a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt

mobspot · 25.07.2012, 12:29

Hallo Zusammen, ein Neuling mit einem Problem, dass ich kurz schildern möchte. Ich hatte nach einer Internetrecherche plötzlich eine Meldung, dass sich ein Programm installieren möchte (irgendwas mit "w" und 4 Buchstaben). Das habe ich untersagt, die Meldung ist aber permanent aufgepoppt, auch STRG+ALT+ENTF und Taskmanager hat nicht funktioniert. Also habe ich das Laptop hart heruntergefahren und nach Restart einen cc-cleaner laufen lassen wollen. In diesem Verlauf sind dann ganze Heerscharen von popups gekommen, die mich auf einen totalen harddisk-Fehler und schwere Systemfehler aufmerksam machten, gleichzeitig ein weiteres Programm "filesys" oder so ähnlich, dass gegen Bezahlung meinen Rechner wieder fit macht. Stattdessen hab ich die Systemsteuerung gezogen und eine Wiederherstellung durchgeführt, soweit so gut. Danach waren die meisten Dateien auf allen Partitionen (insgesamt 3) überweigend als versteckte Dateien wiederzufinden. Nach einer ersten Recherche hab ich gestern eset.exe scannen lassen (hat 6h gedauert

). das ergebnisfile hier im Folgenden:

C:\Users\***\AppData\Local\Temp\B948.tmp a variant of Win32/Kryptik.AIWA trojan
C:\Users\***\AppData\Local\Temp\vrnvVbm2q1Z9HC.exe.tmp a variant of Win32/Kryptik.AIVK trojan
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\***\Documents\DVDVideoSoft\SoftonicDownloader_fuer_audiocon.exe a variant of Win32/SoftonicDownloader.A application
R:\System Volume Information\_restore{FCB56B84-9A2F-40C0-93A8-37B28BE17D11}\RP259\A0135310.exe Win32/Adware.ADON application
R:\****\FreeAudioCDtoMP3Converter.exe Win32/Adware.ADON application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 10.zip Win32/Adware.ADON application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application
S:\$RECYCLE.BIN\S-1-5-21-4018179539-3163974065-579344517-1003\$REIUPD4\Backup Files 2012-07-24 123242\Backup files 3.zip a variant of Win32/SoftonicDownloader.A application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 10.zip Win32/Adware.ADON application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application
S:\***-PC\Backup Set 2012-06-14 120001\Backup Files 2012-06-14 120001\Backup files 3.zip a variant of Win32/SoftonicDownloader.A application

(Zur Erklärung S:\ und R:\ sind meine Backups auf einer externen Platte).

Danach hab ich mich hier angemeldet und bin oder wollte wie beschrieben vorgehen: defogger und OTL sind problemlos gelaufen (files im Anhang);

bei "gmer" ist mir der Rechner beim ersten Versuch abgedampft (siehe Anhang "unerwartetes herunterfahren.txt"). 2. Versuch, dann wieder um 4Uhr früh ausgestiegen, das heißt Uhr stehen gebleiben, Maus weg, keinerlei Tastenfunktionen mehr) Deswegen gibt´s dazu leider kein file. Aber als nachtaktiver Mensch hab ich mir den Dateipfad abgeschrieben, bei dem´s passiert ist, wie folgt:

C:\Windows\winsxs\x86_wcf_m_smsvchost_perf_c_reg31bf3856ad364e35_6.1.7600.16385_none_3023f96a70048f98. Anbei auch ein Bild (img_0420)

Soviel zur Schilderung (Gott war das hoffentlich nicht zu lang

). Hoffe auf eure Hilfe, damit ich meinen Rechner wieder clean kriege.

Vielen Dank vorab

cosinus · 30.07.2012, 10:34

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

mobspot · 30.07.2012, 13:13

Hallo Cosinus,

Danke für die erste Antwort. Hier das logfile von malwarebytes. Ich hab versucht das in den Code-Tags direkt zu posten, bekomm das aber nicht hin, sorry.

Hoffe auf weitere Rückmeldungen.

Danke

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
bslap :: BSLAP-PC [Administrator]

30.07.2012 11:44:11
mbam-log-2012-07-30 (11-44-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406715
Laufzeit: 2 Stunde(n), 19 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 30.07.2012, 18:44

Code:

ATTFilter

C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_getdataback.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bslap\Documents\Downloads\SoftonicDownloader_fuer_recuva.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

mobspot · 30.07.2012, 20:43

Hallo cosinus,

hab die Botschaft verstanden :-|

Bislang hatte ich noch nihct mit Malwarebytes gescannt. Nur mit eset, das logfile hatte ich ja gepostet.

