| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware ScanWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.10.2012, 16:01
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.10.2012, 16:53
| #17 |
 | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan done!
__________________Code:
ATTFilter
# AdwCleaner v2.004 - Datei am 14/10/2012 um 17:32:05 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : andy - RAETHKEY
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\andy\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [5464 octets] - [12/10/2012 20:24:03]
AdwCleaner[S1].txt - [5526 octets] - [12/10/2012 22:16:10]
AdwCleaner[R2].txt - [877 octets] - [13/10/2012 23:04:16]
AdwCleaner[S2].txt - [811 octets] - [14/10/2012 17:32:05]
########## EOF - C:\AdwCleaner[S2].txt - [870 octets] ##########
|
|
14.10.2012, 19:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Sry aber
__________________ es gibt ne neue Version vom adwCleanerBitte mal den aktuellen adwCleaner v2.005 runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
|
14.10.2012, 20:09
| #19 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware ScanCode:
ATTFilter
# AdwCleaner v2.005 - Datei am 14/10/2012 um 21:07:57 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : andy - RAETHKEY
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\andy\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : ICQ Service
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gefunden : C:\Programme\ICQ6Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
*************************
AdwCleaner[R1].txt - [5464 octets] - [12/10/2012 20:24:03]
AdwCleaner[S1].txt - [5526 octets] - [12/10/2012 22:16:10]
AdwCleaner[R2].txt - [877 octets] - [13/10/2012 23:04:16]
AdwCleaner[S2].txt - [938 octets] - [14/10/2012 17:32:05]
AdwCleaner[R3].txt - [2419 octets] - [14/10/2012 21:07:57]
########## EOF - C:\AdwCleaner[R3].txt - [2479 octets] ##########
|
|
14.10.2012, 22:09
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 05:36
| #21 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan done! Code:
ATTFilter # AdwCleaner v2.005 - Datei am 15/10/2012 um 06:16:01 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : andy - RAETHKEY
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\andy\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gelöscht : C:\Programme\ICQ6Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [5464 octets] - [12/10/2012 20:24:03]
AdwCleaner[S1].txt - [5526 octets] - [12/10/2012 22:16:10]
AdwCleaner[R2].txt - [877 octets] - [13/10/2012 23:04:16]
AdwCleaner[S2].txt - [938 octets] - [14/10/2012 17:32:05]
AdwCleaner[R3].txt - [2548 octets] - [14/10/2012 21:07:57]
AdwCleaner[S3].txt - [2528 octets] - [15/10/2012 06:16:01]
########## EOF - C:\AdwCleaner[S3].txt - [2588 octets] ##########
|
|
15.10.2012, 13:54
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 16:59
| #23 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan erledigt. OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.10.2012 17:47:43 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\andy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 81,92% Memory free 4,84 Gb Paging File | 4,35 Gb Available in Paging File | 89,95% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,65 Gb Total Space | 261,06 Gb Free Space | 56,06% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: RAETHKEY | User Name: andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.15 17:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andy\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.18 05:27:56 | 001,193,176 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.08 18:04:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.11 22:51:10 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe PRC - [2012.05.10 03:46:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.10 03:46:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 03:46:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 03:46:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.03.28 03:02:30 | 001,404,000 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe PRC - [2010.05.10 12:13:36 | 001,268,192 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.15 16:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.15 16:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.01.15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe PRC - [2006.10.11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4.0\OpWareSE4.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.08.18 05:27:56 | 001,193,176 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.05.10 03:46:00 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.28 03:02:30 | 001,404,000 | ---- | M] () -- C:\WINDOWS\system32\ieconfig_1und1_svc.exe MOD - [2010.05.10 12:13:36 | 001,268,192 | ---- | M] () -- C:\Programme\NETGEAR\WG111v2\WG111v2.exe MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll MOD - [2007.12.25 11:24:46 | 000,344,064 | ---- | M] () -- C:\WINDOWS\system32\SCMLib.dll MOD - [2005.07.20 04:53:04 | 000,966,765 | ---- | M] () -- C:\WINDOWS\system32\acAuth.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.10.08 22:18:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.09 23:27:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 03:46:00 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.10 03:46:00 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.10 03:46:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011.03.28 03:02:30 | 001,404,000 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe -- (serviceIEConfig) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007.01.15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbVM31b.sys -- (ZSMC301b) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.10 03:46:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 03:46:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:02 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.26 17:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.04.13 20:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.02.29 03:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.02.29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2008.02.29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.12.26 10:47:30 | 000,272,128 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB) DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2007.04.10 12:04:40 | 004,397,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.03.06 05:27:32 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.03.06 05:27:28 | 000,058,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.07.01 23:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.05.22 06:40:30 | 000,017,152 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2004.08.13 10:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003.07.16 14:58:30 | 000,013,056 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.olidata.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie8_startpage IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.gmx.net/tb/ie_startpage IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes\{6D638A15-16DE-42F2-AC46-C4A8EC19A197}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes\{80FFDA5C-E586-46C3-856E-78A6AD947394}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms} IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes\{8C8CDFF6-F65B-422F-892E-DBC7EFAD02CA}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes\{D6538D74-8A9E-42B3-9025-E79DB8C90587}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\SearchScopes\{F34ED316-A846-4C11-BA87-1D737268B4E7}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "GMX Suche" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "amazon.de" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.gmx.net/br/ff3_startpage" FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.14.0.100015 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.5.1 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.searchlink&s_brand=gmx&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.gmx.net/search/web/?origin=br_urlbar_ff&su=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6d: C:\Programme\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.06.19 01:12:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.09 23:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.09 23:27:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.07.13 01:55:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2008.09.01 11:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Extensions [2008.01.07 04:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions [2010.04.27 12:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.11 00:19:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.28 20:24:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.10.13 16:09:08 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.17 00:53:28 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\moveplayer@movenetworks.com [2012.01.13 23:22:22 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\toolbar@ask.com [2012.10.08 