\nvsvc32.exe
18:01:35.0953 0652 NVSvc - ok
18:01:35.0984 0652 NVXBAR (fd2a67960ef39d7359005b75711a20ca) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
18:01:36.0000 0652 NVXBAR ( UnsignedFile.Multi.Generic ) - warning
18:01:36.0000 0652 NVXBAR - detected UnsignedFile.Multi.Generic (1)
18:01:36.0031 0652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:01:36.0234 0652 NwlnkFlt - ok
18:01:36.0250 0652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:01:36.0453 0652 NwlnkFwd - ok
18:01:36.0484 0652 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:01:36.0687 0652 ohci1394 - ok
18:01:36.0765 0652 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:01:36.0781 0652 ose - ok
18:01:36.0812 0652 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
18:01:37.0031 0652 Parport - ok
18:01:37.0062 0652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:01:37.0250 0652 PartMgr - ok
18:01:37.0281 0652 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:01:37.0453 0652 ParVdm - ok
18:01:37.0468 0652 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:01:37.0687 0652 PCI - ok
18:01:37.0687 0652 PCIDump - ok
18:01:37.0734 0652 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:01:37.0937 0652 PCIIde - ok
18:01:37.0984 0652 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:01:38.0187 0652 Pcmcia - ok
18:01:38.0203 0652 PDCOMP - ok
18:01:38.0218 0652 PDFRAME - ok
18:01:38.0234 0652 PDRELI - ok
18:01:38.0250 0652 PDRFRAME - ok
18:01:38.0265 0652 perc2 - ok
18:01:38.0281 0652 perc2hib - ok
18:01:38.0328 0652 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
18:01:38.0343 0652 pfc ( UnsignedFile.Multi.Generic ) - warning
18:01:38.0343 0652 pfc - detected UnsignedFile.Multi.Generic (1)
18:01:38.0390 0652 PhTVTune (94e7f6107c70251059ae4d01b1d76124) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
18:01:38.0437 0652 PhTVTune - ok
18:01:38.0484 0652 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:01:38.0500 0652 PlugPlay - ok
18:01:38.0531 0652 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:01:38.0718 0652 PolicyAgent - ok
18:01:38.0750 0652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:01:38.0953 0652 PptpMiniport - ok
18:01:38.0968 0652 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:01:39.0140 0652 ProtectedStorage - ok
18:01:39.0171 0652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:01:39.0375 0652 PSched - ok
18:01:39.0406 0652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:01:39.0593 0652 Ptilink - ok
18:01:39.0640 0652 PVRUSBDriver (5f9c7ab71e0a534319209771ceea324e) C:\WINDOWS\system32\Drivers\PVRUSBDriver.sys
18:01:39.0656 0652 PVRUSBDriver ( UnsignedFile.Multi.Generic ) - warning
18:01:39.0656 0652 PVRUSBDriver - detected UnsignedFile.Multi.Generic (1)
18:01:39.0687 0652 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:01:39.0703 0652 PxHelp20 - ok
18:01:39.0703 0652 ql1080 - ok
18:01:39.0718 0652 Ql10wnt - ok
18:01:39.0734 0652 ql12160 - ok
18:01:39.0750 0652 ql1240 - ok
18:01:39.0765 0652 ql1280 - ok
18:01:39.0828 0652 RampartSvc (e80485d820845d373cb003f7500e4d29) C:\Programme\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
18:01:39.0843 0652 RampartSvc ( UnsignedFile.Multi.Generic ) - warning
18:01:39.0843 0652 RampartSvc - detected UnsignedFile.Multi.Generic (1)
18:01:39.0890 0652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:01:40.0078 0652 RasAcd - ok
18:01:40.0109 0652 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
18:01:40.0328 0652 RasAuto - ok
18:01:40.0359 0652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:01:40.0562 0652 Rasl2tp - ok
18:01:40.0609 0652 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
18:01:40.0781 0652 RasMan - ok
18:01:40.0812 0652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:01:41.0000 0652 RasPppoe - ok
18:01:41.0031 0652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:01:41.0218 0652 Raspti - ok
18:01:41.0265 0652 RCFOX (5c72bbc9ca332847e0913168d917d2ee) C:\WINDOWS\system32\Drivers\RCFOX.sys
18:01:41.0265 0652 RCFOX ( UnsignedFile.Multi.Generic ) - warning
18:01:41.0265 0652 RCFOX - detected UnsignedFile.Multi.Generic (1)
18:01:41.0296 0652 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
18:01:41.0343 0652 rcvpn - ok
18:01:41.0375 0652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:01:41.0562 0652 Rdbss - ok
18:01:41.0578 0652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:01:41.0781 0652 RDPCDD - ok
18:01:41.0812 0652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:01:42.0000 0652 rdpdr - ok
18:01:42.0328 0652 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
18:01:42.0437 0652 RDPWD - ok
18:01:42.0734 0652 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:01:42.0937 0652 RDSessMgr - ok
18:01:43.0156 0652 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:01:43.0359 0652 redbook - ok
18:01:43.0500 0652 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
18:01:43.0687 0652 RemoteAccess - ok
18:01:43.0781 0652 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
18:01:43.0984 0652 RemoteRegistry - ok
18:01:44.0031 0652 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:01:44.0062 0652 RimUsb - ok
18:01:44.0109 0652 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
18:01:44.0296 0652 RpcLocator - ok
18:01:44.0343 0652 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:01:44.0375 0652 RpcSs - ok