Wie geht´s weiter?

Gruß mobspot.

cosinus · 30.07.2012, 21:27

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

mobspot · 31.07.2012, 10:47

Servus again,

hier das txt-file von AdwCleaner

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 11:44:48
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : bslap - BSLAP-PC
# Running from : C:\Users\bslap\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\bslap\AppData\Local\APN
Folder Found : C:\Users\bslap\AppData\Local\Conduit
Folder Found : C:\Users\bslap\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\bslap\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\bslap\AppData\LocalLow\Conduit
Folder Found : C:\Users\bslap\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Johannes\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Johannes\AppData\LocalLow\Conduit
Folder Found : C:\Users\Johannes\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Johannes\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Johannes\AppData\LocalLow\PriceGong
Folder Found : C:\Users\bslap\AppData\Roaming\Desktopicon
Folder Found : C:\Users\bslap\AppData\Roaming\OpenCandy
Folder Found : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\toolbar@ask.com
Folder Found : C:\Users\bslap\Documents\Save
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AutocompletePro
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Found : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2611456[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AutocompletePro
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8e97ebda00000000000054ed87e48d15&tlver=1.4.19.19&affID=17162

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Found : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Found : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

-\\ Opera v12.0.1467.0

File : C:\Users\bslap\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Johannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9777 octets] - [31/07/2012 11:44:48]

########## EOF - C:\AdwCleaner[R1].txt - [9905 octets] ##########

Danke

cosinus · 31.07.2012, 12:31

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

mobspot · 31.07.2012, 13:03

Hi Arne,

hier die txt-Datei

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 13:58:57
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User : bslap - BSLAP-PC
# Running from : C:\Users\bslap\Documents\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\bslap\AppData\Local\APN
Folder Deleted : C:\Users\bslap\AppData\Local\Conduit
Folder Deleted : C:\Users\bslap\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\bslap\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\bslap\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bslap\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Johannes\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\bslap\AppData\Roaming\Desktopicon
Folder Deleted : C:\Users\bslap\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\bslap\Documents\Save
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AutocompletePro
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611456[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AutocompletePro
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10205&bi=400 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8e97ebda00000000000054ed87e48d15&tlver=1.4.19.19&affID=17162 --> hxxp://www.google.com

-\\ Mozilla Firefox v5.0 (de)

Profile name : default
File : C:\Users\bslap\AppData\Roaming\Mozilla\Firefox\Profiles\7ns5zi8v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

-\\ Opera v12.0.1467.0

File : C:\Users\bslap\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Johannes\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9906 octets] - [31/07/2012 11:44:48]
AdwCleaner[S1].txt - [10140 octets] - [31/07/2012 13:58:57]

########## EOF - C:\AdwCleaner[S1].txt - [10269 octets] ##########

Gruß Steffen

cosinus · 31.07.2012, 18:51

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mobspot · 31.07.2012, 19:11

Hello Again, war grad auf dem Weg von Bremen nach Aachen, was ein Stress!

Nun zu deinen Fragen:

Windows geht soweit wieder - einige leere Ordner sind tatsächlich da und einige, die zwar einen Inhalt anzeigen, den man aber nicht deinstallieren kann - nur die Verknüpfung löschen kann ich. Was ich nicht machen kann sind manuelle Wiederherstellungspunkte erstellen - was aber vielleicht bei Windows7 gar nicht geht, weiß nicht.

Zur zweiten Frage: Ärgerlich ist, dass etliche bzw. die meisten Ordner jetzt versteckt angezeigt werden, teilweise musste ich mir trotz Adminrechten eine Freigabe erteilen, dass ich überhaupt zugreifen kann. Einige der Ordner hab ich jetzt manuell wieder als nicht versteckt gekennzeichnet.

Gruß Steffen

cosinus · 01.08.2012, 19:01

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

mobspot · 06.08.2012, 12:48

Hallo Arne,

"unhide" hat funktioniert, vielen Dank für den Tip.

Da ja jetzt alles wieder soweit funktioniert, bleibt noch die Frage, was mit den Trojanern passiert? Ich hab einen Scan mit Avira gemacht, der hat die nicht gefunden. Ich meine aber, dass die immer noch auf meiner Platte ihr Unwesen treiben.