02:57:44 | 000,509,739 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\toolbar@gmx.net.xpi [2011.03.24 16:33:40 | 000,122,563 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\bkmrksync@nokia.com.xpi [2012.07.25 12:07:26 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.13 16:19:44 | 000,000,855 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\1und1-suche.xml [2011.11.03 21:39:12 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\11-suche.xml [2011.10.13 16:01:56 | 000,010,507 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\gmx-suche.xml [2012.10.15 06:07:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-36.xml [2010.01.23 00:26:22 | 000,001,371 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\amazonde.xml [2009.10.21 12:52:54 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-35.xml [2009.09.15 20:31:32 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-37.xml [2009.10.25 06:52:22 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-38.xml [2009.12.14 17:29:52 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-39.xml [2010.01.13 12:00:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-41.xml [2010.03.30 22:02:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-43.xml [2010.01.23 00:45:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-42.xml [2011.03.19 02:01:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-54.xml [2011.11.28 15:16:14 | 000,002,366 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\eBay-de.xml [2010.09.07 17:26:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-48.xml [2010.03.28 07:23:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-44.xml [2011.06.15 06:37:24 | 000,001,418 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\preisvergleich.xml [2011.03.13 11:22:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-55.xml [2010.06.24 22:52:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-45.xml [2010.07.16 13:00:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-46.xml [2010.07.22 11:55:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-47.xml [2010.09.16 12:34:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-49.xml [2010.10.29 00:10:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-51.xml [2010.10.19 23:00:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-50.xml [2010.11.05 22:11:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-53.xml [2010.10.29 11:37:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-52.xml [2010.12.13 14:50:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-40.xml [2011.03.23 17:36:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-56.xml [2011.03.24 16:34:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-57.xml [2011.03.24 17:30:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-58.xml [2011.06.24 14:33:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-59.xml [2012.04.30 22:58:50 | 000,005,489 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\webde-suche.xml [2011.11.28 16:00:56 | 000,002,387 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\lastminute.xml [2011.11.03 21:39:12 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\englische-ergebnisse.xml [2011.11.28 15:15:22 | 000,001,283 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\amazondotcom-de.xml [2011.10.13 16:34:10 | 000,002,248 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\mailcom-search.xml [2011.12.19 12:00:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-21.xml [2009.06.30 13:32:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-22.xml [2009.06.30 19:48:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-23.xml [2009.07.01 11:35:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-1.xml [2009.07.01 19:55:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-2.xml [2009.07.02 10:42:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-3.xml [2009.07.02 16:51:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-4.xml [2009.07.02 23:04:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-5.xml [2009.07.03 11:21:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-6.xml [2009.07.03 17:41:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-7.xml [2009.07.04 11:37:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-31.xml [2009.07.04 17:49:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-28.xml [2009.07.05 01:54:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-24.xml [2009.07.05 18:04:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-34.xml [2009.07.12 14:47:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-33.xml [2009.07.13 01:41:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-32.xml [2009.07.13 12:28:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-25.xml [2009.07.13 18:34:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-8.xml [2009.07.14 02:42:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-9.xml [2009.07.14 12:16:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-10.xml [2009.07.14 18:28:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-11.xml [2009.07.15 14:57:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-12.xml [2009.07.16 03:10:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-13.xml [2009.07.16 14:32:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-26.xml [2009.07.16 20:41:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-29.xml [2009.07.17 03:00:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-14.xml [2009.07.17 11:37:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-15.xml [2009.07.20 23:29:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-16.xml [2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin.xml [2009.07.21 00:04:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-17.xml [2009.07.21 12:01:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-27.xml [2009.07.21 18:01:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-30.xml [2009.07.22 14:33:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-18.xml [2009.07.23 02:09:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-19.xml [2009.07.23 14:51:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-20.xml [2012.09.09 23:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.09 23:27:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.09 23:27:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.09 23:27:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.06.16 15:33:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.09.09 23:27:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.01.12 19:36:38 | 000,056,976 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll [2012.06.26 16:28:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2012.06.26 16:28:14 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 16:28:14 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 16:28:14 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 16:28:14 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 12:19:50 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: NapsterLink (Enabled) = C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Programme\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (WEB.DE Browser Configuration) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll () O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found. O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Programme\COMODO\Firewall\cfp.exe" -h File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [MailCheck IE Broker] C:\Programme\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found O4 - HKLM..\Run: [NapsterShell] C:\Programme\Napster\napster.exe (Napster) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [1und1Dispatcher] C:\Programme\1und1Softwareaktualisierung\SchedDispatcher.exe (1&1 Mail & Media GmbH) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Facebook Update] C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Logitech Vid] C:\Programme\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Power2GoExpress] File not found O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Sony Ericsson PC Companion] C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Spotify] C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005..