18:01:44.0406 0652 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:01:44.0593 0652 RSVP - ok
18:01:44.0625 0652 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:01:44.0828 0652 SamSs - ok
18:01:44.0843 0652 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
18:01:45.0031 0652 SCardSvr - ok
18:01:45.0078 0652 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
18:01:45.0265 0652 Schedule - ok
18:01:45.0312 0652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:01:45.0390 0652 Secdrv - ok
18:01:45.0421 0652 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
18:01:45.0593 0652 seclogon - ok
18:01:45.0625 0652 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
18:01:45.0796 0652 SENS - ok
18:01:45.0828 0652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:01:46.0000 0652 serenum - ok
18:01:46.0015 0652 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:01:46.0171 0652 Serial - ok
18:01:46.0234 0652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:01:46.0406 0652 Sfloppy - ok
18:01:46.0453 0652 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
18:01:46.0625 0652 SharedAccess - ok
18:01:46.0671 0652 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:01:46.0687 0652 ShellHWDetection - ok
18:01:46.0703 0652 Simbad - ok
18:01:46.0734 0652 sisagp (941f2dd2cf7f5558d52c62c5fa2cdc06) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
18:01:46.0750 0652 sisagp - ok
18:01:46.0781 0652 SiSide (982fd755516012bfd582ef20c6a123ff) C:\WINDOWS\system32\DRIVERS\siside.sys
18:01:46.0843 0652 SiSide - ok
18:01:46.0875 0652 sisidex (5aed8bf3bf7df795d70146d4af4a2580) C:\WINDOWS\system32\drivers\sisidex.sys
18:01:46.0875 0652 sisidex ( UnsignedFile.Multi.Generic ) - warning
18:01:46.0875 0652 sisidex - detected UnsignedFile.Multi.Generic (1)
18:01:46.0937 0652 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
18:01:47.0125 0652 SISNIC - ok
18:01:47.0156 0652 SISNICXP (47f39481bc8941e0d51601a85691448d) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
18:01:47.0218 0652 SISNICXP - ok
18:01:47.0265 0652 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
18:01:47.0265 0652 sisperf ( UnsignedFile.Multi.Generic ) - warning
18:01:47.0265 0652 sisperf - detected UnsignedFile.Multi.Generic (1)
18:01:47.0515 0652 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:01:47.0671 0652 Skype C2C Service - ok
18:01:47.0765 0652 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
18:01:47.0781 0652 SkypeUpdate - ok
18:01:47.0906 0652 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:01:48.0109 0652 SLIP - ok
18:01:48.0609 0652 SNPSTD3 (9cd6ffc9f5b999eb5df69b9177d9848f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
18:01:49.0062 0652 SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
18:01:49.0062 0652 SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
18:01:49.0156 0652 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
18:01:49.0156 0652 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
18:01:49.0156 0652 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
18:01:49.0250 0652 Sparrow - ok
18:01:49.0281 0652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:01:49.0453 0652 splitter - ok
18:01:49.0484 0652 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:01:49.0531 0652 Spooler - ok
18:01:49.0562 0652 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:01:49.0640 0652 sr - ok
18:01:49.0687 0652 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
18:01:49.0781 0652 srservice - ok
18:01:49.0828 0652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:01:49.0875 0652 Srv - ok
18:01:49.0921 0652 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
18:01:49.0984 0652 ssadbus - ok
18:01:50.0015 0652 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
18:01:50.0109 0652 ssadmdfl - ok
18:01:50.0156 0652 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
18:01:50.0203 0652 ssadmdm - ok
18:01:50.0250 0652 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
18:01:50.0281 0652 ssadserd - ok
18:01:50.0312 0652 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
18:01:50.0406 0652 SSDPSRV - ok
18:01:50.0437 0652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:01:50.0468 0652 ssmdrv - ok
18:01:50.0531 0652 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
18:01:50.0718 0652 stisvc - ok
18:01:50.0750 0652 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:01:50.0921 0652 streamip - ok
18:01:50.0953 0652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:01:51.0156 0652 swenum - ok
18:01:51.0171 0652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:01:51.0359 0652 swmidi - ok
18:01:51.0359 0652 SwPrv - ok
18:01:51.0375 0652 symc810 - ok
18:01:51.0390 0652 symc8xx - ok
18:01:51.0406 0652 sym_hi - ok
18:01:51.0421 0652 sym_u3 - ok
18:01:51.0453 0652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:01:51.0625 0652 sysaudio - ok
18:01:51.0671 0652 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
18:01:51.0843 0652 SysmonLog - ok
18:01:51.0890 0652 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
18:01:52.0062 0652 TapiSrv - ok
18:01:52.0125 0652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:01:52.0171 0652 Tcpip - ok
18:01:52.0218 0652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:01:52.0375 0652 TDPIPE - ok
18:01:52.0406 0652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:01:52.0578 0652 TDTCP - ok