Macht es Sinn auf Kaspersky umzusteigen?

Freu mich auf Rückmeldung
Gruß Steffen

cosinus · 06.08.2012, 13:20

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

mobspot · 06.08.2012, 15:51

Hallo, hier das OTL.txt-file:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.08.2012 16:24:56 - Run 4
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\bslap\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 55,81% Memory free
5,73 Gb Paging File | 4,03 Gb Available in Paging File | 70,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110,55 Gb Total Space | 37,54 Gb Free Space | 33,96% Space Free | Partition Type: NTFS
Drive P: | 84,33 Gb Total Space | 23,23 Gb Free Space | 27,55% Space Free | Partition Type: NTFS
Drive Q: | 93,86 Gb Total Space | 60,02 Gb Free Space | 63,95% Space Free | Partition Type: NTFS
 
Computer Name: BSLAP-PC | User Name: bslap | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\bslap\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Microsoft MapPoint Europe 2011\StreetsOlkShim.exe (Microsoft)
PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
PRC - C:\Programme\Dell\DW WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\EMC IRM\Common\autoofflineprocess.exe (EMC Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
PRC - C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
PRC - C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
PRC - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Programme\Common Files\ScanSoft Shared\PDF5\OutlookAddin.dll ()
MOD - C:\Programme\Common Files\ScanSoft Shared\PDF5\PDFAttachPlugin.api ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MCSWASVR) -- C:\Programme\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe (Deutsche Telekom AG)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe (IDT, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SR_Watchdog) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe (Check Point Software Technologies)
SRV - (SR_Service) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe (Check Point Software Technologies)
SRV - (InstallFilterService) -- C:\Programme\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (PDFProFiltSrv) -- C:\Programme\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (CP_OMDRV) -- C:\Windows\System32\drivers\omdrv.sys (Check Point Software Technologies)
DRV - (FW1) -- C:\Windows\System32\drivers\fw.sys (Check Point Software Technologies)
DRV - (VNASC) -- C:\Windows\System32\drivers\vnasc.sys (Check Point Software Technologies)
DRV - (VPN-1) -- C:\Windows\System32\drivers\vpn.sys (Check Point Software Technologies)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (CtAudDrv) -- C:\Windows\System32\drivers\CtAudDrv.sys (Creative Technology Ltd.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (pnetmdm) -- C:\Windows\System32\drivers\pnetmdm.sys (June Fabrics Technology)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{F9309114-FB8A-4374-9F17-2182F5D35983}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.obt.de/obt/view/index.shtml
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\URLSearchHook: {c98be8db-5fd4-4455-9bb2-a3e1ae5a325b} - No CLSID value found
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes,DefaultScope = {8CADF081-C10D-47E8-A0E7-20B236C7687E}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{0C3B6D3A-4BBE-4974-B956-213E1C9D169E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{58E96FE9-6F43-49AD-BF36-ED4F16C51325}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=ED36A7E0-5C95-4AB8-8C09-627A98C536C5&apn_sauid=7410988B-BF73-4AFF-A876-070C0D8CBA1D
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{8CADF081-C10D-47E8-A0E7-20B236C7687E}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{99CAA2E9-BEFC-4BDA-A402-8A681968B26B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{A638CBD1-8BCB-465B-B483-F2FC8195234B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=181099&p={searchTerms}
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{AE291BCA-9FD8-4E2E-A180-6911D574E358}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{B58D7ED5-C305-412D-AFCE-0495C6BF6F07}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{D8B381EF-841B-4827-9618-5AB4BD966BD2}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\SearchScopes\{E024BBBC-5D56-441F-9F10-B4DA528A8C5A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1586a973-5e0f-436e-8798-aa001adf9dcc&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.23 16:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.21 13:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.23 16:42:15 | 000,000,000 | ---D | M]
 
