ADWARE/InstallCore.Gen

cosinus · 11.10.2012, 15:19

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

maggei88 · 12.10.2012, 10:53

codeOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.10.2012 10:32:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maggei\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 447,32 Mb Available Physical Memory | 44,11% Memory free
1,99 Gb Paging File | 1,03 Gb Available in Paging File | 51,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 134,24 Gb Free Space | 66,53% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 7,45 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
 
Computer Name: MAGGEI-NETBOOK | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 10:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggei\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.04.17 11:46:41 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.14 09:16:16 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.12.22 17:47:10 | 000,331,776 | ---- | M] (Pegatron) -- C:\Programme\Pegatron\Hotkey\PHControl.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.14 09:16:18 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2010.01.14 09:16:16 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.11.25 21:12:58 | 000,057,344 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\WLANV.dll
MOD - [2009.10.28 16:15:38 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPS.dll
MOD - [2009.10.02 18:48:42 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.09 20:58:48 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPF.dll
MOD - [2009.06.16 16:06:16 | 000,212,992 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\HKBD.dll
MOD - [2009.06.03 15:03:54 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll
MOD - [2009.06.03 15:00:20 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\LCSwit.dll
MOD - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
MOD - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
MOD - [2009.01.02 18:56:04 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FspLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.10 19:35:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.11.13 18:47:48 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.11.10 14:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.06.09 21:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2009.04.27 11:53:12 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.04.27 11:53:12 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.04.27 11:50:36 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.27 11:50:36 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/home.php?ref=hp
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{270CD8FD-04F8-4BDE-8C9D-657B2D2F05FC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{C7B14827-1F44-4DAE-A93D-A8AAD4CD5E2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager\addon [2010.08.28 12:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.10 17:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 15:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.02.08 21:31:37 | 000,000,000 | ---D | M] (Pageshots Pro) -- C:\Programme\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
[2011.08.19 21:39:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [PC Tools Security] C:\Users\Markus\AppData\Local\Temp\900230~1.EXE (PC Tools)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\All Users\Adobe [2012.01.31 18:36:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALDI Sued Foto Service [2010.07.13 13:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Aldi Sued Fotoservice [2009.12.18 14:22:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.31 22:28:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.11.22 00:11:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2012.09.10 17:06:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2012.09.10 15:17:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BVRP Software [2010.11.10 21:58:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Corel [2009.12.18 13:34:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011.06.13 16:34:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\HP [2012.04.22 12:18:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Lavasoft [2011.08.19 21:51:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MAGIX [2009.12.18 14:19:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.09.14 12:50:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010.07.12 14:58:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.10.10 13:13:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2009.12.18 15:01:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Tools [2012.09.10 16:03:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2012.09.10 15:04:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.05.02 10:52:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2012.09.10 16:03:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WBLD.INI ()
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.19 13:25:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.12.18 15:08:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Anwendungsdaten [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\AppData [2010.07.12 14:53:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Maggei\Contacts [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Cookies [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Desktop [2012.10.12 10:25:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Documents [2012.09.14 17:28:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Downloads [2012.10.07 14:33:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Druckumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Eigene Dateien [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Favorites [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Links [2012.08.13 15:28:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Lokale Einstellungen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Music [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Netzwerkumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\ntuser.dat ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.ini ()
O4 - Startup: C:\Users\Maggei\ntuser.pol ()
O4 - Startup: C:\Users\Maggei\Pictures [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Recent [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Saved Games [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Searches [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\SendTo [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Startmenü [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Tracing [2010.08.10 11:25:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Videos [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Vorlagen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Anwendungsdaten [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\AppData [2011.09.23 15:36:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Markus\Cookies [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Desktop [2012.10.07 14:25:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Documents [2011.11.22 16:45:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Downloads [2012.10.05 12:52:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Druckumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Eigene Dateien [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Favorites [2011.11.22 16:53:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Lokale Einstellungen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Netzwerkumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\ntuser.dat ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.ini ()
O4 - Startup: C:\Users\Markus\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Recent [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Markus\SendTo [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Startmenü [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Vorlagen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2012.10.08 22:16:22 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77475907-2527-4B36-9678-31061C7BE02D}: DhcpNameServer = 217.0.43.177 217.0.43.161
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.08 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.10.05 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- C:\124083-adware-installcore-gen-Dateien
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- \124083-adware-installcore-gen-Dateien
[2012.09.14 12:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.14 12:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.14 12:50:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.14 12:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.14 12:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.12 10:35:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.12 10:20:28 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 10:20:27 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.12 10:11:44 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2012.10.12 10:10:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.12 10:10:40 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 19:32:14 | 000,000,092 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.10 12:34:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 12:34:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 12:34:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 12:34:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 22:16:22 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:42:32 | 000,069,450 | ---- | M] () -- C:\124083-adware-installcore-gen.html
[2012.09.14 12:50:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:31:40 | 000,000,092 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.08 22:16:22 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- C:\124083-adware-installcore-gen.html
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- \124083-adware-installcore-gen.html
[2012.09.14 12:50:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.09 21:17:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0921.old
[2012.04.22 12:18:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.04.22 12:18:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.08.24 07:59:57 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.24 07:59:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.07.12 14:44:44 | 797,605,888 | -HS- | C] () -- \hiberfil.sys
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.13 13:30:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ALDI Sued Foto Service
[2009.12.18 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Aldi Sued Fotoservice
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012.09.10 17:06:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2010.11.10 21:58:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.12.18 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2012.09.10 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.08.19 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.12.18 15:08:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Anwendungsdaten
[2010.07.12 14:53:56 | 000,000,000 | -H-D | M] -- C:\Users\Maggei\AppData
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Contacts
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Cookies
[2012.10.12 10:25:58 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Desktop
[2012.09.14 17:28:22 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Documents
[2012.10.07 14:33:25 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Downloads
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Druckumgebung
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Eigene Dateien
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Favorites
[2012.08.13 15:28:56 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Links
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Lokale Einstellungen
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Music
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Netzwerkumgebung
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Pictures
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Recent
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Saved Games
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Searches
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\SendTo
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Startmenü
[2010.08.10 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Tracing
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Videos
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Vorlagen
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Anwendungsdaten
[2011.09.23 15:36:00 | 000,000,000 | -H-D | M] -- C:\Users\Markus\AppData
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Cookies
[2012.10.07 14:25:00 | 000,000,000 | R--D | M] -- C:\Users\Markus\Desktop
[2011.11.22 16:45:35 | 000,000,000 | R--D | M] -- C:\Users\Markus\Documents
[2012.10.05 12:52:03 | 000,000,000 | R--D | M] -- C:\Users\Markus\Downloads
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Druckumgebung
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Eigene Dateien
[2011.11.22 16:53:43 | 000,000,000 | R--D | M] -- C:\Users\Markus\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Links
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Music
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Pictures
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\Saved Games
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\SendTo
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Videos
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Vorlagen
[2012.10.08 22:16:22 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009.07.14 06:41:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.22 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe
[2011.10.31 22:34:07 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Apple Computer
[2011.11.22 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoft
[2011.11.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.22 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HP
[2012.10.05 12:39:12 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2012.09.14 12:51:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2012.10.05 12:39:12 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2012.10.05 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla
[2012.09.09 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Tools
[2012.09.09 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TestApp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\Users\All Users\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Temp:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

ist das so richtig mit den code tags?

cosinus · 12.10.2012, 14:15

Code:

ATTFilter

PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

Avast und Avira niemals parallel betreiben! Deinstalliere einen der beiden, ich empfehle du behälst Avast und deinstallierst AntiVir, mach danach bitte wieder ein neues OTL-Log

maggei88 · 12.10.2012, 18:40

Ok danke mach ich morgen!

Aber in der Quarantäne vom Avira befindet sich der gefundene Virus!

Also werde ich Avast deinstallieren! Oder was meinst du?

maggei88 · 14.10.2012, 14:01

So habe nun Avast deinstalliert und nochmal mit OTL gescannt hier das Log: OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.10.2012 13:59:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maggei\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 408,14 Mb Available Physical Memory | 40,24% Memory free
1,99 Gb Paging File | 1,29 Gb Available in Paging File | 64,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 134,37 Gb Free Space | 66,59% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 7,45 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
 