\Run: [Spotify Web Helper] C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe () O4 - Startup: C:\Dokumente und Einstellungen\andy\Startmenü\Programme\Autostart\Picture Motion Browser Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Dokumente und Einstellungen\andy\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-705781020-1049652579-3415174598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe () O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2493B3E-620F-4F0D-8FFE-5B92EF149179}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll File not found O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: aawservice - Service SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - Service SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {09D80335-9BBF-48EB-9576-8B6928C251A2} - GMX Update ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {412EF925-3539-44AE-B9EC-F79D4E8DBE54} - GMX Browser Add-on ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{E7426E47-0CB3-4510-9B89-27D83C84E4F5} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.lsgc - C:\WINDOWS\System32\lsgc.dll (imc AG) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.12 12:03:32 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.10.12 12:02:20 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\andy\Desktop\esetsmartinstaller_enu.exe [2012.10.08 04:10:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andy\Desktop\OTL.exe [2012.10.07 23:10:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Malwarebytes [2012.10.07 23:09:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.10.07 23:09:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.07 23:09:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.10.07 23:09:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.10.07 20:39:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\1&1 Mail & Media GmbH [2012.10.07 20:39:53 | 000,000,000 | ---D | C] -- C:\Programme\GMX MailCheck [2012.10.07 20:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\GMX MailCheck [2012.10.07 20:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1 Mail & Media GmbH [2012.10.07 20:39:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.15 17:44:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\andy\Desktop\OTL.exe [2012.10.15 17:19:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.15 17:18:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.15 12:05:32 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk [2012.10.15 12:05:16 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.15 12:05:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.15 12:05:12 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys [2012.10.14 21:06:54 | 000,538,941 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\adwcleaner.exe [2012.10.13 22:56:02 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-705781020-1049652579-3415174598-1005Core1cd5fa6e708590a.job [2012.10.12 12:02:14 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\andy\Desktop\esetsmartinstaller_enu.exe [2012.10.11 11:22:52 | 000,001,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.10 10:27:00 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.10 09:20:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.08 04:47:30 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\GMER.exe [2012.10.08 04:33:48 | 001,681,842 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\mein System.nfo [2012.10.08 04:33:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.08 04:10:06 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\defogger_reenable [2012.10.08 04:09:10 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\Defogger.exe [2012.10.07 23:09:52 | 000,000,662 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.07 20:39:54 | 000,001,869 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\Amazon.lnk [2012.10.07 20:39:54 | 000,001,863 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Desktop\GMX.lnk [2012.09.25 23:28:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 20:21:18 | 000,538,941 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\adwcleaner.exe [2012.10.08 04:47:55 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\GMER.exe [2012.10.08 04:33:03 | 001,681,842 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\mein System.nfo [2012.10.08 04:10:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\defogger_reenable [2012.10.08 04:09:16 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\Defogger.exe [2012.10.07 23:09:50 | 000,000,662 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.07 20:39:53 | 000,001,869 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\Amazon.lnk [2012.10.07 20:39:53 | 000,001,863 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Desktop\GMX.lnk [2012.03.10 05:36:48 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll [2012.03.10 05:36:48 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll [2012.02.15 11:08:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.10 05:00:34 | 001,431,120 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1.dll [2011.08.19 21:12:06 | 000,000,042 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\default.pls [2011.07.16 10:50:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.07.16 10:50:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.03.28 03:02:27 | 001,404,000 | ---- | C] () -- C:\WINDOWS\System32\ieconfig_1und1_svc.exe [2011.03.28 03:02:26 | 003,406,336 | ---- | C] () -- C:\WINDOWS\System32\GMX-DLLUpdate1.exe [2011.02.27 00:25:48 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe [2010.11.24 08:07:08 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\RefEdit.exd [2010.03.18 02:28:51 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.10.02 15:15:29 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.03.11 02:35:55 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.01.21 22:07:34 | 000,180,736 | ---- | C] () -- C:\Dokumente und Einstellungen\andy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.07 04:46:17 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ========== ZeroAccess Check ========== [2007.11.09 09:44:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.03.10 06:33:52 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.01.07 04:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2008.01.17 20:01:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2008.01.17 20:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2008.01.21 21:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2008.01.21 21:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2008.01.21 21:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.07.25 15:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2009.07.20 23:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.10.23 02:36:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.01.22 23:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2010.01.22 23:56:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A2AFE646-BFB3-4901-8981-D88877D59264} [2010.04.09 17:16:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.17 14:50:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C7FAA123-E301-4122-9D55-53E1FB0A6FF5} [2010.11.30 08:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2011.04.10 10:32:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest [2011.06.14 00:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO [2011.07.13 00:53:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.07.19 09:11:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX [2011.09.21 12:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon [2011.09.21 12:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons [2012.10.07 20:39:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UUdb [2012.10.07 20:39:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1 Mail & Media GmbH [2008.01.07 04:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\T-Online [2008.01.17 20:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ScanSoft [2008.01.21 21:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\PC Suite [2008.01.21 21:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Nokia [2008.05.24 22:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Canon [2008.07.07 21:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ [2008.08.21 14:44:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Leadertech [2008.09.07 20:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Bullzip [2008.09.19 00:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ Toolbar [2010.06.08 11:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox [2011.02.26 23:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Docx2Rtf [2011.02.26 23:47:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\NwDocx [2011.02.27 00:26:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\SoftMaker [2011.04.11 00:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.06.14 00:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\go [2011.07.09 16:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoft [2011.07.12 22:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\QuickScan [2011.07.13 00:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\MAGIX [2011.07.13 01:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\PersBackup5 [2011.07.13 01:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Thunderbird [2011.07.19 09:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\GMX [2011.09.08 03:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\BSW [2011.09.30 12:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Windows Search [2011.12.16 11:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\1&1 Mail & Media GmbH [2012.06.22 12:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2007.11.09 09:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Identities [2007.11.09 09:47:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\InstallShield [2007.11.09 11:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\CyberLink [2007.11.09 12:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Adobe [2007.11.09 09:25:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Microsoft [2008.01.06 23:57:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Logitech [2008.01.07 04:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\T-Online [2008.01.07 04:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Macromedia [2008.01.07 04:51:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla [2008.01.17 20:04:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ScanSoft [2008.01.21 21:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\PC Suite [2008.01.21 21:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Nokia [2008.01.22 23:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Sun [2008.01.25 08:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\vlc [2008.01.25 11:55:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Winamp [2008.01.29 01:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Comodo [2008.02.14 13:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\WinRAR [2008.03.11 02:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Skype [2008.03.11 02:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\skypePM [2008.03.12 00:50:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ArcSoft [2008.04.15 02:29:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Sony Corporation [2008.04.21 02:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Google [2008.05.15 14:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Help [2008.05.24 22:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Canon [2008.07.07 21:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ [2008.07.25 15:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Roxio [2008.08.21 14:44:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Leadertech [2008.09.07 20:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Bullzip [2008.09.19 00:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ Toolbar [2009.01.21 02:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Ahead [2009.04.17 00:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Move Networks [2009.10.23 02:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Apple Computer [2010.05.24 19:38:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DivX [2010.06.08 11:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox [2011.02.26 23:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Docx2Rtf [2011.02.26 23:47:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\NwDocx [2011.02.27 00:26:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\SoftMaker [2011.04.11 00:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.06.14 00:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\go [2011.07.09 16:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\DVDVideoSoft [2011.07.12 22:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\QuickScan [2011.07.13 00:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\MAGIX [2011.07.13 01:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\PersBackup5 [2011.07.13 01:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Thunderbird [2011.07.19 09:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\GMX [2011.09.08 03:42:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\BSW [2011.09.30 12:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Windows Search [2011.10.16 17:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Avira [2011.12.16 11:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\1&1 Mail & Media GmbH [2012.06.22 12:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify [2012.10.07 23:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Malwarebytes < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe [2008.07.15 14:03:36 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Microsoft\Installer\{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe [2008.07.25 00:00:20 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe [2012.10.15 17:24:10 | 004,031,184 | ---- | M] (Ask) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe [2012.08.18 05:28:06 | 000,114,904 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\SpotifyLauncher.exe [2012.08.18 05:28:06 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\spotify.exe [2012.08.18 05:27:56 | 001,193,176 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Spotify\Data\SpotifyWebHelper.exe [2010.09.16 23:17:28 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Sun\Java\JRERunOnce.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.19 00:50:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008.09.19 00:50:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.19 00:50:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008.09.19 00:50:54 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVGTS.SYS > [2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\Win2K\sata_ide\nvgts.sys [2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\Win2K\sataraid\nvgts.sys [2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\WinXP\sata_ide\nvgts.sys [2007.05.04 08:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\d\chipset\Nforce630a\ide\WinXP\sataraid\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.11.09 09:22:24 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav [2007.11.09 09:22:24 | 000,643,072 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2007.11.09 09:22:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > [1980.01.01 00:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2007.11.09 09:34:23 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2009.10.23 02:35:21 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2011.07.12 23:28:08 | 000,000,484 | ---- | C] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011.09.04 01:38:54 | 000,001,082 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.09.04 01:38:54 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.03.30 03:37:39 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [2012.07.11 22:51:10 | 000,001,202 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-705781020-1049652579-3415174598-1005Core1cd5fa6e708590a.job < End of report > |
|
15.10.2012, 18:08
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012.10.15 06:07:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-36.xml
[2009.10.21 12:52:54 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-35.xml
[2009.09.15 20:31:32 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-37.xml
[2009.10.25 06:52:22 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-38.xml
[2009.12.14 17:29:52 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-39.xml
[2010.01.13 12:00:58 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-41.xml
[2010.03.30 22:02:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-43.xml
[2010.01.23 00:45:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-42.xml
[2011.03.19 02:01:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-54.xml
[2010.09.07 17:26:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-48.xml
[2010.03.28 07:23:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-44.xml
[2011.06.15 06:37:24 | 000,001,418 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\preisvergleich.xml
[2011.03.13 11:22:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-55.xml
[2010.06.24 22:52:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-45.xml
[2010.07.16 13:00:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-46.xml
[2010.07.22 11:55:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-47.xml
[2010.09.16 12:34:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-49.xml
[2010.10.29 00:10:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-51.xml
[2010.10.19 23:00:02 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-50.xml
[2010.11.05 22:11:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-53.xml
[2010.10.29 11:37:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-52.xml
[2010.12.13 14:50:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-40.xml
[2011.03.23 17:36:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-56.xml
[2011.03.24 16:34:06 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-57.xml
[2011.03.24 17:30:26 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-58.xml
[2011.06.24 14:33:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-59.xml
[2011.12.19 12:00:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-21.xml
[2009.06.30 13:32:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-22.xml
[2009.06.30 19:48:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-23.xml
[2009.07.01 11:35:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-1.xml
[2009.07.01 19:55:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-2.xml
[2009.07.02 10:42:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-3.xml
[2009.07.02 16:51:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-4.xml
[2009.07.02 23:04:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-5.xml
[2009.07.03 11:21:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-6.xml
[2009.07.03 17:41:08 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-7.xml
[2009.07.04 11:37:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-31.xml