[2011.07.08 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bslap\AppData\Roaming\mozilla\Extensions
[2012.07.31 13:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bslap\AppData\Roaming\mozilla\Firefox\Profiles\7ns5zi8v.default\extensions
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\bslap\AppData\Roaming\mozilla\Firefox\Profiles\7ns5zi8v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.21 15:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.08 18:34:57 | 000,003,189 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Ask Toolbar = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaakfopmidbfddimafofbdngbkidf\7.13.0.0_0\
CHR - Extension: YouTube = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\bslap\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Programme\BrotherSoft_Extreme\prxtbBrot.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IRM Offline Refresh.lnk = C:\Programme\EMC IRM\Common\autoofflineprocess.exe (EMC Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-4018179539-3163974065-579344517-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13709972-8B0E-4E3E-8DF9-A937C1F47338}: NameServer = 192.2.200.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B06F1A46-1293-4935-96C3-5D6DCB2A90E1}: DhcpNameServer = 192.168.100.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5B01265-17CC-411F-993E-B98B3E8FB316}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 12:36:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{18d93536-f729-11df-84da-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{38cdcb0a-17d3-11e0-9c39-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3e400b-5898-11e0-a5ed-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{877f37d2-f880-11df-87eb-54ed87e48d15}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell - "" = AutoRun
O33 - MountPoints2\{df0945cb-fb37-11df-87c2-54ed87e48d15}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Users^bslap^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter Assistent.lnk - C:\Programme\Telekom\Mediencenter\MediencenterSoftware.exe - (Deutsche Telekom AG)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Dell Webcam Central - hkey= - key= - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig - StartUpReg: FreeFallProtection - hkey= - key= - C:\Programme\STMicroelectronics\Accelerometer\FF_Protection.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: HW_OPENEYE_OUC_T-Mobile Internet Manager - hkey= - key= - C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: Nuance PDF Professional 5-reminder - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Programme\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDFHook - hkey= - key= - C:\Programme\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickSet - hkey= - key= - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: To-Do DeskList - hkey= - key= - C:\Programme\To-Do DeskList\To-Do DeskList.exe (Dextronet)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
%SYSTEMROOT%\SYSTEM32\*.DLL /LOCKEDFILES CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 14:48:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\bslap\Desktop\OTL.exe
[2012.08.03 14:32:49 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\bslap\Desktop\unhide.exe
[2012.07.31 13:55:20 | 000,000,000 | ---D | C] -- C:\Users\bslap\Desktop\Logfiles
[2012.07.31 13:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012.07.30 11:42:33 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Malwarebytes
[2012.07.30 11:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.30 11:42:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.30 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 08:35:37 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Local\482CD0FC-201D-485F-8987-8B9F43F23531.aplzod
[2012.07.24 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.24 12:28:25 | 000,000,000 | ---D | C] -- C:\Windows\AxInstSV
[2012.07.23 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
[2012.07.23 13:12:25 | 000,000,000 | ---D | C] -- C:\Users\bslap\Documents\FFOutput
[2012.07.23 13:11:42 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012.07.23 13:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2012.07.19 18:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.1.1 Home Edition
[2012.07.15 05:12:17 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\Boolat Games
[2012.07.15 01:58:01 | 000,000,000 | ---D | C] -- C:\Users\bslap\AppData\Roaming\BlamGames
[1 C:\Users\bslap\AppData\Local\*.tmp files -> C:\Users\bslap\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 16:06:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 14:48:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\bslap\Desktop\OTL.exe
[2012.08.06 11:47:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 11:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 22:17:39 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:17:39 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:14:19 | 000,803,652 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 22:14:19 | 000,746,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 22:14:19 | 000,188,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 22:14:19 | 000,159,684 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 22:08:54 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.08.05 22:08:29 | 2307,928,064 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 12:07:50 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.03 17:55:36 | 000,185,228 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012.08.03 14:32:52 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\bslap\Desktop\unhide.exe
[2012.08.01 16:27:55 | 001,087,806 | ---- | M] () -- C:\Users\bslap\Desktop\Auftrag Telekom.pdf