Computer Name: MAGGEI-NETBOOK | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 10:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggei\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.14 09:16:16 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.12.22 17:47:10 | 000,331,776 | ---- | M] (Pegatron) -- C:\Programme\Pegatron\Hotkey\PHControl.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.14 09:16:18 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2010.01.14 09:16:16 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.11.25 21:12:58 | 000,057,344 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\WLANV.dll
MOD - [2009.10.28 16:15:38 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPS.dll
MOD - [2009.10.02 18:48:42 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.09 20:58:48 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPF.dll
MOD - [2009.06.16 16:06:16 | 000,212,992 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\HKBD.dll
MOD - [2009.06.03 15:03:54 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll
MOD - [2009.06.03 15:00:20 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\LCSwit.dll
MOD - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
MOD - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
MOD - [2009.01.02 18:56:04 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FspLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.10 19:35:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.11.13 18:47:48 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.11.10 14:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.06.09 21:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2009.04.27 11:53:12 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.04.27 11:53:12 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.04.27 11:50:36 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.27 11:50:36 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/home.php?ref=hp
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{270CD8FD-04F8-4BDE-8C9D-657B2D2F05FC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{C7B14827-1F44-4DAE-A93D-A8AAD4CD5E2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager\addon [2010.08.28 12:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 15:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.02.08 21:31:37 | 000,000,000 | ---D | M] (Pageshots Pro) -- C:\Programme\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
[2011.08.19 21:39:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [PC Tools Security] C:\Users\Markus\AppData\Local\Temp\900230~1.EXE (PC Tools)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\All Users\Adobe [2012.01.31 18:36:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALDI Sued Foto Service [2010.07.13 13:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Aldi Sued Fotoservice [2009.12.18 14:22:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.31 22:28:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.11.22 00:11:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2012.10.14 13:53:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2012.09.10 15:17:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BVRP Software [2010.11.10 21:58:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Corel [2009.12.18 13:34:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011.06.13 16:34:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\HP [2012.04.22 12:18:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Lavasoft [2011.08.19 21:51:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MAGIX [2009.12.18 14:19:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.09.14 12:50:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010.07.12 14:58:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.10.10 13:13:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2009.12.18 15:01:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Tools [2012.09.10 16:03:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2012.09.10 15:04:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.05.02 10:52:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2012.09.10 16:03:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WBLD.INI ()
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.19 13:25:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.12.18 15:08:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Anwendungsdaten [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\AppData [2010.07.12 14:53:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Maggei\Contacts [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Cookies [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Desktop [2012.10.12 11:42:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Documents [2012.09.14 17:28:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Downloads [2012.10.07 14:33:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Druckumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Eigene Dateien [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Favorites [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Links [2012.08.13 15:28:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Lokale Einstellungen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Music [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Netzwerkumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\ntuser.dat ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.ini ()
O4 - Startup: C:\Users\Maggei\ntuser.pol ()
O4 - Startup: C:\Users\Maggei\Pictures [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Recent [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Saved Games [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Searches [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\SendTo [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Startmenü [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Tracing [2010.08.10 11:25:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Videos [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Vorlagen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Anwendungsdaten [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\AppData [2011.09.23 15:36:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Markus\Cookies [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Desktop [2012.10.07 14:25:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Documents [2011.11.22 16:45:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Downloads [2012.10.05 12:52:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Druckumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Eigene Dateien [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Favorites [2011.11.22 16:53:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Lokale Einstellungen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Netzwerkumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\ntuser.dat ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.ini ()
O4 - Startup: C:\Users\Markus\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Recent [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Markus\SendTo [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Startmenü [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Vorlagen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2012.10.14 13:53:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77475907-2527-4B36-9678-31061C7BE02D}: DhcpNameServer = 217.0.43.177 217.0.43.161
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.08 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.10.05 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- C:\124083-adware-installcore-gen-Dateien
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- \124083-adware-installcore-gen-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 14:04:00 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 14:04:00 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 13:56:27 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2012.10.14 13:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 13:55:32 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 13:35:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 19:32:14 | 000,000,092 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.10 12:34:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 12:34:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 12:34:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 12:34:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 22:16:22 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:42:32 | 000,069,450 | ---- | M] () -- C:\124083-adware-installcore-gen.html
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:31:40 | 000,000,092 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.08 22:16:22 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- C:\124083-adware-installcore-gen.html
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- \124083-adware-installcore-gen.html
[2012.09.09 21:17:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0921.old
[2012.04.22 12:18:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.04.22 12:18:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.08.24 07:59:57 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.24 07:59:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.07.12 14:44:44 | 797,605,888 | -HS- | C] () -- \hiberfil.sys
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.13 13:30:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ALDI Sued Foto Service
[2009.12.18 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Aldi Sued Fotoservice
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012.10.14 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2010.11.10 21:58:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.12.18 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2012.09.10 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.08.19 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.12.18 15:08:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Anwendungsdaten
[2010.07.12 14:53:56 | 000,000,000 | -H-D | M] -- C:\Users\Maggei\AppData
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Contacts
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Cookies
[2012.10.12 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Desktop
[2012.09.14 17:28:22 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Documents
[2012.10.07 14:33:25 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Downloads
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Druckumgebung
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Eigene Dateien
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Favorites
[2012.08.13 15:28:56 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Links
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Lokale Einstellungen
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Music
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Netzwerkumgebung
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Pictures
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Recent
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Saved Games
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Searches
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\SendTo
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Startmenü
[2010.08.10 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Tracing
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Videos
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Vorlagen
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Anwendungsdaten
[2011.09.23 15:36:00 | 000,000,000 | -H-D | M] -- C:\Users\Markus\AppData
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Cookies
[2012.10.07 14:25:00 | 000,000,000 | R--D | M] -- C:\Users\Markus\Desktop
[2011.11.22 16:45:35 | 000,000,000 | R--D | M] -- C:\Users\Markus\Documents
[2012.10.05 12:52:03 | 000,000,000 | R--D | M] -- C:\Users\Markus\Downloads
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Druckumgebung
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Eigene Dateien
[2011.11.22 16:53:43 | 000,000,000 | R--D | M] -- C:\Users\Markus\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Links
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Music
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Pictures
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\Saved Games
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\SendTo
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Videos
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Vorlagen
[2012.10.14 13:53:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009.07.14 06:41:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\Users\All Users\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Temp:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---
/code stimmt das jetzt so mit den Code Tags?

So habe nun Avast deinstalliert und nochmal mit OTL gescannt hier das Log: OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.10.2012 13:59:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maggei\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 408,14 Mb Available Physical Memory | 40,24% Memory free
1,99 Gb Paging File | 1,29 Gb Available in Paging File | 64,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 134,37 Gb Free Space | 66,59% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 7,45 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
 
Computer Name: MAGGEI-NETBOOK | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 10:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggei\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.14 09:16:16 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.12.22 17:47:10 | 000,331,776 | ---- | M] (Pegatron) -- C:\Programme\Pegatron\Hotkey\PHControl.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.14 09:16:18 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2010.01.14 09:16:16 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.11.25 21:12:58 | 000,057,344 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\WLANV.dll
MOD - [2009.10.28 16:15:38 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPS.dll
MOD - [2009.10.02 18:48:42 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.09 20:58:48 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPF.dll
MOD - [2009.06.16 16:06:16 | 000,212,992 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\HKBD.dll
MOD - [2009.06.03 15:03:54 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll
MOD - [2009.06.03 15:00:20 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\LCSwit.dll
MOD - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
MOD - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
MOD - [2009.01.02 18:56:04 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FspLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.10 19:35:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.11.13 18:47:48 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.11.10 14:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.06.09 21:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2009.04.27 11:53:12 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.04.27 11:53:12 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.04.27 11:50:36 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.27 11:50:36 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/home.php?ref=hp
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{270CD8FD-04F8-4BDE-8C9D-657B2D2F05FC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{C7B14827-1F44-4DAE-A93D-A8AAD4CD5E2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager\addon [2010.08.28 12:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 15:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.02.08 21:31:37 | 000,000,000 | ---D | M] (Pageshots Pro) -- C:\Programme\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
[2011.08.19 21:39:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [PC Tools Security] C:\Users\Markus\AppData\Local\Temp\900230~1.EXE (PC Tools)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\All Users\Adobe [2012.01.31 18:36:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALDI Sued Foto Service [2010.07.13 13:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Aldi Sued Fotoservice [2009.12.18 14:22:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.31 22:28:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.11.22 00:11:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2012.10.14 13:53:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2012.09.10 15:17:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BVRP Software [2010.11.10 21:58:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Corel [2009.12.18 13:34:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011.06.13 16:34:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\HP [2012.04.22 12:18:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Lavasoft [2011.08.19 21:51:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MAGIX [2009.12.18 14:19:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.09.14 12:50:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010.07.12 14:58:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.10.10 13:13:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2009.12.18 15:01:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Tools [2012.09.10 16:03:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2012.09.10 15:04:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.05.02 10:52:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2012.09.10 16:03:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WBLD.INI ()
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.19 13:25:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.12.18 15:08:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Anwendungsdaten [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\AppData [2010.07.12 14:53:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Maggei\Contacts [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Cookies [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Desktop [2012.10.12 11:42:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Documents [2012.09.14 17:28:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Downloads [2012.10.07 14:33:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Druckumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Eigene Dateien [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Favorites [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Links [2012.08.13 15:28:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Lokale Einstellungen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Music [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Netzwerkumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\ntuser.dat ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.ini ()
O4 - Startup: C:\Users\Maggei\ntuser.pol ()
O4 - Startup: C:\Users\Maggei\Pictures [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Recent [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Saved Games [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Searches [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\SendTo [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Startmenü [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Tracing [2010.08.10 11:25:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Videos [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Vorlagen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Anwendungsdaten [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\AppData [2011.09.23 15:36:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Markus\Cookies [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Desktop [2012.10.07 14:25:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Documents [2011.11.22 16:45:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Downloads [2012.10.05 12:52:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Druckumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Eigene Dateien [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Favorites [2011.11.22 16:53:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Lokale Einstellungen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Netzwerkumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\ntuser.dat ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.ini ()
O4 - Startup: C:\Users\Markus\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Recent [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Markus\SendTo [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Startmenü [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Vorlagen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2012.10.14 13:53:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77475907-2527-4B36-9678-31061C7BE02D}: DhcpNameServer = 217.0.43.177 217.0.43.161
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.08 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.08 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.10.05 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- C:\124083-adware-installcore-gen-Dateien
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- \124083-adware-installcore-gen-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.14 14:04:00 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 14:04:00 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 13:56:27 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2012.10.14 13:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 13:55:32 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 13:35:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 19:32:14 | 000,000,092 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.10 12:34:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 12:34:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 12:34:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 12:34:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 22:16:22 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:42:32 | 000,069,450 | ---- | M] () -- C:\124083-adware-installcore-gen.html
 