[2009.07.04 17:49:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-28.xml
[2009.07.05 01:54:42 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-24.xml
[2009.07.05 18:04:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-34.xml
[2009.07.12 14:47:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-33.xml
[2009.07.13 01:41:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-32.xml
[2009.07.13 12:28:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-25.xml
[2009.07.13 18:34:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-8.xml
[2009.07.14 02:42:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-9.xml
[2009.07.14 12:16:12 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-10.xml
[2009.07.14 18:28:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-11.xml
[2009.07.15 14:57:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-12.xml
[2009.07.16 03:10:40 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-13.xml
[2009.07.16 14:32:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-26.xml
[2009.07.16 20:41:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-29.xml
[2009.07.17 03:00:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-14.xml
[2009.07.17 11:37:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-15.xml
[2009.07.20 23:29:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-16.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin.xml
[2009.07.21 00:04:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-17.xml
[2009.07.21 12:01:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-27.xml
[2009.07.21 18:01:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-30.xml
[2009.07.22 14:33:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-18.xml
[2009.07.23 02:09:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-19.xml
[2009.07.23 14:51:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-20.xml
[2012.09.09 23:27:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Programme\COMODO\Firewall\cfp.exe" -h File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
:Files
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ Toolbar
C:\Programme\PartyGaming
C:\Poker\Titan Poker
C:\Programme\PokerStars
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 18:36
| #25 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan done! Code:
ATTFilter All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-36.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-35.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-37.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-38.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-39.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-41.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-43.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-42.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-54.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-48.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-44.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\preisvergleich.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-55.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-45.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-46.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-47.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-49.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-51.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-50.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-53.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-52.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-40.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-56.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-57.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-58.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-59.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-31.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-34.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-33.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-32.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-30.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\Mozilla\Firefox\Profiles\qsqfvjuy.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Firewall Pro deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Programme\PokerStars\PokerStarsUpdate.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
C:\Poker\Titan Poker\casino.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
File C:\Poker\Titan Poker\casino.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
C:\Programme\PartyGaming\PartyPoker\RunApp.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Programme\PartyGaming\PartyPoker\RunApp.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379fc454-8eb2-11dc-8a0f-001d6080fcb8}\ not found.
File C:\Recycled\ctfmon.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\andy\Anwendungsdaten\ICQ Toolbar folder moved successfully.
C:\Programme\PartyGaming\tmpUpgrade folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Temp folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\articles folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\lobby folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\multiplayerbj folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\blackjack\blackjack folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\blackjack folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images\games folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US\Images folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language\en_US folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Language folder moved successfully.
C:\Programme\PartyGaming\PartyCasino\Images folder moved successfully.
C:\Programme\PartyGaming\PartyCasino folder moved successfully.
C:\Programme\PartyGaming\Language\en_US\temp folder moved successfully.
C:\Programme\PartyGaming\Language\en_US folder moved successfully.
C:\Programme\PartyGaming\Language folder moved successfully.
C:\Programme\PartyGaming\images folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\HandHistory\djkomakino\20090111 folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\HandHistory\djkomakino folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\HandHistory folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\NewSounds folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\tmpUpgrade folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Language\en_US\articles folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Language\en_US\images\NewGameTable folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Language\en_US\images folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Language\en_US folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Language folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Images\NewGameTable folder moved successfully.
C:\Programme\PartyGaming\PartyPoker\Images folder moved successfully.
C:\Programme\PartyGaming\PartyPoker folder moved successfully.
C:\Programme\PartyGaming folder moved successfully.
C:\Poker\Titan Poker\History\TTR74673382\Table folder moved successfully.
C:\Poker\Titan Poker\History\TTR74673382 folder moved successfully.
C:\Poker\Titan Poker\History folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_4deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line\bonus\screen folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_gold8line folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line\betlines folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_globaltraveler20line folder moved successfully.
C:\Poker\Titan Poker\data\roulette\zoom folder moved successfully.
C:\Poker\Titan Poker\data\roulette\sounds folder moved successfully.
C:\Poker\Titan Poker\data\roulette\buttons folder moved successfully.
C:\Poker\Titan Poker\data\roulette\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette folder moved successfully.
C:\Poker\Titan Poker\data\poker_holdem folder moved successfully.
C:\Poker\Titan Poker\data\poker_caribbean folder moved successfully.
C:\Poker\Titan Poker\data\poker_3card folder moved successfully.
C:\Poker\Titan Poker\data\craps\3d folder moved successfully.
C:\Poker\Titan Poker\data\craps folder moved successfully.
C:\Poker\Titan Poker\data\blackjack folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_jacks folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_deuces folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablesigns folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames folder moved successfully.
C:\Poker\Titan Poker\data\shared\doublescreen folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins\tablecoins folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\textures folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\poker folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\blackjack folder moved successfully.
C:\Poker\Titan Poker\data\shared\9line folder moved successfully.
C:\Poker\Titan Poker\data\shared\3d folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\ui folder moved successfully.