[2012.08.01 15:58:48 | 394,068,701 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.31 11:54:34 | 000,632,049 | ---- | M] () -- C:\Users\bslap\Documents\adwcleaner.exe
[2012.07.30 11:42:22 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 11:17:08 | 000,489,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.25 00:07:27 | 000,000,000 | ---- | M] () -- C:\Users\bslap\defogger_reenable
[2012.07.23 17:37:33 | 000,000,592 | ---- | M] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.23 17:29:02 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:49 | 000,000,072 | ---- | M] () -- C:\ProgramData\-UVMAhz1x7mghI5r
[2012.07.18 16:44:09 | 000,000,021 | ---- | M] () -- C:\Users\bslap\AppData\Local\mc.pixel.data
[2012.07.17 14:35:00 | 009,116,780 | ---- | M] () -- C:\Users\bslap\Desktop\Vorschlag 9.PDF
[2012.07.13 17:27:05 | 000,006,884 | ---- | M] () -- C:\Users\bslap\Desktop\Mappe1.pdf
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[1 C:\Users\bslap\AppData\Local\*.tmp files -> C:\Users\bslap\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.03 17:55:36 | 000,185,228 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012.08.01 16:27:55 | 001,087,806 | ---- | C] () -- C:\Users\bslap\Desktop\Auftrag Telekom.pdf
[2012.08.01 15:58:48 | 394,068,701 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.31 11:54:34 | 000,632,049 | ---- | C] () -- C:\Users\bslap\Documents\adwcleaner.exe
[2012.07.30 11:42:22 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 11:16:53 | 000,489,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.25 00:07:27 | 000,000,000 | ---- | C] () -- C:\Users\bslap\defogger_reenable
[2012.07.23 17:20:49 | 000,000,072 | ---- | C] () -- C:\ProgramData\-UVMAhz1x7mghI5r
[2012.07.23 17:20:49 | 000,000,072 | ---- | C] () -- C:\ProgramData\-UVMAhz1x7mghI5
[2012.07.23 17:20:46 | 000,000,592 | ---- | C] () -- C:\ProgramData\UVMAhz1x7mghI5
[2012.07.17 14:35:00 | 009,116,780 | ---- | C] () -- C:\Users\bslap\Desktop\Vorschlag 9.PDF
[2012.07.13 17:27:05 | 000,006,884 | ---- | C] () -- C:\Users\bslap\Desktop\Mappe1.pdf
[2012.06.15 13:53:21 | 000,012,957 | ---- | C] () -- C:\Users\bslap\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2012.04.07 08:29:39 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\Input.xml
[2012.04.06 18:37:01 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\Settings.xml
[2012.01.17 14:39:28 | 000,000,093 | ---- | C] () -- C:\Users\bslap\AppData\Local\fusioncache.dat
[2012.01.16 17:32:20 | 000,000,264 | ---- | C] () -- C:\Windows\System32\winsusrm.dll
[2012.01.12 17:15:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\fInstall.ix
[2012.01.09 18:40:34 | 000,000,021 | ---- | C] () -- C:\Users\bslap\AppData\Local\mc.pixel.data
[2011.11.17 23:40:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.10.12 13:26:38 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.29 13:08:46 | 000,000,144 | ---- | C] () -- C:\Windows\ricdb.ini
[2011.07.28 20:54:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.07.23 18:55:55 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011.07.01 11:18:25 | 000,009,339 | ---- | C] () -- C:\Users\bslap\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011.05.30 12:40:07 | 000,007,600 | ---- | C] () -- C:\Users\bslap\AppData\Local\Resmon.ResmonCfg
[2011.05.18 21:50:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.05.12 16:24:26 | 000,000,000 | ---- | C] () -- C:\Users\bslap\AppData\Local\{CA714BD9-5E43-4B4F-89E2-128FB9AAB6C0}
[2011.02.23 17:11:25 | 000,083,496 | ---- | C] () -- C:\Windows\hpqins13.dat
[2011.02.23 16:38:58 | 000,268,134 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011.02.23 16:38:58 | 000,002,940 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011.01.28 21:00:57 | 000,000,680 | RHS- | C] () -- C:\Users\bslap\ntuser.pol
[2010.12.16 15:26:46 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.12.01 12:29:01 | 000,445,952 | ---- | C] () -- C:\Windows\System32\RepODBC.DLL
[2010.12.01 12:29:01 | 000,059,392 | ---- | C] () -- C:\Windows\System32\RepUtil.DLL
[2010.12.01 12:29:01 | 000,029,184 | ---- | C] () -- C:\Windows\System32\RepRC.DLL
[2010.11.26 15:57:06 | 000,001,355 | ---- | C] () -- C:\Windows\System32\odbcinst.ini
[2010.11.26 15:54:07 | 000,299,008 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.11.22 17:43:26 | 000,044,032 | ---- | C] () -- C:\Users\bslap\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.18 10:57:15 | 000,002,516 | ---- | C] () -- C:\Windows\System32\drivers\default.bin
[2010.11.18 10:57:15 | 000,002,516 | ---- | C] () -- C:\Windows\System32\default.bin
[2010.10.20 21:26:42 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010.10.20 13:46:20 | 000,000,204 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.10.01 11:47:11 | 001,774,720 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010.10.01 11:47:11 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.10.01 11:47:10 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010.10.01 11:47:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.10.01 11:47:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.09.04 08:22:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.09.04 08:22:34 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.09.04 08:22:34 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.09.04 08:22:34 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.09.04 08:22:33 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.09.04 08:22:33 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.09.04 08:22:32 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.09.04 08:22:32 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.09.04 05:56:59 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010.09.04 05:43:53 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
 