========== Files Created - No Company Name ==========
 
[2012.10.10 19:31:40 | 000,000,092 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.08 22:16:22 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- C:\124083-adware-installcore-gen.html
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- \124083-adware-installcore-gen.html
[2012.09.09 21:17:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0921.old
[2012.04.22 12:18:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.04.22 12:18:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.08.24 07:59:57 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.24 07:59:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.07.12 14:44:44 | 797,605,888 | -HS- | C] () -- \hiberfil.sys
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.07.13 13:30:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ALDI Sued Foto Service
[2009.12.18 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Aldi Sued Fotoservice
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012.10.14 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2010.11.10 21:58:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.12.18 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2012.09.10 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.08.19 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.12.18 15:08:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Anwendungsdaten
[2010.07.12 14:53:56 | 000,000,000 | -H-D | M] -- C:\Users\Maggei\AppData
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Contacts
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Cookies
[2012.10.12 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Desktop
[2012.09.14 17:28:22 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Documents
[2012.10.07 14:33:25 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Downloads
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Druckumgebung
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Eigene Dateien
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Favorites
[2012.08.13 15:28:56 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Links
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Lokale Einstellungen
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Music
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Netzwerkumgebung
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Pictures
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Recent
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Saved Games
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Searches
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\SendTo
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Startmenü
[2010.08.10 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Tracing
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Videos
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Vorlagen
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Anwendungsdaten
[2011.09.23 15:36:00 | 000,000,000 | -H-D | M] -- C:\Users\Markus\AppData
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Cookies
[2012.10.07 14:25:00 | 000,000,000 | R--D | M] -- C:\Users\Markus\Desktop
[2011.11.22 16:45:35 | 000,000,000 | R--D | M] -- C:\Users\Markus\Documents
[2012.10.05 12:52:03 | 000,000,000 | R--D | M] -- C:\Users\Markus\Downloads
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Druckumgebung
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Eigene Dateien
[2011.11.22 16:53:43 | 000,000,000 | R--D | M] -- C:\Users\Markus\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Links
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Music
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Pictures
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\Saved Games
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\SendTo
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Videos
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Vorlagen
[2012.10.14 13:53:55 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009.07.14 06:41:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\Users\All Users\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Temp:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---
/code stimmt das jetzt so mit den Code Tags?

cosinus · 14.10.2012, 19:20

Ja stimmt alles aber wieso hast du keinen CustomScan gemacht?

maggei88 · 14.10.2012, 19:29

Quick Scan für alle Benutzer hab ich doch gemacht! soll ich einen anderen machen?

cosinus · 14.10.2012, 20:47

Bitte meine Anleitungen richtig lesen, für den CustomScan musst du den Text aus meiner CODE-Box bei OTL einfügen und dann scannen lassen

maggei88 · 14.10.2012, 21:22

Achso das hab ich das zweite mal vergessen, Sorry!

so hier wieder ein Log nun hoffentlich das richtige!

Code:

ATTFilter

OTL logfile created on: 15.10.2012 15:57:48 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Maggei\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,21 Mb Total Physical Memory | 353,97 Mb Available Physical Memory | 34,90% Memory free
1,99 Gb Paging File | 1,11 Gb Available in Paging File | 55,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201,78 Gb Total Space | 134,30 Gb Free Space | 66,56% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 7,45 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
 
Computer Name: MAGGEI-NETBOOK | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.12 10:26:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggei\Desktop\OTL.exe
PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2012.09.10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.05 04:04:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.08.29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.08.27 21:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.14 09:16:16 | 003,342,336 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.12.22 17:47:10 | 000,331,776 | ---- | M] (Pegatron) -- C:\Programme\Pegatron\Hotkey\PHControl.exe
PRC - [2009.10.02 18:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe
PRC - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.14 09:16:18 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2010.01.14 09:16:16 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.11.25 21:12:58 | 000,057,344 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\WLANV.dll
MOD - [2009.10.28 16:15:38 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPS.dll
MOD - [2009.10.02 18:48:42 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.07.09 20:58:48 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\TPF.dll
MOD - [2009.06.16 16:06:16 | 000,212,992 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\HKBD.dll
MOD - [2009.06.03 15:03:54 | 000,053,248 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\PEGAACPIDLL32.dll
MOD - [2009.06.03 15:00:20 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\LCSwit.dll
MOD - [2009.06.03 14:59:28 | 000,258,048 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe
MOD - [2009.04.27 11:49:42 | 000,132,608 | ---- | M] () -- C:\Programme\T-Mobile Internet Manager\UIExec.exe
MOD - [2009.01.02 18:56:04 | 000,073,728 | ---- | M] () -- C:\Programme\Pegatron\Hotkey\FspLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.10 19:35:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.02 18:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.04.27 11:49:44 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Programme\T-Mobile Internet Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.11.13 18:47:48 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.11.10 14:42:46 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.06.09 21:30:42 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.SYS -- (ACPIService)
DRV - [2009.04.27 11:53:12 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.04.27 11:53:12 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.04.27 11:50:36 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.27 11:50:36 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.27 11:50:36 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/home.php?ref=hp
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{270CD8FD-04F8-4BDE-8C9D-657B2D2F05FC}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\SearchScopes\{C7B14827-1F44-4DAE-A93D-A8AAD4CD5E2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Internet Manager\addon [2010.08.28 12:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.08 22:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.25 15:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.12.18 20:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.02.08 21:31:37 | 000,000,000 | ---D | M] (Pageshots Pro) -- C:\Programme\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
[2011.08.19 21:39:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Pageshots for Internet Explorer PRO) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - C:\ProgramData\PageshotsPro\pageshots_x86.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [fspuip] C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [Hotkey] C:\Programme\Pegatron\Hotkey\FastUserSwitching.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Internet Manager\UIExec.exe ()
O4 - HKLM..\Run: [UpdateYouPaintShortCut] C:\Program Files\CyberLink\YouPaint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [HKCU] C:\Windows\System32\oobe\info\HKCU.vbs ()
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [PC Tools Security] C:\Users\Markus\AppData\Local\Temp\900230~1.EXE (PC Tools)
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.10.14 15:32:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012.01.31 18:36:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ALDI Sued Foto Service [2010.07.13 13:30:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Aldi Sued Fotoservice [2009.12.18 14:22:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.31 22:28:28 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2011.11.22 00:11:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2012.10.14 13:53:55 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Avira [2012.09.10 15:17:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\BVRP Software [2010.11.10 21:58:17 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Corel [2009.12.18 13:34:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\CyberLink [2011.06.13 16:34:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favoriten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\HP [2012.04.22 12:18:26 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Lavasoft [2011.08.19 21:51:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MAGIX [2009.12.18 14:19:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2012.09.14 12:50:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2010.07.12 14:58:12 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2012.10.10 13:13:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Office Genuine Advantage [2009.12.18 15:01:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Tools [2012.09.10 16:03:33 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2012.09.10 15:04:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.05.02 10:52:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Temp [2012.09.10 16:03:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WBLD.INI ()
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.08.19 13:25:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.12.18 15:08:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.07.12 14:52:49 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Anwendungsdaten [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\AppData [2010.07.12 14:53:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Maggei\Contacts [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Cookies [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Desktop [2012.10.14 14:56:30 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Documents [2012.09.14 17:28:22 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Downloads [2012.10.14 15:23:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Druckumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Eigene Dateien [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Favorites [2012.10.15 15:31:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Links [2012.10.14 15:42:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Lokale Einstellungen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Music [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Netzwerkumgebung [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\ntuser.dat ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Maggei\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{86252df1-773e-11e0-bedc-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\NTUSER.DAT{97de0429-ed01-11df-8b77-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.dat{ba8d745d-f16a-11df-9e27-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Maggei\ntuser.ini ()
O4 - Startup: C:\Users\Maggei\ntuser.pol ()
O4 - Startup: C:\Users\Maggei\Pictures [2012.10.14 15:42:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Recent [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Saved Games [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Searches [2012.08.13 15:28:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\SendTo [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Startmenü [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Maggei\Tracing [2010.08.10 11:25:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Maggei\Videos [2012.08.13 15:28:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Maggei\Vorlagen [2010.07.12 14:53:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Anwendungsdaten [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\AppData [2011.09.23 15:36:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Markus\Cookies [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Desktop [2012.10.07 14:25:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Documents [2011.11.22 16:45:35 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Downloads [2012.10.05 12:52:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Druckumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Eigene Dateien [2011.09.23 15:35:59 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Favorites [2011.11.22 16:53:43 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Links [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Lokale Einstellungen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Music [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Netzwerkumgebung [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\ntuser.dat ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Markus\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{0269fa7c-f9a1-11e1-b926-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{24ac5b9b-e54c-11e1-b9ca-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{2f2a480d-1465-11e1-8560-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{5f933edf-03ef-11e1-85eb-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{708b043f-12fe-11e2-8814-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{7f6dbc7d-0fca-11e1-8451-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{914ad650-1488-11e1-8406-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{a9398688-29a7-11e1-b790-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.dat{ba2ef40d-fa01-11e1-80e4-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{da91791a-eda3-11e0-8ab3-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Markus\NTUSER.DAT{e0828b47-2825-11e1-a504-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Markus\ntuser.ini ()
O4 - Startup: C:\Users\Markus\Pictures [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Recent [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Saved Games [2009.07.14 04:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Markus\SendTo [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Startmenü [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Markus\Videos [2009.07.14 04:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Markus\Vorlagen [2011.09.23 15:36:00 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2012.10.14 15:32:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.07.12 14:52:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 04:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{28182072-aada-11e0-b843-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{49f88064-8e70-11df-8bd0-7071bc4972a6}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 06:41:57 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.177 217.0.43.161
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77475907-2527-4B36-9678-31061C7BE02D}: DhcpNameServer = 217.0.43.177 217.0.43.161
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.14 15:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012.10.14 15:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.14 15:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.14 15:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.14 15:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.10.08 22:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.08 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.10.05 12:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- C:\124083-adware-installcore-gen-Dateien
[2012.10.05 12:41:55 | 000,000,000 | ---D | C] -- \124083-adware-installcore-gen-Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 15:35:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 15:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.15 15:20:53 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 15:20:52 | 000,009,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 15:12:20 | 000,000,004 | ---- | M] () -- C:\ProgramData\WBLD.INI
[2012.10.15 15:10:15 | 797,605,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 15:35:18 | 000,001,152 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012.10.14 15:32:29 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.14 15:11:03 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.10 19:32:14 | 000,000,092 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.10 12:34:33 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.10 12:34:33 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.10 12:34:33 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.10 12:34:33 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.08 22:11:44 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:42:32 | 000,069,450 | ---- | M] () -- C:\124083-adware-installcore-gen.html
 