18:01:52.0625 0652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:01:52.0812 0652 TermDD - ok
18:01:52.0859 0652 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
18:01:53.0046 0652 TermService - ok
18:01:53.0078 0652 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:01:53.0093 0652 Themes - ok
18:01:53.0140 0652 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
18:01:53.0234 0652 TlntSvr - ok
18:01:53.0250 0652 TosIde - ok
18:01:53.0281 0652 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
18:01:53.0453 0652 TrkWks - ok
18:01:53.0500 0652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:01:53.0703 0652 Udfs - ok
18:01:53.0718 0652 ultra - ok
18:01:53.0750 0652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:01:53.0953 0652 Update - ok
18:01:54.0000 0652 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
18:01:54.0078 0652 upnphost - ok
18:01:54.0093 0652 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
18:01:54.0265 0652 UPS - ok
18:01:54.0328 0652 USB28xxBGA (67d8495cdad131ddbd602e8f9d5b06fb) C:\WINDOWS\system32\DRIVERS\emBDA.sys
18:01:54.0375 0652 USB28xxBGA ( UnsignedFile.Multi.Generic ) - warning
18:01:54.0375 0652 USB28xxBGA - detected UnsignedFile.Multi.Generic (1)
18:01:54.0390 0652 USB28xxOEM (639e78cc98caf18f89dd94cf24e6e46d) C:\WINDOWS\system32\DRIVERS\emOEM.sys
18:01:54.0421 0652 USB28xxOEM ( UnsignedFile.Multi.Generic ) - warning
18:01:54.0421 0652 USB28xxOEM - detected UnsignedFile.Multi.Generic (1)
18:01:54.0453 0652 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:01:54.0656 0652 usbaudio - ok
18:01:54.0687 0652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:01:54.0859 0652 usbccgp - ok
18:01:54.0890 0652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:01:55.0062 0652 usbehci - ok
18:01:55.0093 0652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:01:55.0296 0652 usbhub - ok
18:01:55.0328 0652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:01:55.0500 0652 usbohci - ok
18:01:55.0531 0652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:01:55.0718 0652 usbscan - ok
18:01:55.0734 0652 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:01:55.0921 0652 usbstor - ok
18:01:55.0968 0652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:01:56.0125 0652 VgaSave - ok
18:01:56.0140 0652 ViaIde - ok
18:01:56.0171 0652 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:01:56.0359 0652 VolSnap - ok
18:01:56.0406 0652 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
18:01:56.0515 0652 VSS - ok
18:01:56.0562 0652 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
18:01:56.0703 0652 W32Time - ok
18:01:56.0734 0652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:01:56.0906 0652 Wanarp - ok
18:01:56.0937 0652 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:01:57.0000 0652 wceusbsh - ok
18:01:57.0062 0652 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:01:57.0093 0652 Wdf01000 - ok
18:01:57.0109 0652 WDICA - ok
18:01:57.0140 0652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:01:57.0328 0652 wdmaud - ok
18:01:57.0359 0652 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
18:01:57.0562 0652 WebClient - ok
18:01:57.0625 0652 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:01:57.0828 0652 winmgmt - ok
18:01:57.0875 0652 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:01:57.0921 0652 WmdmPmSN - ok
18:01:58.0015 0652 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
18:01:58.0062 0652 Wmi - ok
18:01:58.0109 0652 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:01:58.0296 0652 WmiApSrv - ok
18:01:58.0453 0652 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
18:01:58.0546 0652 WMPNetworkSvc - ok
18:01:58.0703 0652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:01:58.0765 0652 WPFFontCache_v0400 - ok
18:01:58.0843 0652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:01:59.0031 0652 WS2IFSL - ok
18:01:59.0078 0652 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
18:01:59.0250 0652 wscsvc - ok
18:01:59.0281 0652 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:01:59.0468 0652 WSTCODEC - ok
18:01:59.0500 0652 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:01:59.0656 0652 wuauserv - ok
18:01:59.0703 0652 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:01:59.0750 0652 WudfPf - ok
18:01:59.0781 0652 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:01:59.0796 0652 WudfRd - ok
18:01:59.0828 0652 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:01:59.0859 0652 WudfSvc - ok
18:01:59.0921 0652 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
18:02:00.0156 0652 WZCSVC - ok
18:02:00.0234 0652 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
18:02:00.0250 0652 x10nets ( UnsignedFile.Multi.Generic ) - warning
18:02:00.0250 0652 x10nets - detected UnsignedFile.Multi.Generic (1)
18:02:00.0296 0652 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
18:02:00.0468 0652 xmlprov - ok
18:02:00.0515 0652 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:02:01.0109 0652 \Device\Harddisk0\DR0 - ok
18:02:01.0125 0652 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
18:02:01.0734 0652 \Device\Harddisk1\DR1 - ok
18:02:01.0765 0652 Boot (0x1200) (0ee5bd4b49ccf4302616e874527268f4) \Device\Harddisk0\DR0\Partition0
18:02:01.0765 0652 \Device\Harddisk0\DR0\Partition0 - ok
18:02:01.0796 0652 Boot (0x1200) (158e777da5d5e4827176c8cdbac86316) \Device\Harddisk0\DR0\Partition1