========== LOP Check ==========
 
[2011.09.13 23:45:16 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\A2 Entertainment
[2012.01.29 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar Entertainment
[2011.08.20 19:15:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Alawar Stargaze
[2010.12.27 01:54:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AlawarSouthpoint
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AlderGames
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\aliasworlds
[2011.05.16 06:06:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Amaranth Games
[2012.02.04 03:39:30 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Anarchy
[2012.05.06 18:26:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AnvSoft
[2012.02.05 23:48:35 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Artifex Mundi
[2012.02.11 02:04:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\AtlanticJourney
[2012.03.08 01:00:36 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Auslogics
[2012.07.23 17:46:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Autodesk
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Awem
[2012.07.15 01:58:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BlamGames
[2011.05.15 22:51:03 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\blg
[2011.08.04 22:36:15 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Blue Tea Games
[2012.07.15 05:12:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Boolat Games
[2011.08.27 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Boomzap
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BowWow
[2012.02.13 03:36:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\BrokenHearts
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Buhl Data Service
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Buhl Data Service GmbH
[2011.03.18 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Bump Technologies, Inc
[2012.06.05 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\calibre
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Casual Box
[2011.08.07 12:49:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CattaleGames
[2012.06.18 02:48:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CoronationStreetPC
[2012.07.23 17:53:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\CoSoSys
[2011.06.03 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Crown
[2012.03.10 01:57:03 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Daedalic Entertainment
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Deep Shadows
[2012.05.20 23:32:07 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\dekovir
[2012.05.17 20:55:50 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Dereza
[2011.05.31 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DragonsEye Studios
[2012.07.13 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DVDVideoSoft
[2012.05.15 14:07:16 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.23 17:46:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\EleFun Games
[2012.07.23 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Elephant Games
[2012.07.23 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\elsterformular
[2012.07.23 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Enki Games
[2012.07.23 17:46:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ERS Game Studios
[2011.05.01 14:10:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Farm Mania 2.1
[2010.10.27 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FileOpen
[2011.08.15 23:52:52 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Floodlight Games
[2012.07.23 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Friday's games
[2010.10.19 10:25:04 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FRITZ!
[2010.10.18 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.08.02 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Frogwares
[2011.10.09 22:20:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Funswitch
[2011.07.17 20:32:54 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Gaijin Ent
[2012.07.23 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GameInvest
[2011.05.18 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GamesCafe
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\GetRightToGo
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Happy Artist Studio
[2012.01.29 02:08:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Happy Chef
[2011.10.13 23:58:45 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Harmonic Flow
[2011.10.03 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\HdO Adventure
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Hidden Anthologies Pride and Prejudice
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\HipSoft
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ILClient
[2012.02.18 00:41:44 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Independent
[2011.05.29 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\InImages
[2011.04.25 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Intenium
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Islands3
[2012.07.23 17:53:41 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Jane s Hotel 3
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Jetdogs Studios
[2012.07.23 17:46:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\JoyBits
[2011.09.13 02:37:09 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\KeepersOfDryandra
[2011.08.20 00:21:43 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Kutawaves Game
[2011.01.07 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\LaJangada
[2011.08.02 23:38:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Lazy Turtle Games