========== Files Created - No Company Name ==========
 
[2012.10.14 15:32:29 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.10 19:31:40 | 000,000,092 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012.10.08 22:16:22 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.10.08 22:11:44 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- C:\124083-adware-installcore-gen.html
[2012.10.05 12:41:49 | 000,069,450 | ---- | C] () -- \124083-adware-installcore-gen.html
[2012.09.09 21:17:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0921.old
[2012.04.22 12:18:35 | 000,170,654 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.04.22 12:18:35 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2011.08.24 07:59:57 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.24 07:59:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.07.12 14:44:44 | 797,605,888 | -HS- | C] () -- \hiberfil.sys
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009.12.21 07:52:50 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009.12.18 13:08:32 | 000,000,004 | ---- | C] () -- C:\ProgramData\WBLD.INI
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.14 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.07.13 13:30:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\ALDI Sued Foto Service
[2009.12.18 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\Aldi Sued Fotoservice
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012.10.14 13:53:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2010.11.10 21:58:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.12.18 14:19:31 | 000,000,000 | ---D | M] -- C:\Users\All Users\MAGIX
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2012.09.10 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.08.19 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.12.18 15:08:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.07.12 14:52:49 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Anwendungsdaten
[2010.07.12 14:53:56 | 000,000,000 | -H-D | M] -- C:\Users\Maggei\AppData
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Contacts
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Cookies
[2012.10.14 14:56:30 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Desktop
[2012.09.14 17:28:22 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Documents
[2012.10.14 15:23:00 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Downloads
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Druckumgebung
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Eigene Dateien
[2012.10.15 15:31:19 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Favorites
[2012.10.14 15:42:11 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Links
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Lokale Einstellungen
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Music
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Netzwerkumgebung
[2012.10.14 15:42:10 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Pictures
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Recent
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Saved Games
[2012.08.13 15:28:55 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Searches
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\SendTo
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Startmenü
[2010.08.10 11:25:00 | 000,000,000 | ---D | M] -- C:\Users\Maggei\Tracing
[2012.08.13 15:28:54 | 000,000,000 | R--D | M] -- C:\Users\Maggei\Videos
[2010.07.12 14:53:56 | 000,000,000 | -HSD | M] -- C:\Users\Maggei\Vorlagen
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Anwendungsdaten
[2011.09.23 15:36:00 | 000,000,000 | -H-D | M] -- C:\Users\Markus\AppData
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Cookies
[2012.10.07 14:25:00 | 000,000,000 | R--D | M] -- C:\Users\Markus\Desktop
[2011.11.22 16:45:35 | 000,000,000 | R--D | M] -- C:\Users\Markus\Documents
[2012.10.05 12:52:03 | 000,000,000 | R--D | M] -- C:\Users\Markus\Downloads
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Druckumgebung
[2011.09.23 15:35:59 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Eigene Dateien
[2011.11.22 16:53:43 | 000,000,000 | R--D | M] -- C:\Users\Markus\Favorites
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Links
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Lokale Einstellungen
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Music
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Netzwerkumgebung
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Pictures
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Recent
[2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\Saved Games
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\SendTo
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Startmenü
[2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Markus\Videos
[2011.09.23 15:36:00 | 000,000,000 | -HSD | M] -- C:\Users\Markus\Vorlagen
[2012.10.14 15:32:29 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.07.12 14:52:49 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2009.07.14 06:41:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.22 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Adobe
[2011.10.31 22:34:07 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Apple Computer
[2011.11.22 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoft
[2011.11.22 16:52:38 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.22 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HP
[2012.10.05 12:39:12 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2012.09.14 12:51:34 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2012.10.05 12:39:12 | 000,000,000 | --SD | M] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2012.10.05 12:22:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla
[2012.09.09 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Tools
[2012.09.09 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TestApp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\Users\All Users\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Temp:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

cosinus · 16.10.2012, 14:12

Mach einen OTL-Fix, beende dazu alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2745003204-427600582-798033372-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2745003204-427600582-798033372-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
@Alternate Data Stream - 127 bytes -> C:\Users\All Users\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Users\All Users\Temp:A8ADE5D8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Users\All Users\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

maggei88 · 16.10.2012, 17:28

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DriverFinder not found.
Registry value HKEY_USERS\S-1-5-21-2745003204-427600582-798033372-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr not found.
Registry value HKEY_USERS\S-1-5-21-2745003204-427600582-798033372-1002\Software\Microsoft\Windows\CurrentVersion\Run\\MobileDocuments not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot not found.
File C:\Windows\DeleteOnReboot.bat not found.
Unable to delete ADS C:\Users\All Users\Temp:430C6D84 .
Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
Unable to delete ADS C:\Users\All Users\Temp:A8ADE5D8 .
Unable to delete ADS C:\ProgramData\Temp:A8ADE5D8 .
Unable to delete ADS C:\Users\All Users\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Maggei
-> No Temporary Internet Files cache folder defined!
 
User: Markus
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2253 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10162012_181708

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 17.10.2012, 12:54

Die Logs bitte in CODE-Tags!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

cosinus · 17.10.2012, 16:11

Log ist unvollständig, die untere Zusammenfassung fehlt

maggei88 · 17.10.2012, 16:28

Code:

ATTFilter

15:37:37.0207 1924  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:37:39.0532 1924  ============================================================
15:37:39.0532 1924  Current date / time: 2012/10/17 15:37:39.0532
15:37:39.0532 1924  SystemInfo:
15:37:39.0532 1924  
15:37:39.0532 1924  OS Version: 6.1.7601 ServicePack: 1.0
15:37:39.0532 1924  Product type: Workstation
15:37:39.0532 1924  ComputerName: MAGGEI-NETBOOK
15:37:39.0625 1924  UserName: Markus
15:37:39.0625 1924  Windows directory: C:\Windows
15:37:39.0625 1924  System windows directory: C:\Windows
15:37:39.0625 1924  Processor architecture: Intel x86
15:37:39.0625 1924  Number of processors: 2
15:37:39.0625 1924  Page size: 0x1000
15:37:39.0625 1924  Boot type: Normal boot
15:37:39.0625 1924  ============================================================
15:37:54.0055 1924  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:37:54.0383 1924  ============================================================
15:37:54.0383 1924  \Device\Harddisk0\DR0:
15:37:54.0476 1924  MBR partitions:
15:37:54.0476 1924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:37:54.0476 1924  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19391800
15:37:54.0476 1924  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x193C4000, BlocksNum 0x3C00000
15:37:54.0476 1924  ============================================================
15:37:54.0929 1924  C: <-> \Device\Harddisk0\DR0\Partition2
15:37:55.0163 1924  D: <-> \Device\Harddisk0\DR0\Partition3
15:37:55.0709 1924  ============================================================
15:37:55.0709 1924  Initialize success
15:37:55.0709 1924  ============================================================
15:38:50.0374 2252  ============================================================
15:38:50.0374 2252  Scan started
15:38:50.0374 2252  Mode: Manual; SigCheck; TDLFS; 
15:38:50.0374 2252  ============================================================
15:39:01.0014 2252  ================ Scan system memory ========================
15:39:01.0014 2252  System memory - ok
15:39:01.0014 2252  ================ Scan services =============================
15:39:02.0964 2252  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:39:04.0680 2252  1394ohci - ok
15:39:04.0820 2252  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:39:04.0898 2252  ACPI - ok
15:39:04.0976 2252  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:39:05.0397 2252  AcpiPmi - ok
15:39:05.0662 2252  [ C1C7EEF1A53A6B47323187A22559E553 ] ACPIService     C:\Windows\system32\DRIVERS\ATKACPI.SYS
15:39:06.0224 2252  ACPIService - ok
15:39:06.0723 2252  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:39:06.0864 2252  AdobeFlashPlayerUpdateSvc - ok
15:39:07.0176 2252  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:39:07.0254 2252  adp94xx - ok
15:39:07.0550 2252  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:39:07.0675 2252  adpahci - ok
15:39:07.0831 2252  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:39:07.0878 2252  adpu320 - ok
15:39:07.0956 2252  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:39:08.0314 2252  AeLookupSvc - ok
15:39:08.0580 2252  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:39:08.0829 2252  AFD - ok
15:39:08.0923 2252  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:39:08.0970 2252  agp440 - ok
15:39:09.0063 2252  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:39:09.0110 2252  aic78xx - ok
15:39:09.0406 2252  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:39:09.0531 2252  ALG - ok
15:39:09.0594 2252  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:39:09.0625 2252  aliide - ok
15:39:09.0672 2252  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:39:09.0718 2252  amdagp - ok
15:39:09.0765 2252  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:39:09.0796 2252  amdide - ok
15:39:09.0937 2252  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:39:10.0030 2252  AmdK8 - ok
15:39:10.0062 2252  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:39:10.0171 2252  AmdPPM - ok
15:39:10.0249 2252  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:39:10.0280 2252  amdsata - ok
15:39:10.0405 2252  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:39:10.0452 2252  amdsbs - ok
15:39:10.0483 2252  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:39:10.0514 2252  amdxata - ok
15:39:11.0044 2252  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:39:11.0107 2252  AntiVirSchedulerService - ok
15:39:11.0169 2252  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:39:11.0185 2252  AntiVirService - ok
15:39:11.0278 2252  [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:39:11.0325 2252  AntiVirWebService - ok
15:39:11.0481 2252  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:39:12.0651 2252  AppID - ok
15:39:12.0745 2252  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:39:12.0870 2252  AppIDSvc - ok
15:39:12.0994 2252  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:39:13.0150 2252  Appinfo - ok
15:39:13.0447 2252  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:39:13.0478 2252  Apple Mobile Device - ok
15:39:13.0556 2252  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:39:13.0587 2252  arc - ok
15:39:13.0634 2252  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:39:13.0665 2252  arcsas - ok
15:39:13.0790 2252  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:39:15.0022 2252  AsyncMac - ok
15:39:15.0100 2252  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:39:15.0132 2252  atapi - ok
15:39:15.0350 2252  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:39:15.0724 2252  athr - ok
15:39:15.0880 2252  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:39:15.0990 2252  AudioEndpointBuilder - ok
15:39:16.0052 2252  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:39:16.0146 2252  Audiosrv - ok
15:39:16.0177 2252  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:39:16.0208 2252  avgntflt - ok
15:39:16.0270 2252  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:39:16.0302 2252  avipbb - ok
15:39:16.0348 2252  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:39:16.0380 2252  avkmgr - ok
15:39:16.0489 2252  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:39:16.0972 2252  AxInstSV - ok
15:39:17.0128 2252  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:39:17.0253 2252  b06bdrv - ok
15:39:17.0378 2252  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:39:17.0472 2252  b57nd60x - ok
15:39:17.0799 2252  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:39:18.0142 2252  BDESVC - ok
15:39:18.0220 2252  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:39:18.0361 2252  Beep - ok
15:39:18.0595 2252  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
15:39:18.0813 2252  BFE - ok
15:39:19.0000 2252  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:39:19.0156 2252  BITS - ok
15:39:19.0219 2252  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:39:19.0266 2252  blbdrive - ok
15:39:19.0453 2252  [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad          C:\Windows\system32\drivers\BMLoad.sys
15:39:19.0500 2252  BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:39:19.0500 2252  BMLoad - detected UnsignedFile.Multi.Generic (1)
15:39:19.0921 2252  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:39:19.0999 2252  Bonjour Service - ok
15:39:20.0061 2252  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:39:20.0186 2252  bowser - ok
15:39:20.0248 2252  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:39:20.0342 2252  BrFiltLo - ok
15:39:20.0404 2252  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:39:20.0560 2252  BrFiltUp - ok
15:39:20.0638 2252  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
15:39:20.0904 2252  Browser - ok
15:39:21.0013 2252  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:39:21.0231 2252  Brserid - ok
15:39:21.0309 2252  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:39:21.0496 2252  BrSerWdm - ok
15:39:21.0621 2252  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:39:21.0715 2252  BrUsbMdm - ok
15:39:21.0777 2252  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:39:21.0902 2252  BrUsbSer - ok
15:39:22.0184 2252  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:39:22.0730 2252  BthEnum - ok
15:39:22.0808 2252  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:39:22.0886 2252  BTHMODEM - ok
15:39:22.0995 2252  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:39:23.0073 2252  BthPan - ok
15:39:23.0213 2252  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:39:23.0338 2252  BTHPORT - ok
15:39:23.0447 2252  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:39:23.0557 2252  bthserv - ok
15:39:23.0650 2252  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:39:23.0728 2252  BTHUSB - ok
15:39:23.0806 2252  [ 92C5B845803F3662637EB691AC0B250F ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
15:39:23.0837 2252  btusbflt - ok
15:39:23.0962 2252  [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:39:23.0993 2252  btwaudio - ok
15:39:24.0259 2252  [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
15:39:24.0290 2252  btwavdt - ok
15:39:24.0586 2252  [ 0E3EE2BC0EC56BFE869FCDE3E5806684 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:39:24.0649 2252  btwdins - ok
15:39:24.0727 2252  [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:39:24.0758 2252  btwl2cap - ok
15:39:24.0836 2252  [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:39:24.0867 2252  btwrchid - ok
15:39:25.0007 2252  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:39:25.0101 2252  cdfs - ok
15:39:25.0351 2252  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:39:25.0413 2252  cdrom - ok
15:39:25.0569 2252  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:39:25.0694 2252  CertPropSvc - ok
15:39:25.0819 2252  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:39:25.0881 2252  circlass - ok
15:39:25.0990 2252  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:39:26.0021 2252  CLFS - ok
15:39:26.0474 2252  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:39:26.0645 2252  clr_optimization_v2.0.50727_32 - ok
15:39:26.0989 2252  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:39:27.0020 2252  clr_optimization_v4.0.30319_32 - ok
15:39:27.0051 2252  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:39:27.0098 2252  CmBatt - ok
15:39:27.0191 2252  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:39:27.0223 2252  cmdide - ok
15:39:27.0332 2252  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:39:27.0472 2252  CNG - ok
15:39:27.0581 2252  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:39:27.0613 2252  Compbatt - ok
15:39:27.0737 2252  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:39:27.0800 2252  CompositeBus - ok
15:39:27.0862 2252  COMSysApp - ok
15:39:27.0956 2252  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:39:27.0987 2252  crcdisk - ok
15:39:28.0174 2252  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:39:28.0330 2252  CryptSvc - ok
15:39:28.0486 2252  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:39:28.0642 2252  DcomLaunch - ok
15:39:28.0751 2252  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:39:28.0876 2252  defragsvc - ok
15:39:29.0001 2252  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:39:29.0095 2252  DfsC - ok
15:39:29.0266 2252  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:39:29.0391 2252  Dhcp - ok
15:39:29.0453 2252  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:39:29.0578 2252  discache - ok
15:39:29.0781 2252  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:39:29.0828 2252  Disk - ok
15:39:29.0906 2252  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:39:30.0015 2252  Dnscache - ok
15:39:30.0124 2252  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:39:30.0265 2252  dot3svc - ok
15:39:30.0405 2252  [ B5E479EB83707DD698F66953E922042C ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:39:30.0483 2252  Dot4 - ok
15:39:30.0577 2252  [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:39:30.0639 2252  Dot4Print - ok
15:39:30.0748 2252  [ CF491FF38D62143203C065260567E2F7 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:39:30.0826 2252  dot4usb - ok
15:39:30.0889 2252  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:39:31.0045 2252  DPS - ok
15:39:31.0123 2252  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:39:31.0185 2252  drmkaud - ok
15:39:31.0325 2252  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:39:31.0388 2252  DXGKrnl - ok
15:39:31.0513 2252  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:39:31.0622 2252  EapHost - ok