18:02:01.0796 0652 \Device\Harddisk0\DR0\Partition1 - ok
18:02:01.0828 0652 Boot (0x1200) (0ef24f52973d1f679bba50c6c635cfc7) \Device\Harddisk0\DR0\Partition2
18:02:01.0828 0652 \Device\Harddisk0\DR0\Partition2 - ok
18:02:01.0859 0652 Boot (0x1200) (84c761c7ff825a3af440d4e49a023d9e) \Device\Harddisk1\DR1\Partition0
18:02:01.0859 0652 \Device\Harddisk1\DR1\Partition0 - ok
18:02:01.0859 0652 ============================================================
18:02:01.0859 0652 Scan finished
18:02:01.0859 0652 ============================================================
18:02:01.0984 2168 Detected object count: 16
18:02:01.0984 2168 Actual detected object count: 16
18:03:07.0031 2168 camfilt2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 camfilt2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0031 2168 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0031 2168 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0031 2168 NPF ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0031 2168 NVXBAR ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 NVXBAR ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0031 2168 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0031 2168 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 PVRUSBDriver ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 PVRUSBDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 RampartSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 RampartSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 RCFOX ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 RCFOX ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0046 2168 USB28xxBGA ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0046 2168 USB28xxBGA ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0062 2168 USB28xxOEM ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0062 2168 USB28xxOEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:03:07.0062 2168 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:03:07.0062 2168 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Peter Teil 2, vollständiger Malwarebyte-Scan: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.02.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Peter :: TS01 [Administrator] Schutz: Aktiviert 02.07.2012 16:47:42 mbam-log-2012-07-02 (16-47-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 424141 Laufzeit: 4 Stunde(n), 33 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Dokumente und Einstellungen\Peter\Eigene Dateien\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application
C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LKB6KSEX\firstload_com[1].htm HTML/ScrInject.B.Gen virus
C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGQQNXIJ\firstload_com[1].htm HTML/ScrInject.B.Gen virus
E:\backupc\Appl\Nero\Nero-7.10.1.0_deu_update.exe Win32/Toolbar.AskSBar application
E:\backupc\Appl\Nero\Nero9\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application
Google-Umleitungen passieren weiterhin nicht mehr! Was mir aufgefallen ist: Einer meiner Beschützer - ich glaube es war Avira - hat einmal c:\windows\system32\schedsvc9.dll mit Hinweis auf TR/Crypt.zpack.Gen7 angemeckert. Ich habe nichts damit getan, findes die Datei aber nicht mehr. Vielleicht war's das ja und du brauchst Dir keine weiter Mühe zu machen, Arne? Gruß Peter Nachtrag: Da ich's nicht genau wie beschrieben gemacht hab' und die Randinfos ja durchaus hilfreich sein könnten: Hier ist das vollständige ESET-LOG: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8379b720271d1f47869323dc252bf0d0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-02 11:26:20
# local_time=2012-07-03 01:26:20 (+0100, Westeuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777175 100 0 8948763 8948763 0 0
# compatibility_mode=8192 67108863 100 0 506 506 0 0
# scanned=163530
# found=5
# cleaned=0
# scan_time=12270
C:\Dokumente und Einstellungen\Peter\Eigene Dateien\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LKB6KSEX\firstload_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PGQQNXIJ\firstload_com[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
E:\backupc\Appl\Nero\Nero-7.10.1.0_deu_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
E:\backupc\Appl\Nero\Nero9\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
|
|
03.07.2012, 10:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitet Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.07.2012, 18:09
| #5 |
| | Google-Links werden umgeleitet Windows läuft ohne besondere Vorkommnisse, auch die Geschwindigkeit stimmt (wieder). Kein leerer Programmordner. Gruß Peter |
|
04.07.2012, 15:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitet Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Google-Links werden umgeleitet |
|
04.07.2012, 17:02
| #7 |