[2011.08.05 01:15:46 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\LestaStudio
[2011.08.13 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\margrave3_full
[2011.09.25 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mariaglorum
[2012.01.29 00:08:22 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Maximize Games
[2011.07.19 09:15:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mayan Puzzle
[2012.07.23 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\md studio
[2012.02.18 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Mean Hamster
[2011.10.03 03:33:02 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\MediaArt
[2011.09.11 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Meridian93
[2011.07.01 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Merscom
[2011.02.28 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\morty productions
[2012.07.23 17:47:17 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\My Games
[2011.04.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\MysteryStudio
[2010.12.28 19:02:47 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\NCH Swift Sound
[2011.06.02 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\NevoSoft
[2012.07.23 17:47:18 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\OCS
[2012.07.23 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Opera
[2011.08.20 23:23:35 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Orneon
[2010.12.12 14:03:59 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PeaceCraft2
[2011.09.11 05:09:12 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PeaceCraft3
[2012.02.05 07:55:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PetRush
[2011.04.27 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Ph03nixNewMedia
[2012.02.05 08:03:55 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PlayFirst
[2012.02.05 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Playrix Entertainment
[2012.05.23 23:12:13 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\PoBros
[2012.05.20 03:11:37 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Sahmon Games
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Settlement. Colossus
[2011.07.03 12:49:11 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ShamanGS
[2011.07.28 20:57:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Shape games
[2012.07.23 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Silverback Productions
[2012.07.23 17:47:21 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\SMIGames
[2011.09.25 00:14:53 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Specialbit
[2011.07.01 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Stand O'Food 3
[2012.02.01 01:49:34 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Striped Arts
[2012.07.14 04:51:02 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\SulusGames
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Supermarket Mania 2
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\T-Mobile
[2012.07.29 18:05:36 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager
[2010.10.04 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Teleca
[2011.05.19 21:58:39 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\thejoyoffarming
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TheKingOfFire
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TLOTGT
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\To-Do DeskList
[2011.08.20 19:48:18 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Total Eclipse
[2012.06.18 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\TuneUpMedia
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Twilight Games
[2012.07.23 17:53:51 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Val'Gor 2
[2011.08.02 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ValGor 2
[2011.06.02 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\ValuSoft
[2012.07.23 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\VampireSagaHL
[2012.03.04 03:32:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Vast Studios
[2012.07.23 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\VendelGAMES
[2011.08.16 00:42:42 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Vogat Interactive
[2012.05.14 00:20:06 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\WeatherLord
[2011.07.17 01:24:07 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\WendigoStudios
[2010.10.27 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Windows Live Writer
[2011.05.20 07:42:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\World-Loom
[2012.07.23 17:47:26 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Xilisoft
[2012.06.27 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\YoudaGames
[2012.02.03 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Z-Software
[2012.07.23 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\bslap\AppData\Roaming\Zeon
[2011.11.01 10:03:12 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Gaijin Ent
[2011.01.30 18:35:50 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2011.01.30 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PeaceCraft2
[2011.10.23 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Playrix Entertainment
[2012.05.20 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sahmon Games
[2011.10.23 16:36:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\World-LooM
[2012.07.08 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Xilisoft
[2012.02.03 20:36:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Z-Software
[2011.01.30 18:36:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Zeon
[2012.07.13 09:17:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  Code: >
 