15:39:32.0121 2252  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:39:32.0308 2252  ebdrv - ok
15:39:32.0355 2252  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:39:32.0495 2252  EFS - ok
15:39:32.0651 2252  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:39:32.0714 2252  elxstor - ok
15:39:32.0776 2252  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:39:32.0839 2252  ErrDev - ok
15:39:33.0041 2252  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:39:33.0166 2252  EventSystem - ok
15:39:33.0260 2252  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:39:33.0416 2252  exfat - ok
15:39:33.0541 2252  Fabs - ok
15:39:33.0572 2252  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:39:33.0743 2252  fastfat - ok
15:39:33.0915 2252  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:39:34.0102 2252  Fax - ok
15:39:34.0180 2252  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:39:34.0243 2252  fdc - ok
15:39:34.0336 2252  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:39:34.0461 2252  fdPHost - ok
15:39:34.0601 2252  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:39:34.0726 2252  FDResPub - ok
15:39:34.0820 2252  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:39:34.0851 2252  FileInfo - ok
15:39:34.0976 2252  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:39:35.0116 2252  Filetrace - ok
15:39:36.0161 2252  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:39:36.0364 2252  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
15:39:36.0364 2252  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
15:39:36.0489 2252  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:39:36.0567 2252  flpydisk - ok
15:39:36.0692 2252  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:39:36.0723 2252  FltMgr - ok
15:39:36.0895 2252  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
15:39:37.0066 2252  FontCache - ok
15:39:37.0253 2252  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:39:37.0285 2252  FontCache3.0.0.0 - ok
15:39:37.0347 2252  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:39:37.0378 2252  FsDepends - ok
15:39:37.0565 2252  [ 1D300E884E4C539239AAF36BC8D0947A ] fspad_wlh32     C:\Windows\system32\DRIVERS\fspad_wlh32.sys
15:39:37.0628 2252  fspad_wlh32 - ok
15:39:37.0675 2252  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:39:37.0768 2252  Fs_Rec - ok
15:39:37.0924 2252  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:39:37.0971 2252  fvevol - ok
15:39:38.0096 2252  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:39:38.0127 2252  gagp30kx - ok
15:39:38.0205 2252  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:39:38.0221 2252  GEARAspiWDM - ok
15:39:38.0392 2252  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:39:38.0517 2252  gpsvc - ok
15:39:38.0579 2252  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:39:38.0689 2252  hcw85cir - ok
15:39:38.0907 2252  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:39:39.0001 2252  HdAudAddService - ok
15:39:39.0173 2252  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:39:39.0282 2252  HDAudBus - ok
15:39:39.0376 2252  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:39:39.0438 2252  HidBatt - ok
15:39:39.0516 2252  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:39:39.0579 2252  HidBth - ok
15:39:39.0672 2252  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:39:39.0735 2252  HidIr - ok
15:39:39.0813 2252  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:39:39.0922 2252  hidserv - ok
15:39:40.0062 2252  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:39:40.0109 2252  HidUsb - ok
15:39:40.0234 2252  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:39:40.0343 2252  hkmsvc - ok
15:39:40.0452 2252  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:39:40.0655 2252  HomeGroupListener - ok
15:39:40.0749 2252  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:39:40.0858 2252  HomeGroupProvider - ok
15:39:40.0983 2252  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:39:41.0014 2252  HpSAMD - ok
15:39:41.0669 2252  [ 7F437A78C5B0105B67B830D00AD719F8 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:39:41.0747 2252  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
15:39:41.0747 2252  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
15:39:41.0934 2252  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:39:42.0059 2252  HTTP - ok
15:39:42.0231 2252  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:39:42.0402 2252  hwdatacard - ok
15:39:42.0527 2252  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:39:42.0558 2252  hwpolicy - ok
15:39:42.0714 2252  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:39:42.0792 2252  i8042prt - ok
15:39:43.0058 2252  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:39:43.0167 2252  iaStorV - ok
15:39:43.0572 2252  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:39:43.0650 2252  idsvc - ok
15:39:44.0868 2252  [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:39:45.0305 2252  igfx - ok
15:39:45.0383 2252  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:39:45.0414 2252  iirsp - ok
15:39:45.0664 2252  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:39:45.0789 2252  IKEEXT - ok
15:39:46.0444 2252  [ 09BF2EFC833A4848665E439EB4DB3331 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:39:46.0678 2252  IntcAzAudAddService - ok
15:39:46.0756 2252  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:39:46.0787 2252  intelide - ok
15:39:46.0881 2252  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:39:46.0943 2252  intelppm - ok
15:39:47.0037 2252  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:39:47.0146 2252  IPBusEnum - ok
15:39:47.0208 2252  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:39:47.0317 2252  IpFilterDriver - ok
15:39:47.0583 2252  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:39:47.0723 2252  iphlpsvc - ok
15:39:47.0801 2252  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:39:47.0832 2252  IPMIDRV - ok
15:39:47.0895 2252  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:39:48.0019 2252  IPNAT - ok
15:39:48.0612 2252  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:39:48.0690 2252  iPod Service - ok
15:39:48.0784 2252  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:39:49.0111 2252  IRENUM - ok
15:39:49.0143 2252  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:39:49.0174 2252  isapnp - ok
15:39:49.0267 2252  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:39:49.0314 2252  iScsiPrt - ok
15:39:49.0392 2252  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:39:49.0423 2252  kbdclass - ok
15:39:49.0501 2252  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:39:49.0564 2252  kbdhid - ok
15:39:49.0595 2252  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:39:49.0642 2252  KeyIso - ok
15:39:49.0704 2252  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:39:49.0751 2252  KSecDD - ok
15:39:49.0829 2252  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:39:49.0860 2252  KSecPkg - ok
15:39:50.0016 2252  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:39:50.0157 2252  KtmRm - ok
15:39:50.0250 2252  [ 3705B2273E8EFC9A707864AB7324B614 ] L1C             C:\Windows\system32\DRIVERS\L1C62x86.sys
15:39:50.0359 2252  L1C - ok
15:39:50.0500 2252  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:39:50.0609 2252  LanmanServer - ok
15:39:50.0703 2252  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:39:50.0796 2252  LanmanWorkstation - ok
15:39:51.0077 2252  Lavasoft Kernexplorer - ok
15:39:51.0249 2252  Lbd - ok
15:39:51.0373 2252  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:39:51.0483 2252  lltdio - ok
15:39:51.0561 2252  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:39:51.0701 2252  lltdsvc - ok
15:39:51.0748 2252  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:39:51.0841 2252  lmhosts - ok
15:39:51.0951 2252  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:39:51.0997 2252  LSI_FC - ok
15:39:52.0044 2252  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:39:52.0091 2252  LSI_SAS - ok
15:39:52.0200 2252  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:39:52.0231 2252  LSI_SAS2 - ok
15:39:52.0263 2252  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:39:52.0294 2252  LSI_SCSI - ok
15:39:52.0325 2252  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:39:52.0403 2252  luafv - ok
15:39:52.0497 2252  [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter      C:\Windows\system32\drivers\massfilter.sys
15:39:52.0590 2252  massfilter - ok
15:39:52.0793 2252  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:39:52.0824 2252  MBAMProtector - ok
15:39:53.0167 2252  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:39:53.0230 2252  MBAMScheduler - ok
15:39:53.0651 2252  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:39:53.0698 2252  MBAMService - ok
15:39:53.0791 2252  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:39:53.0838 2252  megasas - ok
15:39:54.0025 2252  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:39:54.0088 2252  MegaSR - ok
15:39:54.0228 2252  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:39:54.0337 2252  MMCSS - ok
15:39:54.0400 2252  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:39:54.0540 2252  Modem - ok
15:39:54.0634 2252  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:39:54.0712 2252  monitor - ok
15:39:54.0852 2252  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:39:54.0883 2252  mouclass - ok
15:39:55.0055 2252  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:39:55.0102 2252  mouhid - ok
15:39:55.0258 2252  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:39:55.0305 2252  mountmgr - ok
15:39:55.0398 2252  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:39:55.0429 2252  mpio - ok
15:39:55.0523 2252  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:39:55.0617 2252  mpsdrv - ok
15:39:55.0804 2252  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:39:55.0913 2252  MpsSvc - ok
15:39:56.0007 2252  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:39:56.0116 2252  MRxDAV - ok
15:39:56.0178 2252  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:39:56.0319 2252  mrxsmb - ok
15:39:56.0397 2252  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:39:56.0537 2252  mrxsmb10 - ok
15:39:56.0631 2252  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:39:56.0693 2252  mrxsmb20 - ok
15:39:56.0740 2252  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:39:56.0771 2252  msahci - ok
15:39:56.0818 2252  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:39:56.0849 2252  msdsm - ok
15:39:56.0958 2252  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:39:57.0021 2252  MSDTC - ok
15:39:57.0130 2252  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:39:57.0223 2252  Msfs - ok
15:39:57.0239 2252  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:39:57.0348 2252  mshidkmdf - ok
15:39:57.0379 2252  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:39:57.0411 2252  msisadrv - ok
15:39:57.0520 2252  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:39:57.0598 2252  MSiSCSI - ok
15:39:57.0613 2252  msiserver - ok
15:39:57.0676 2252  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:39:57.0801 2252  MSKSSRV - ok
15:39:57.0863 2252  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:39:57.0957 2252  MSPCLOCK - ok
15:39:58.0050 2252  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:39:58.0175 2252  MSPQM - ok
15:39:58.0269 2252  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:39:58.0347 2252  MsRPC - ok
15:39:58.0409 2252  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:39:58.0456 2252  mssmbios - ok
15:39:58.0737 2252  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:39:58.0815 2252  MSTEE - ok
15:39:58.0877 2252  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:39:58.0955 2252  MTConfig - ok
15:39:59.0033 2252  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:39:59.0064 2252  Mup - ok
15:39:59.0205 2252  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:39:59.0330 2252  napagent - ok
15:39:59.0501 2252  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:39:59.0595 2252  NativeWifiP - ok
15:39:59.0969 2252  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:40:00.0047 2252  NDIS - ok
15:40:00.0188 2252  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:00.0281 2252  NdisCap - ok
15:40:00.0375 2252  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:00.0468 2252  NdisTapi - ok
15:40:00.0562 2252  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:00.0656 2252  Ndisuio - ok
15:40:00.0749 2252  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:00.0843 2252  NdisWan - ok