| | Google-Links werden umgeleitet OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.07.2012 17:37:26 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\Peter\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1023,49 Mb Total Physical Memory | 530,20 Mb Available Physical Memory | 51,80% Memory free 2,03 Gb Paging File | 1,55 Gb Available in Paging File | 76,20% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 24,97 Gb Free Space | 33,51% Space Free | Partition Type: NTFS Drive D: | 55,89 Gb Total Space | 19,84 Gb Free Space | 35,50% Space Free | Partition Type: NTFS Drive E: | 46,87 Gb Total Space | 26,26 Gb Free Space | 56,03% Space Free | Partition Type: NTFS Drive F: | 9,02 Gb Total Space | 5,91 Gb Free Space | 65,45% Space Free | Partition Type: FAT32 Computer Name: TS01 | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony SCSI Helper Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (RampartSvc) -- C:\Programme\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (nvcap) nVidia WDM Video Capture (universal) -- system32\DRIVERS\nvcap.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (camfilt2) -- C:\WINDOWS\system32\drivers\camfilt2.sys (Guillemot Corporation) DRV - (SNPSTD3) -- C:\WINDOWS\system32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (RCFOX) -- C:\WINDOWS\system32\drivers\RCFOX.SYS (SonicWALL, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (PVRUSBDriver) -- C:\WINDOWS\system32\drivers\PVRUSBDriver.sys (Windows (R) 2000 DDK provider) DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\NVXBAR.SYS (NVIDIA Corporation) DRV - (rcvpn) -- C:\WINDOWS\system32\drivers\rcvpn.sys (SonicWALL, Inc.) DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors) DRV - (Cap7134) MEDION (7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation) DRV - (ALCXWDM) Service for Avance AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Avance Logic, Inc.) DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.) DRV - (SiSide) -- C:\WINDOWS\system32\drivers\siside.sys (Silicon Integrated Systems Corp.) DRV - (Intels51) -- C:\WINDOWS\system32\drivers\ctxs51.sys (Intel Corporation) DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider) DRV - (NPF) -- C:\Programme\DBoxBoot\PACKET.SYS () DRV - (atirage) -- C:\WINDOWS\system32\drivers\atiragem.sys (ATI Technologies Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH) DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\..\SearchScopes,DefaultScope = {D48E2B94-3837-449C-9D33-302F40B07492} IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\..\SearchScopes\{D48E2B94-3837-449C-9D33-302F40B07492}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Programme\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.22 19:01:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.27 17:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions [2012.05.03 12:28:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\ksvv2ks1.default\extensions [2012.06.22 19:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 10:05:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.10 18:49:01 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.0.0.1 ts1 O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Avance Logic, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\..Trusted Domains: google.com ([picasa] http in Vertrauenswürdige Sites) O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.com/s/v/70.11/uploader2.cab (UploadListView Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163670540453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163670532687 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124102B1-02EB-46DD-89A5-0BA3AABD0E23}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBAFAB6-886C-43DD-87CC-1109EFF1B98E}: DhcpNameServer = 10.1.62.1 10.1.62.2 10.1.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.11.16 11:16:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002.10.13 02:01:13 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{5ad44b54-3cc4-11de-a984-006073e436ef}\Shell\AutoRun\command - "" = InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 21:53:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.01 13:15:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2012.06.26 19:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2012.06.26 19:57:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2012.06.26 19:57:39 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2012.06.23 14:57:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2012.06.22 19:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.06.22 16:26:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe [2012.06.22 11:15:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Malwarebytes [2012.06.22 11:14:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.22 11:14:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.22 11:14:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.22 11:14:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.22 09:37:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2012.06.22 09:37:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2012.06.21 00:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.04 17:46:43 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C9D6E7D8-6948-4ECE-8EEC-62B138489CBF}.job [2012.07.04 17:32:21 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe [2012.07.04 17:16:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.07.04 17:04:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.07.04 15:30:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.04 15:28:42 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.07.04 15:28:33 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Ogqtdaei.job [2012.07.04 15:28:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.01 21:23:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.07.01 13:15:58 | 000,001,771 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2012.07.01 