C:\Poker\Titan Poker\data\shared\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface folder moved successfully.
C:\Poker\Titan Poker\data\shared\options folder moved successfully.
C:\Poker\Titan Poker\data\shared\history\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\history folder moved successfully.
C:\Poker\Titan Poker\data\shared\fonts folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat\emoticons folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\html folder moved successfully.
C:\Poker\Titan Poker\data\shared folder moved successfully.
C:\Poker\Titan Poker\data\lobby\sidegames folder moved successfully.
C:\Poker\Titan Poker\data\lobby\waitinglist folder moved successfully.
C:\Poker\Titan Poker\data\lobby\tables folder moved successfully.
C:\Poker\Titan Poker\data\lobby\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\lobby\buttons folder moved successfully.
C:\Poker\Titan Poker\data\lobby\login folder moved successfully.
C:\Poker\Titan Poker\data\lobby folder moved successfully.
C:\Poker\Titan Poker\data\table\chat\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\3d folder moved successfully.
C:\Poker\Titan Poker\data\table\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\avatars folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\history folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_side folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\topview folder moved successfully.
C:\Poker\Titan Poker\data\table folder moved successfully.
C:\Poker\Titan Poker\data folder moved successfully.
C:\Poker\Titan Poker folder moved successfully.
C:\Programme\PokerStars\updateself folder moved successfully.
C:\Programme\PokerStars\backup\gx\chips&deck\deck\default folder moved successfully.
C:\Programme\PokerStars\backup\gx\chips&deck\deck folder moved successfully.
C:\Programme\PokerStars\backup\gx\chips&deck folder moved successfully.
C:\Programme\PokerStars\backup\gx\templates folder moved successfully.
C:\Programme\PokerStars\backup\gx\lobby folder moved successfully.
C:\Programme\PokerStars\backup\gx\label folder moved successfully.
C:\Programme\PokerStars\backup\gx\home folder moved successfully.
C:\Programme\PokerStars\backup\gx\acc folder moved successfully.
C:\Programme\PokerStars\backup\gx folder moved successfully.
C:\Programme\PokerStars\backup\themes\simple folder moved successfully.
C:\Programme\PokerStars\backup\themes\oldblack folder moved successfully.
C:\Programme\PokerStars\backup\themes\&default folder moved successfully.
C:\Programme\PokerStars\backup\themes\black\templates folder moved successfully.
C:\Programme\PokerStars\backup\themes\black\label folder moved successfully.
C:\Programme\PokerStars\backup\themes\black\images folder moved successfully.
C:\Programme\PokerStars\backup\themes\black\home folder moved successfully.
C:\Programme\PokerStars\backup\themes\black folder moved successfully.
C:\Programme\PokerStars\backup\themes\preview folder moved successfully.
C:\Programme\PokerStars\backup\themes folder moved successfully.
C:\Programme\PokerStars\backup folder moved successfully.
C:\Programme\PokerStars\ImgCache folder moved successfully.
C:\Programme\PokerStars\update folder moved successfully.
C:\Programme\PokerStars\Themes\oldblack\backgrounds folder moved successfully.
C:\Programme\PokerStars\Themes\oldblack\label folder moved successfully.
C:\Programme\PokerStars\Themes\oldblack\ctrls folder moved successfully.
C:\Programme\PokerStars\Themes\oldblack folder moved successfully.
C:\Programme\PokerStars\Themes\black\blitz folder moved successfully.
C:\Programme\PokerStars\Themes\black\lobby folder moved successfully.
C:\Programme\PokerStars\Themes\black\home folder moved successfully.
C:\Programme\PokerStars\Themes\black\templates folder moved successfully.
C:\Programme\PokerStars\Themes\black\label folder moved successfully.
C:\Programme\PokerStars\Themes\black\images folder moved successfully.
C:\Programme\PokerStars\Themes\black\ctrls folder moved successfully.
C:\Programme\PokerStars\Themes\black folder moved successfully.
C:\Programme\PokerStars\Themes\techno\label folder moved successfully.
C:\Programme\PokerStars\Themes\techno\ctrls folder moved successfully.
C:\Programme\PokerStars\Themes\techno folder moved successfully.
C:\Programme\PokerStars\Themes\simple\label folder moved successfully.
C:\Programme\PokerStars\Themes\simple folder moved successfully.
C:\Programme\PokerStars\Themes\preview\lobby folder moved successfully.
C:\Programme\PokerStars\Themes\preview folder moved successfully.
C:\Programme\PokerStars\Themes\azure\label folder moved successfully.
C:\Programme\PokerStars\Themes\azure\ctrls folder moved successfully.
C:\Programme\PokerStars\Themes\azure folder moved successfully.
C:\Programme\PokerStars\Themes\&default folder moved successfully.
C:\Programme\PokerStars\Themes folder moved successfully.
C:\Programme\PokerStars\Snd folder moved successfully.
C:\Programme\PokerStars\Gx\table_design folder moved successfully.
C:\Programme\PokerStars\Gx\control folder moved successfully.
C:\Programme\PokerStars\Gx\backgrounds folder moved successfully.
C:\Programme\PokerStars\Gx\blitz folder moved successfully.
C:\Programme\PokerStars\Gx\acc folder moved successfully.
C:\Programme\PokerStars\Gx\home folder moved successfully.
C:\Programme\PokerStars\Gx\replay folder moved successfully.