15:40:00.0890 2252  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:40:00.0983 2252  NDProxy - ok
15:40:01.0280 2252  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:40:01.0326 2252  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:40:01.0326 2252  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:40:01.0451 2252  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:40:01.0560 2252  NetBIOS - ok
15:40:01.0670 2252  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:40:01.0763 2252  NetBT - ok
15:40:01.0810 2252  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:40:01.0857 2252  Netlogon - ok
15:40:02.0200 2252  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:40:02.0294 2252  Netman - ok
15:40:02.0512 2252  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:40:02.0652 2252  netprofm - ok
15:40:02.0777 2252  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:40:02.0808 2252  NetTcpPortSharing - ok
15:40:02.0996 2252  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:40:03.0027 2252  nfrd960 - ok
15:40:03.0167 2252  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:40:03.0261 2252  NlaSvc - ok
15:40:03.0370 2252  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:40:03.0510 2252  Npfs - ok
15:40:03.0604 2252  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:40:03.0698 2252  nsi - ok
15:40:03.0744 2252  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:40:03.0838 2252  nsiproxy - ok
15:40:04.0150 2252  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:40:04.0259 2252  Ntfs - ok
15:40:04.0290 2252  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:40:04.0400 2252  Null - ok
15:40:04.0446 2252  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:40:04.0478 2252  nvraid - ok
15:40:04.0556 2252  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:40:04.0587 2252  nvstor - ok
15:40:04.0649 2252  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:40:04.0680 2252  nv_agp - ok
15:40:04.0899 2252  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:40:04.0977 2252  odserv - ok
15:40:05.0024 2252  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:40:05.0102 2252  ohci1394 - ok
15:40:05.0211 2252  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:40:05.0242 2252  ose - ok
15:40:05.0336 2252  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:40:05.0476 2252  p2pimsvc - ok
15:40:05.0632 2252  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:40:05.0726 2252  p2psvc - ok
15:40:05.0804 2252  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:40:05.0882 2252  Parport - ok
15:40:05.0975 2252  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:40:06.0038 2252  partmgr - ok
15:40:06.0084 2252  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:40:06.0147 2252  Parvdm - ok
15:40:06.0225 2252  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:40:06.0272 2252  PcaSvc - ok
15:40:06.0428 2252  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:40:06.0459 2252  pci - ok
15:40:06.0537 2252  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:40:06.0568 2252  pciide - ok
15:40:06.0662 2252  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:40:06.0708 2252  pcmcia - ok
15:40:06.0740 2252  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:40:06.0771 2252  pcw - ok
15:40:06.0880 2252  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:40:07.0005 2252  PEAUTH - ok
15:40:07.0332 2252  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:40:07.0504 2252  pla - ok
15:40:07.0660 2252  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:40:07.0816 2252  PlugPlay - ok
15:40:08.0190 2252  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:40:08.0206 2252  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:40:08.0206 2252  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:40:08.0253 2252  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:40:08.0315 2252  PNRPAutoReg - ok
15:40:08.0456 2252  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:40:08.0502 2252  PNRPsvc - ok
15:40:08.0627 2252  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:40:08.0752 2252  PolicyAgent - ok
15:40:08.0846 2252  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:40:08.0924 2252  Power - ok
15:40:09.0017 2252  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:40:09.0126 2252  PptpMiniport - ok
15:40:09.0189 2252  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:40:09.0267 2252  Processor - ok
15:40:09.0392 2252  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:40:09.0485 2252  ProfSvc - ok
15:40:09.0532 2252  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:40:09.0579 2252  ProtectedStorage - ok
15:40:09.0704 2252  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:40:09.0813 2252  Psched - ok
15:40:10.0156 2252  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:40:10.0250 2252  ql2300 - ok
15:40:10.0281 2252  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:40:10.0312 2252  ql40xx - ok
15:40:10.0421 2252  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:40:10.0499 2252  QWAVE - ok
15:40:10.0562 2252  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:40:10.0608 2252  QWAVEdrv - ok
15:40:10.0671 2252  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:40:10.0780 2252  RasAcd - ok
15:40:10.0874 2252  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:10.0936 2252  RasAgileVpn - ok
15:40:10.0983 2252  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:40:11.0061 2252  RasAuto - ok
15:40:11.0139 2252  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:11.0232 2252  Rasl2tp - ok
15:40:11.0388 2252  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:40:11.0498 2252  RasMan - ok
15:40:11.0591 2252  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:11.0700 2252  RasPppoe - ok
15:40:11.0841 2252  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:40:11.0934 2252  RasSstp - ok
15:40:12.0075 2252  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:40:12.0215 2252  rdbss - ok
15:40:12.0324 2252  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:12.0387 2252  rdpbus - ok
15:40:12.0449 2252  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:12.0558 2252  RDPCDD - ok
15:40:12.0683 2252  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:40:12.0777 2252  RDPENCDD - ok
15:40:12.0855 2252  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:40:12.0964 2252  RDPREFMP - ok
15:40:13.0058 2252  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:40:13.0182 2252  RDPWD - ok
15:40:13.0323 2252  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:40:13.0370 2252  rdyboost - ok
15:40:13.0432 2252  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:40:13.0541 2252  RemoteAccess - ok
15:40:13.0588 2252  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:40:13.0697 2252  RemoteRegistry - ok
15:40:13.0791 2252  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:40:13.0900 2252  RFCOMM - ok
15:40:14.0025 2252  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:40:14.0150 2252  RpcEptMapper - ok
15:40:14.0212 2252  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:40:14.0290 2252  RpcLocator - ok
15:40:14.0399 2252  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:40:14.0493 2252  RpcSs - ok
15:40:14.0649 2252  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:40:14.0742 2252  rspndr - ok
15:40:15.0117 2252  [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
15:40:15.0226 2252  rtl8192se - ok
15:40:15.0320 2252  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
15:40:15.0351 2252  s0016bus - ok
15:40:15.0476 2252  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
15:40:15.0491 2252  s0016mdfl - ok
15:40:15.0522 2252  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
15:40:15.0554 2252  s0016mdm - ok
15:40:15.0663 2252  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
15:40:15.0678 2252  s0016mgmt - ok
15:40:15.0756 2252  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
15:40:15.0788 2252  s0016nd5 - ok
15:40:15.0866 2252  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
15:40:15.0897 2252  s0016obex - ok
15:40:15.0959 2252  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
15:40:15.0990 2252  s0016unic - ok
15:40:16.0022 2252  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:40:16.0068 2252  SamSs - ok
15:40:16.0178 2252  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:40:16.0209 2252  sbp2port - ok
15:40:16.0302 2252  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:40:16.0412 2252  SCardSvr - ok
15:40:16.0443 2252  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:40:16.0536 2252  scfilter - ok
15:40:16.0895 2252  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:40:17.0036 2252  Schedule - ok
15:40:17.0067 2252  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:40:17.0160 2252  SCPolicySvc - ok
15:40:17.0254 2252  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:40:17.0394 2252  SDRSVC - ok
15:40:17.0660 2252  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:40:17.0706 2252  SeaPort - ok
15:40:17.0816 2252  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:40:18.0003 2252  secdrv - ok
15:40:18.0081 2252  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:40:18.0206 2252  seclogon - ok
15:40:18.0268 2252  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:40:18.0393 2252  SENS - ok
15:40:18.0455 2252  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:40:18.0502 2252  Serenum - ok
15:40:18.0611 2252  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:40:18.0705 2252  Serial - ok
15:40:18.0752 2252  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:40:18.0830 2252  sermouse - ok
15:40:18.0923 2252  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:40:19.0032 2252  SessionEnv - ok
15:40:19.0142 2252  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:40:19.0313 2252  sffdisk - ok
15:40:19.0376 2252  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:40:19.0438 2252  sffp_mmc - ok
15:40:19.0469 2252  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:40:19.0516 2252  sffp_sd - ok
15:40:19.0578 2252  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:40:19.0656 2252  sfloppy - ok
15:40:19.0859 2252  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:40:19.0984 2252  SharedAccess - ok
15:40:20.0062 2252  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:40:20.0156 2252  ShellHWDetection - ok
15:40:20.0187 2252  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:40:20.0218 2252  sisagp - ok
15:40:20.0312 2252  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:40:20.0343 2252  SiSRaid2 - ok
15:40:20.0421 2252  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:40:20.0468 2252  SiSRaid4 - ok
15:40:20.0561 2252  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:40:20.0655 2252  Smb - ok
15:40:20.0749 2252  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:40:20.0796 2252  SNMPTRAP - ok
15:40:20.0859 2252  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:40:20.0921 2252  spldr - ok
15:40:21.0046 2252  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
15:40:21.0249 2252  Spooler - ok
15:40:21.0841 2252  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:40:22.0060 2252  sppsvc - ok
15:40:22.0138 2252  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:40:22.0216 2252  sppuinotify - ok
15:40:22.0387 2252  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:40:22.0559 2252  srv - ok
15:40:22.0637 2252  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:40:22.0715 2252  srv2 - ok
15:40:22.0809 2252  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:40:22.0871 2252  srvnet - ok
15:40:23.0011 2252  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:40:23.0105 2252  SSDPSRV - ok
15:40:23.0199 2252  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:40:23.0230 2252  ssmdrv - ok
15:40:23.0292 2252  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:40:23.0370 2252  SstpSvc - ok
15:40:23.0417 2252  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:40:23.0464 2252  stexstor - ok
15:40:23.0635 2252  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:40:23.0791 2252  StiSvc - ok
15:40:23.0838 2252  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:40:23.0869 2252  swenum - ok
15:40:24.0010 2252  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:40:24.0119 2252  swprv - ok
15:40:24.0415 2252  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:40:24.0587 2252  SysMain - ok
15:40:24.0665 2252  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:40:24.0759 2252  TabletInputService - ok
15:40:24.0883 2252  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:40:24.0977 2252  TapiSrv - ok
15:40:25.0117 2252  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:40:25.0258 2252  TBS - ok