< --------- >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. >
 
< %APPDATA%\*.exe /s >
[2012.05.25 20:04:22 | 005,185,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv10.exe
[2012.05.25 20:05:31 | 005,184,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv11.exe
[2012.05.25 20:06:45 | 005,189,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.05.25 20:07:17 | 005,465,744 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur09.exe
[2012.05.25 20:04:30 | 005,466,864 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur10.exe
[2012.05.25 20:05:40 | 006,220,536 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.05.25 20:07:33 | 005,277,800 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst09.exe
[2012.05.25 20:04:45 | 005,278,368 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst10.exe
[2012.05.25 20:05:57 | 005,924,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.05.25 20:07:25 | 005,244,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz09.exe
[2012.05.25 20:04:37 | 005,246,416 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz10.exe
[2012.05.25 20:05:48 | 005,858,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.05.25 20:04:52 | 005,240,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta10.exe
[2012.05.25 20:06:05 | 005,246,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta11.exe
[2012.05.25 20:06:53 | 005,256,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.05.25 20:05:00 | 005,401,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb10.exe
[2012.05.25 20:06:13 | 005,400,408 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb11.exe
[2012.05.25 20:07:01 | 005,421,896 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.05.25 20:07:41 | 005,816,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a09.exe
[2012.05.25 20:05:08 | 005,819,568 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a10.exe
[2012.05.25 20:06:21 | 005,828,344 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.05.25 20:07:48 | 005,331,960 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust09.exe
[2012.05.25 20:05:24 | 005,336,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust10.exe
[2012.05.25 20:06:37 | 005,358,992 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.05.25 20:05:16 | 005,267,192 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva10.exe
[2012.05.25 20:06:29 | 005,276,096 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva11.exe
[2012.05.25 20:07:09 | 005,266,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.01.30 16:37:21 | 007,810,912 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7094_8086.exe
[2012.05.25 20:07:57 | 004,573,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_8479_8623.exe
[2012.01.30 16:38:41 | 007,089,424 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7094_8086.exe
[2012.05.25 20:08:05 | 005,762,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_8479_8623.exe
[2012.05.25 20:08:14 | 005,937,224 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8623.exe
[2012.01.30 16:35:32 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2012.05.25 20:04:09 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\bslap\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe
[2011.02.02 16:48:31 | 000,348,160 | ---- | M] (Octoshape ApS) -- C:\Users\bslap\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
[2011.06.29 17:22:47 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{06462190-AAB5-4F8E-A867-1BA6B710933D}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\DesktopMgr.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2010.10.20 22:27:21 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{13333239-0A15-4855-BEEB-0232DAA5B7EA}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.03.03 11:31:38 | 000,010,134 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.10.27 12:42:46 | 000,014,846 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
[2010.10.06 13:03:24 | 000,069,632 | ---- | M] (Acresso Software Inc.) -- C:\Users\bslap\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2011.05.22 18:01:42 | 000,106,496 | ---- | M] (OCS) -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.05.22 18:01:42 | 000,040,960 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2010.01.07 15:35:18 | 001,007,616 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.12.31 15:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\bslap\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
[2012.06.20 16:27:28 | 044,115,322 | ---- | M] () -- C:\Users\bslap\AppData\Roaming\Xilisoft\DVD Creator 6\x-dvd-creator7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Drivers\storage\R271949\f6flpy-x86\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
[2010.03.04 20:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_c766b54545e4141f\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.09.04 08:28:12 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< --------- >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1A4BF204
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:CEE4A457
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8E9C9E8F
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:93B0BB6F
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:3BF63E4A
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:0E22C5DB
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:BDCD0530
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:8DA9DB01
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D987CB43
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6A9CA6CB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:AE9DFC85
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6757F885
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:3E7C402E
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:10873493
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DB051353
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:639BB5E9
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5DB36C47
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:5C4A588B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:51E83E25
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AE289451
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:D770A15D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:3A4C8FE7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:092DD1DD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5CD70138
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F35AE645
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E9900C74
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BB718C46
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:4B70A9FA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46283136
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:33A7CC67
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:908A1B53
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:384AA0FD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2EB79F01
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2ABB51D4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:884C7316
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:6EA64886
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:63C68F03
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2530BFBE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:90FA53E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C0A2E219
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:34C443B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2CED8825
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:C43C957E
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:39EDBD33
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1234ADAE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F13867C6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:9CF728A6
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:44E16D4A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2DC35960
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A2B3764A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:1B3549F2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:16F4BC64
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:0E61938B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BD8010FE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3A4676D7
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:10B970A9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:06C34166
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4A906D4A
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:349E5B74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:274516E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:242E63C5
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0E5CFA74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:073139EC
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:BA24E689
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B139DDF3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C49306C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:BAFAD1DF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:58EB307C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:3B07E6F4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:EC0279DC
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E40D7F76
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0ACF1AF5
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:04ADB7A6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FCBEDCFD
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EB2D2CC5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C458CC0A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BC1F7CAE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9968F0E2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:90C320E1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:51E66512
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:18A6D2CC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B285A50E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9C2BD975
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED0B32CA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A9056F42
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:07D9FF25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E2B84483
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3C0887BF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:28819F45
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EA7D76BE
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:A1A86E40
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E4E56EA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7BBC3CCD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:6DDD2723
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:54F0BBF5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:7425C891
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:6FD36C4B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D576A536
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BEE39E9B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A17CCD03
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:9E05DEB0
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:73B78E79
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:36A39835
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2C86E2AD
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14FA5E46
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5FC5DCE
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0968E571
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6423D635
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E32D2701
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6D5A15BF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:58481C6F
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:553056F1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:07C99568
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7EBCAF87
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:DEE46C4E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:831C6B2D
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:7BE5BAAB
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:38D2EA83
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:88050731
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C049F97
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1604D047
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:DD6F157A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:00AA4B31
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:35629AE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:43E95997
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:723E56EC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:CC7738DB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:E9B2C525

< End of report >

--- --- ---

31.07.2012, 18:51	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt

Plagegeister aller Art und deren Bekämpfung: a variant of Win32/Kryptik.AIWA und mehr nach Systemwiederherstellung entdeckt