C:\Programme\PokerStars\Gx\usr folder moved successfully.
C:\Programme\PokerStars\Gx\templates folder moved successfully.
C:\Programme\PokerStars\Gx\lobby\en folder moved successfully.
C:\Programme\PokerStars\Gx\lobby folder moved successfully.
C:\Programme\PokerStars\Gx\label folder moved successfully.
C:\Programme\PokerStars\Gx\fonts folder moved successfully.
C:\Programme\PokerStars\Gx\ctrls folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\6 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\5 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\4 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\3 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\2 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\1 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar\0 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\quasar folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\preview folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\6 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\5 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\4 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\3 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\2 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\1 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple\0 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\simple folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\6 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\5 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\4 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\3 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\2 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\1 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large\0 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\large folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\6 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\5 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\4 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\3 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\2 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\1 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default\0 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck\default folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\deck folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\6 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\5 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\4 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\3 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\2 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\1 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips\0 folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck\chips folder moved successfully.
C:\Programme\PokerStars\Gx\chips&deck folder moved successfully.
C:\Programme\PokerStars\Gx folder moved successfully.
C:\Programme\PokerStars folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\andy\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\andy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 744851108 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 1799092 bytes
User: andy
->Temp folder emptied: 751359800 bytes
->Temporary Internet Files folder emptied: 202351125 bytes
->Java cache emptied: 43659967 bytes
->FireFox cache emptied: 692592080 bytes
->Google Chrome cache emptied: 64453086 bytes
->Flash cache emptied: 2929 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 1163143 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8318126 bytes
RecycleBin emptied: 22845586 bytes
Total Files Cleaned = 2.416,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10152012_191205
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
15.10.2012, 19:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 20:29
| #27 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan done, alles geskipped.. Code:
ATTFilter 21:23:47.0437 3648 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:23:47.0640 3648 ============================================================
21:23:47.0640 3648 Current date / time: 2012/10/15 21:23:47.0640
21:23:47.0640 3648 SystemInfo:
21:23:47.0640 3648
21:23:47.0640 3648 OS Version: 5.1.2600 ServicePack: 3.0
21:23:47.0640 3648 Product type: Workstation
21:23:47.0640 3648 ComputerName: RAETHKEY
21:23:47.0640 3648 UserName: andy
21:23:47.0640 3648 Windows directory: C:\WINDOWS
21:23:47.0640 3648 System windows directory: C:\WINDOWS
21:23:47.0640 3648 Processor architecture: Intel x86
21:23:47.0640 3648 Number of processors: 2
21:23:47.0640 3648 Page size: 0x1000
21:23:47.0640 3648 Boot type: Normal boot
21:23:47.0640 3648 ============================================================
21:23:48.0609 3648 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:23:48.0671 3648 ============================================================
21:23:48.0671 3648 \Device\Harddisk0\DR0:
21:23:48.0671 3648 MBR partitions:
21:23:48.0671 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
21:23:48.0671 3648 ============================================================
21:23:48.0671 3648 C: <-> \Device\Harddisk0\DR0\Partition1
21:23:48.0687 3648 ============================================================
21:23:48.0687 3648 Initialize success
21:23:48.0687 3648 ============================================================
21:24:41.0421 3580 ============================================================
21:24:41.0421 3580 Scan started
21:24:41.0421 3580 Mode: Manual; SigCheck; TDLFS;
21:24:41.0421 3580 ============================================================
21:24:41.0640 3580 ================ Scan system memory ========================
21:24:41.0640 3580 System memory - ok
21:24:41.0640 3580 ================ Scan services =============================
21:24:41.0703 3580 Abiosdsk - ok
21:24:41.0718 3580 abp480n5 - ok
21:24:41.0750 3580 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:24:42.0375 3580 ACPI - ok
21:24:42.0375 3580 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:24:42.0500 3580 ACPIEC - ok
21:24:42.0625 3580 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:42.0640 3580 AdobeFlashPlayerUpdateSvc - ok
21:24:42.0656 3580 adpu160m - ok
21:24:42.0687 3580 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:24:42.0796 3580 aec - ok
21:24:42.0828 3580 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:24:42.0859 3580 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:24:42.0859 3580 AegisP - detected UnsignedFile.Multi.Generic (1)
21:24:42.0875 3580 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:24:42.0968 3580 AFD - ok
21:24:42.0968 3580 Aha154x - ok
21:24:42.0984 3580 aic78u2 - ok
21:24:43.0000 3580 aic78xx - ok
21:24:43.0046 3580 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:24:43.0187 3580 Alerter - ok
21:24:43.0234 3580 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:24:43.0375 3580 ALG - ok