15:40:25.0585 2252  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:40:25.0663 2252  Tcpip - ok
15:40:25.0819 2252  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:40:25.0960 2252  TCPIP6 - ok
15:40:26.0053 2252  [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM         C:\Windows\system32\drivers\tcpipBM.sys
15:40:26.0085 2252  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:40:26.0085 2252  tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:40:26.0147 2252  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:40:26.0256 2252  tcpipreg - ok
15:40:26.0319 2252  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:40:26.0490 2252  TDPIPE - ok
15:40:26.0584 2252  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:40:26.0646 2252  TDTCP - ok
15:40:26.0724 2252  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:40:26.0833 2252  tdx - ok
15:40:26.0911 2252  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:40:26.0943 2252  TermDD - ok
15:40:27.0208 2252  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:40:27.0301 2252  TermService - ok
15:40:27.0379 2252  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:40:27.0426 2252  Themes - ok
15:40:27.0473 2252  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:40:27.0551 2252  THREADORDER - ok
15:40:27.0629 2252  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:40:27.0785 2252  TrkWks - ok
15:40:27.0988 2252  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:40:28.0097 2252  TrustedInstaller - ok
15:40:28.0206 2252  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:28.0362 2252  tssecsrv - ok
15:40:28.0440 2252  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:40:28.0596 2252  TsUsbFlt - ok
15:40:28.0752 2252  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:40:28.0846 2252  tunnel - ok
15:40:28.0893 2252  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:40:28.0924 2252  uagp35 - ok
15:40:29.0002 2252  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:40:29.0127 2252  udfs - ok
15:40:29.0361 2252  [ B58C33FD27CDB339F66BA97E82E67FA3 ] UI Assistant Service C:\Program Files\T-Mobile Internet Manager\AssistantServices.exe
15:40:29.0423 2252  UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:40:29.0423 2252  UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:40:29.0532 2252  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:40:29.0595 2252  UI0Detect - ok
15:40:29.0688 2252  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:40:29.0719 2252  uliagpkx - ok
15:40:29.0875 2252  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:40:29.0922 2252  umbus - ok
15:40:30.0000 2252  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:40:30.0063 2252  UmPass - ok
15:40:30.0172 2252  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:40:30.0265 2252  upnphost - ok
15:40:30.0468 2252  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
15:40:30.0515 2252  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:40:30.0515 2252  USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:40:30.0562 2252  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:30.0655 2252  usbccgp - ok
15:40:30.0718 2252  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:40:30.0796 2252  usbcir - ok
15:40:30.0874 2252  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:40:30.0921 2252  usbehci - ok
15:40:31.0045 2252  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:40:31.0170 2252  usbhub - ok
15:40:31.0201 2252  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:40:31.0264 2252  usbohci - ok
15:40:31.0389 2252  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:40:31.0435 2252  usbprint - ok
15:40:31.0529 2252  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:40:31.0591 2252  usbscan - ok
15:40:31.0623 2252  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:31.0810 2252  USBSTOR - ok
15:40:31.0857 2252  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:40:31.0888 2252  usbuhci - ok
15:40:32.0013 2252  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:40:32.0091 2252  usbvideo - ok
15:40:32.0137 2252  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:40:32.0262 2252  UxSms - ok
15:40:32.0309 2252  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:40:32.0371 2252  VaultSvc - ok
15:40:32.0418 2252  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:40:32.0449 2252  vdrvroot - ok
15:40:32.0527 2252  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:40:32.0683 2252  vds - ok
15:40:32.0824 2252  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:32.0855 2252  vga - ok
15:40:32.0949 2252  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:40:33.0027 2252  VgaSave - ok
15:40:33.0089 2252  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:40:33.0136 2252  vhdmp - ok
15:40:33.0198 2252  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:40:33.0245 2252  viaagp - ok
15:40:33.0354 2252  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:40:33.0432 2252  ViaC7 - ok
15:40:33.0510 2252  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:40:33.0541 2252  viaide - ok
15:40:33.0619 2252  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:40:33.0651 2252  volmgr - ok
15:40:33.0713 2252  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:40:33.0775 2252  volmgrx - ok
15:40:33.0885 2252  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:40:33.0947 2252  volsnap - ok
15:40:34.0041 2252  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:40:34.0103 2252  vsmraid - ok
15:40:34.0353 2252  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:40:34.0524 2252  VSS - ok
15:40:34.0618 2252  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:40:34.0696 2252  vwifibus - ok
15:40:34.0774 2252  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:40:34.0852 2252  vwififlt - ok
15:40:34.0977 2252  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:40:35.0055 2252  vwifimp - ok
15:40:35.0164 2252  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:40:35.0289 2252  W32Time - ok
15:40:35.0367 2252  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:40:35.0429 2252  WacomPen - ok
15:40:35.0523 2252  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:40:35.0601 2252  WANARP - ok
15:40:35.0616 2252  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:40:35.0694 2252  Wanarpv6 - ok
15:40:36.0053 2252  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:40:36.0256 2252  wbengine - ok
15:40:36.0349 2252  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:40:36.0459 2252  WbioSrvc - ok
15:40:36.0599 2252  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:40:36.0693 2252  wcncsvc - ok
15:40:36.0755 2252  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:40:36.0911 2252  WcsPlugInService - ok
15:40:36.0973 2252  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:40:37.0005 2252  Wd - ok
15:40:37.0098 2252  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:40:37.0207 2252  Wdf01000 - ok
15:40:37.0254 2252  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:40:37.0691 2252  WdiServiceHost - ok
15:40:37.0738 2252  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:40:37.0785 2252  WdiSystemHost - ok
15:40:37.0925 2252  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:40:38.0003 2252  WebClient - ok
15:40:38.0112 2252  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:40:38.0190 2252  Wecsvc - ok
15:40:38.0284 2252  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:40:38.0393 2252  wercplsupport - ok
15:40:38.0518 2252  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:40:38.0627 2252  WerSvc - ok
15:40:38.0830 2252  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:38.0908 2252  WfpLwf - ok
15:40:38.0955 2252  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:40:38.0986 2252  WIMMount - ok
15:40:39.0189 2252  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:40:39.0298 2252  WinDefend - ok
15:40:39.0313 2252  WinHttpAutoProxySvc - ok
15:40:39.0641 2252  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:40:39.0797 2252  Winmgmt - ok
15:40:40.0078 2252  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:40:40.0265 2252  WinRM - ok
15:40:40.0655 2252  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:40.0717 2252  WinUsb - ok
15:40:40.0998 2252  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:40:41.0139 2252  Wlansvc - ok
15:40:41.0217 2252  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:40:41.0295 2252  WmiAcpi - ok
15:40:41.0419 2252  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:40:41.0513 2252  wmiApSrv - ok
15:40:41.0841 2252  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:40:42.0059 2252  WMPNetworkSvc - ok
15:40:42.0184 2252  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:40:42.0387 2252  WPCSvc - ok
15:40:42.0465 2252  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:40:42.0745 2252  WPDBusEnum - ok
15:40:42.0823 2252  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:40:42.0933 2252  ws2ifsl - ok
15:40:43.0011 2252  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:40:43.0089 2252  wscsvc - ok
15:40:43.0198 2252  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:40:43.0260 2252  WSDPrintDevice - ok
15:40:43.0276 2252  WSearch - ok
15:40:43.0884 2252  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:40:44.0025 2252  wuauserv - ok
15:40:44.0134 2252  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:40:44.0212 2252  WudfPf - ok
15:40:44.0415 2252  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:44.0493 2252  WUDFRd - ok
15:40:44.0571 2252  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:40:44.0649 2252  wudfsvc - ok
15:40:44.0758 2252  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:40:44.0836 2252  WwanSvc - ok
15:40:45.0007 2252  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:40:45.0117 2252  ZTEusbmdm6k - ok
15:40:45.0195 2252  [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:40:45.0304 2252  ZTEusbnmea - ok
15:40:45.0382 2252  [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:40:45.0413 2252  ZTEusbser6k - ok
15:40:45.0631 2252  ================ Scan global ===============================
15:40:45.0803 2252  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:40:45.0912 2252  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:40:45.0975 2252  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
15:40:46.0053 2252  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:40:46.0177 2252  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:40:46.0209 2252  [Global] - ok
15:40:46.0209 2252  ================ Scan MBR ==================================
15:40:46.0255 2252  [ D4235019B9CC6FCAC77D4C80F1FA6E89 ] \Device\Harddisk0\DR0
15:41:05.0693 2252  \Device\Harddisk0\DR0 - ok
15:41:05.0693 2252  ================ Scan VBR ==================================
15:41:05.0724 2252  [ 0B07C988B5BAB5CED832BEDA79AF2BAB ] \Device\Harddisk0\DR0\Partition1
15:41:05.0787 2252  \Device\Harddisk0\DR0\Partition1 - ok
15:41:05.0833 2252  [ F63467ABCEFF98E960D5CC660B2146DF ] \Device\Harddisk0\DR0\Partition2
15:41:05.0849 2252  \Device\Harddisk0\DR0\Partition2 - ok
15:41:05.0911 2252  [ FA6707864A6ABB94C0458B46B84C3B9E ] \Device\Harddisk0\DR0\Partition3
15:41:06.0005 2252  \Device\Harddisk0\DR0\Partition3 - ok
15:41:06.0005 2252  ============================================================
15:41:06.0005 2252  Scan finished
15:41:06.0021 2252  ============================================================
15:41:06.0036 1060  Detected object count: 8
15:41:06.0036 1060  Actual detected object count: 8

sorry!

cosinus · 17.10.2012, 17:32

Ist immer noch unvollständig!
Und pass bitte bei den CODE-Tags besser auf!

14.10.2012, 19:20	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ADWARE/InstallCore.Gen Ja stimmt alles aber wieso hast du keinen CustomScan gemacht? __________________ --> ADWARE/InstallCore.Gen

14.10.2012, 20:47	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ADWARE/InstallCore.Gen Bitte meine Anleitungen richtig lesen, für den CustomScan musst du den Text aus meiner CODE-Box bei OTL einfügen und dann scannen lassen __________________ Logfiles bitte immer in CODE-Tags posten

17.10.2012, 16:11	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ADWARE/InstallCore.Gen Log ist unvollständig, die untere Zusammenfassung fehlt __________________ Logfiles bitte immer in CODE-Tags posten

17.10.2012, 17:32	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	ADWARE/InstallCore.Gen Ist immer noch unvollständig! Und pass bitte bei den CODE-Tags besser auf! __________________ Logfiles bitte immer in CODE-Tags posten

ADWARE/InstallCore.Gen

Log-Analyse und Auswertung: ADWARE/InstallCore.Gen