13:15:58 | 000,001,765 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2012.06.23 14:59:30 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.06.22 19:01:41 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.06.22 16:54:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 16:25:51 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.21 22:07:36 | 000,376,395 | ---- | M] () -- C:\fraglist.luar [2012.06.21 18:54:55 | 000,043,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.13 20:23:47 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.13 20:20:46 | 000,495,942 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.13 20:20:46 | 000,475,836 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.13 20:20:46 | 000,092,044 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.13 20:20:46 | 000,076,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.13 11:11:52 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\PUTTY.RND [2012.06.13 11:08:00 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\winscp.rnd [2012.06.07 11:00:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 19:57:39 | 000,001,771 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2012.06.26 19:57:39 | 000,001,765 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2012.06.23 14:59:30 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2012.06.23 14:59:30 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2012.06.22 19:01:41 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2012.06.22 19:01:40 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.06.22 16:25:51 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\defogger_reenable [2012.06.22 11:14:49 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 10:47:23 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.21 22:07:36 | 000,376,395 | ---- | C] () -- C:\fraglist.luar [2012.06.15 15:19:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2012.06.11 11:18:15 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\Ogqtdaei.job [2012.05.10 23:29:52 | 000,160,016 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.05.04 18:41:37 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\.ptbt0 [2012.02.16 11:48:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.15 19:10:03 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2012.01.15 19:10:03 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2012.01.15 19:10:03 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2012.01.15 19:08:58 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe [2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.11.29 17:27:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2011.08.03 18:48:54 | 000,000,000 | RH-- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\f23291c8f32fe6e5bb6f8bd0a004057d [2011.05.27 17:57:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.04.14 16:05:39 | 000,002,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mdbu.bin [2011.01.16 23:33:26 | 000,265,274 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1644491937-73586283-839522115-1005-0.dat [2010.12.20 13:27:05 | 000,532,010 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1644491937-73586283-839522115-1003-0.dat [2010.12.20 13:27:02 | 000,267,010 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.12.20 12:06:53 | 000,000,312 | ---- | C] () -- C:\WINDOWS\PhEdit.INI [2010.12.20 11:53:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2010.12.20 11:53:03 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2010.12.20 11:53:03 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2010.12.20 11:53:03 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2010.12.20 11:53:03 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2010.12.20 11:53:03 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2010.12.20 11:53:03 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2010.12.20 11:53:03 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2010.12.20 11:53:03 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2010.12.20 11:53:03 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2010.12.20 11:53:03 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2010.12.20 11:53:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2010.12.20 11:53:03 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2010.12.20 11:53:03 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2010.12.20 11:53:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2010.12.20 11:53:03 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2010.12.20 11:53:03 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2010.12.20 11:53:03 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2010.12.20 11:53:03 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2010.05.10 16:59:00 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\winscp.rnd [2009.01.13 18:10:50 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\PUTTY.RND [2008.12.02 21:36:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\$_hpcst$.hpc [2007.11.06 10:12:36 | 000,001,739 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.01.20 12:43:45 | 000,000,224 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\default.pls [2006.12.01 08:23:16 | 000,043,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.26 19:36:08 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_PCM.exe ========== LOP Check ========== [2011.04.14 16:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HappyFoto-Designer [2011.11.29 20:55:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kinoma [2008.10.31 14:28:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2007.06.12 15:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir [2010.12.20 11:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic [2012.06.22 10:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2009.01.05 20:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2010.09.08 16:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007.01.14 00:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2011.01.25 18:33:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Amazon [2012.01.12 20:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\calibre [2012.07.03 00:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Canon [2009.11.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Haenlein-Software [2012.07.03 11:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\ICAClient [2011.06.23 14:41:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mkvtoolnix [2012.01.14 16:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Samsung [2012.06.22 17:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TeamViewer [2012.01.18 12:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Temp [2009.01.06 15:50:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TerraTec [2011.08.13 16:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sissy\Anwendungsdaten\Canon [2007.01.04 22:42:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sissy\Anwendungsdaten\ICAClient [2011.03.06 21:25:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sissy\Anwendungsdaten\TerraTec [2012.07.04 15:28:33 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Ogqtdaei.job [2012.07.04 17:46:43 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C9D6E7D8-6948-4ECE-8EEC-62B138489CBF}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2010.08.26 10:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.23 16:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Adobe [2009.01.14 18:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\AdobeUM [2011.10.31 11:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Ahead [2011.01.25 18:33:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Amazon [2010.09.08 16:24:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Apple Computer [2012.03.21 09:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Avira [2012.01.12 20:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\calibre [2012.07.03 00:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Canon [2010.02.06 16:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\CyberLink [2009.05.09 20:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Google [2009.11.19 20:08:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Haenlein-Software [2012.07.03 11:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\ICAClient [2006.11.16 11:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Identities [2010.12.20 11:53:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\InstallShield [2007.01.03 23:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Macromedia [2012.06.22 11:15:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Malwarebytes [2012.06.23 16:23:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Microsoft [2011.06.23 14:41:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\mkvtoolnix [2011.05.27 17:57:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla [2012.01.14 16:39:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Samsung [2012.05.25 22:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Skype [2008.11.08 17:04:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\skypePM [2006.12.04 10:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\SonicWALL [2011.11.29 20:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Sony Corporation [2007.05.25 20:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Sun [2012.06.22 17:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TeamViewer [2012.01.18 12:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Temp [2009.01.06 15:50:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\TerraTec [2012.04.17 19:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\vlc [2011.05.28 02:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 09:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 08:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2011.10.28 14:14:08 | 000,036,352 | ---- | M] (Panasonic Corporation) MD5=780BB15C79E25BEFD4B3BBBC565DAC2A -- C:\Programme\Panasonic\PHOTOfunSTUDIO 6.0 BD\Core\EventLog\EventLog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 08:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 08:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 08:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.16 11:24:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006.11.16 11:24:37 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006.11.16 11:24:37 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Hallo Arne, Scan mit dem aktuellen OTL.exe durchgeführt, auf das letzte von dir angeführte 'ok' bin ich nicht gekommen - hoffe, ich hab' alles richtig gemacht. Gruß Peter |
|
05.07.2012, 09:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitetCode:
ATTFilter Windows XP Professional
O1 - Hosts: 10.0.0.1 ts1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124102B1-02EB-46DD-89A5-0BA3AABD0E23}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFBAFAB6-886C-43DD-87CC-1109EFF1B98E}: DhcpNameServer = 10.1.62.1 10.1.62.2 10.1.1.1
- WinXP Professional - Rechner im privaten 10er-Netz, das ist ungewöhnlich für Home-Umgebungen - ts1= Terminal Server 1  oder was soll das heißen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 11:28
| #9 |
| | Google-Links werden umgeleitet Hallo Arne, das kann ich dir gerne erklären. Ich war bis zu meiner Pensionierung vor 4 Jahren in der EDV einer großen österreichischen gemeinnützigen Organisation tätig, deren Schwerpunkt in der Altenpflege liegt. Ganz habe ich meine Verbindung dorthin noch nicht abgebrochen, daher findet sich auf meinem Rechner noch ein Citrix-Client, der auch noch ganz selten angeworfen wird. Der Name TS01 kommt aber vom Domänennamen eines ehemaligen Nachbarn auf der anderen Straßenseite, an dessen Server ich via Peer-to-Peer-WLAN früher mal im Internet mitgenascht hab, als die Internet-Verbindungen bei uns in der Siedlung noch teuer und selbst über ISDN kaum einzurichten waren. Funktionierte damals mit israelischen Access-Points, die mit sagenhaften 2 MBit übertragen konnten, wenn nicht gerade der Wind einen Ast in den Weg bog und war fürchterlich neumodisch. Ist Schnee von gestern, der Rechnername hat aber vor ein paar Jahren eine Neuinstallation überlebt. TS als Domänenname hat mit Terminal-Server überhaupt nichts zu tun, sondern leitet sich von einer Firma ab, in der mein Nachbar vor etwa 15 Jahren einmal beschäftigt war. Jedenfalls wird mein Rechner heute ausschließlich privat genutzt und ich selbst fühle mich mittlerweile ein wenig als EDV-Saurier, was angesichts der raschen Entwicklung wahrscheinlich ganz normal ist. Immerhin habe ich meine ersten Programme noch auf Lochkarten gestanzt und meine ersten Disketten hatten bei einem Durchmesser von 8 Zoll gerade mal 128 KByte Fassungsvermögen. So, Ende des Strip-Tease. Ich hatte jedenfalls nie vor, Dir irgendwas zu verbergen und habe mich ans Trojaner-Board gewendet, weil es mir nach einigen eigenen hilflosen Versuchen die beste Möglichkeit zu sein schien. Gruß Peter |
|
05.07.2012, 12:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitet Ist ja schon ok, nur frage ich da deswegen anch, weil Firmen-Rechner nicht über ein Board adminstriert werden sollten, dazu gibt es die EDV-Abteilung Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.11.16 11:16:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.10.13 02:01:13 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5ad44b54-3cc4-11de-a984-006073e436ef}\Shell\AutoRun\command - "" = InstallTomTomHOME.exe
[2012.07.04 15:28:33 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\Ogqtdaei.job
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 14:22
| #11 |
| | Google-Links werden umgeleitet Hallo Arne, ich melde mich vom Laptop - mein Rechner steht im Moment im Zuge del OTL-Fix. Solange ich ihn beobachtet habe, war 'Killing processes'. Nun ist absolute Ruhe bei leerem blauen Bildschirm. Hab' mit gedacht, das erzähl' ich dir und warte auf Antwort, bevor der wohl unausbleibliche Hardware-Reset erfolgt?! Gruß Peter Wo ist meine letzte Antwort geblieben? Ich hab sinngemäß geschrieben: Bin zurzeit am Laptop, weil der Hauptrechner im OTL (oder beim Reset?) hängengeblieben ist. Solange ich ihn beobachtete war 'Killing processes' am Laufen. Will eigentlich nichts machen, ohne mich mit dir abgestimmt zu haben - Gruß Peter |
|
05.07.2012, 16:06
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitet Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 16:44
| #13 |
| | Google-Links werden umgeleitet im abgesicherten Modus ist der Fix durchgelaufen - aber ich hab' vor lauter Begeisterung vergessen, den Virenschutz abzudrehen! Hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1644491937-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ad44b54-3cc4-11de-a984-006073e436ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ad44b54-3cc4-11de-a984-006073e436ef}\ not found.
File InstallTomTomHOME.exe not found.
C:\WINDOWS\Tasks\Ogqtdaei.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 930082 bytes
->Temporary Internet Files folder emptied: 2005645 bytes
->FireFox cache emptied: 40925373 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 82322 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Peter
->Temp folder emptied: 289042993 bytes
->Temporary Internet Files folder emptied: 52087833 bytes
->Java cache emptied: 44060180 bytes
->FireFox cache emptied: 166293193 bytes
->Flash cache emptied: 2123 bytes
User: sissy
->Temp folder emptied: 85417162 bytes
->Temporary Internet Files folder emptied: 97023490 bytes
->Java cache emptied: 2108326 bytes
->FireFox cache emptied: 58359028 bytes
->Flash cache emptied: 66665 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128237844 bytes
RecycleBin emptied: 70528 bytes
Total Files Cleaned = 924,00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Peter
->Flash cache emptied: 0 bytes
User: sissy
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07052012_173035
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Gruß Peter |
|
05.07.2012, 19:10
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google-Links werden umgeleitet Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