21:24:43.0390 3580 AliIde - ok
21:24:43.0406 3580 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:24:43.0453 3580 AmdK8 - ok
21:24:43.0468 3580 amsint - ok
21:24:43.0562 3580 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:24:43.0578 3580 AntiVirSchedulerService - ok
21:24:43.0625 3580 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:24:43.0640 3580 AntiVirService - ok
21:24:43.0671 3580 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:24:43.0703 3580 AntiVirWebService - ok
21:24:43.0750 3580 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:24:43.0765 3580 Apple Mobile Device - ok
21:24:43.0843 3580 AppMgmt - ok
21:24:43.0843 3580 asc - ok
21:24:43.0859 3580 asc3350p - ok
21:24:43.0875 3580 asc3550 - ok
21:24:43.0937 3580 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:24:43.0953 3580 aspnet_state - ok
21:24:43.0984 3580 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:24:44.0125 3580 AsyncMac - ok
21:24:44.0140 3580 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:24:44.0281 3580 atapi - ok
21:24:44.0296 3580 Atdisk - ok
21:24:44.0343 3580 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:24:44.0484 3580 Atmarpc - ok
21:24:44.0531 3580 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:24:44.0640 3580 AudioSrv - ok
21:24:44.0671 3580 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:24:44.0765 3580 audstub - ok
21:24:44.0781 3580 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:24:45.0031 3580 avgntflt - ok
21:24:45.0046 3580 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:24:45.0062 3580 avipbb - ok
21:24:45.0078 3580 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:24:45.0093 3580 avkmgr - ok
21:24:45.0109 3580 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:24:45.0234 3580 Beep - ok
21:24:45.0265 3580 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:24:45.0390 3580 BITS - ok
21:24:45.0437 3580 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
21:24:45.0468 3580 Bonjour Service - ok
21:24:45.0546 3580 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:24:45.0609 3580 Browser - ok
21:24:45.0656 3580 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:24:45.0671 3580 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
21:24:45.0671 3580 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
21:24:45.0703 3580 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:24:45.0859 3580 cbidf2k - ok
21:24:45.0890 3580 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:24:46.0015 3580 CCDECODE - ok
21:24:46.0031 3580 cd20xrnt - ok
21:24:46.0046 3580 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:24:46.0187 3580 Cdaudio - ok
21:24:46.0203 3580 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:24:46.0296 3580 Cdfs - ok
21:24:46.0312 3580 [ 80AC946628DE5DEAB071474E30D7A071 ] cdrbsvsd C:\WINDOWS\system32\drivers\cdrbsvsd.sys
21:24:46.0312 3580 cdrbsvsd ( UnsignedFile.Multi.Generic ) - warning
21:24:46.0312 3580 cdrbsvsd - detected UnsignedFile.Multi.Generic (1)
21:24:46.0328 3580 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:24:46.0421 3580 Cdrom - ok
21:24:46.0437 3580 Changer - ok
21:24:46.0500 3580 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:24:46.0593 3580 CiSvc - ok
21:24:46.0656 3580 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:24:46.0750 3580 ClipSrv - ok
21:24:46.0796 3580 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:46.0796 3580 clr_optimization_v2.0.50727_32 - ok
21:24:46.0812 3580 CmdIde - ok
21:24:46.0859 3580 COMSysApp - ok
21:24:46.0859 3580 Cpqarray - ok
21:24:46.0937 3580 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:24:47.0031 3580 CryptSvc - ok
21:24:47.0062 3580 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:24:47.0093 3580 CVirtA - ok
21:24:47.0203 3580 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
21:24:47.0281 3580 CVPND - ok
21:24:47.0296 3580 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:24:47.0328 3580 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:24:47.0328 3580 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:24:47.0328 3580 dac2w2k - ok
21:24:47.0343 3580 dac960nt - ok
21:24:47.0406 3580 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:24:47.0468 3580 DcomLaunch - ok
21:24:47.0515 3580 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:24:47.0625 3580 Dhcp - ok
21:24:47.0640 3580 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:24:47.0750 3580 Disk - ok
21:24:47.0828 3580 dmadmin - ok
21:24:47.0890 3580 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:24:48.0031 3580 dmboot - ok
21:24:48.0062 3580 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:24:48.0171 3580 dmio - ok
21:24:48.0187 3580 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:24:48.0312 3580 dmload - ok
21:24:48.0359 3580 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:24:48.0468 3580 dmserver - ok
21:24:48.0515 3580 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:24:48.0593 3580 DMusic - ok
21:24:48.0609 3580 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:24:48.0625 3580 DNE - ok
21:24:48.0671 3580 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:24:48.0718 3580 Dnscache - ok
21:24:48.0781 3580 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:24:48.0890 3580 Dot3svc - ok
21:24:48.0906 3580 dpti2o - ok
21:24:48.0906 3580 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:24:49.0000 3580 drmkaud - ok
21:24:49.0031 3580 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:24:49.0125 3580 EapHost - ok
21:24:49.0171 3580 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:24:49.0265 3580 ERSvc - ok
21:24:49.0328 3580 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:24:49.0343 3580 Eventlog - ok
21:24:49.0406 3580 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:24:49.0421 3580 EventSystem - ok
21:24:49.0437 3580 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:24:49.0531 3580 Fastfat - ok
21:24:49.0578 3580 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:24:49.0625 3580 FastUserSwitchingCompatibility - ok
21:24:49.0640 3580 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:24:49.0718 3580 Fdc - ok
21:24:49.0734 3580 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:24:49.0828 3580 Fips - ok
21:24:49.0828 3580 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:24:49.0937 3580 Flpydisk - ok
21:24:49.0953 3580 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:24:50.0046 3580 FltMgr - ok
21:24:50.0125 3580 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:24:50.0140 3580 FontCache3.0.0.0 - ok
21:24:50.0140 3580 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:24:50.0265 3580 Fs_Rec - ok
21:24:50.0281 3580 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:24:50.0406 3580 Ftdisk - ok
21:24:50.0421 3580 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:24:50.0421 3580 GEARAspiWDM - ok
21:24:50.0437 3580 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:24:50.0531 3580 Gpc - ok
21:24:50.0640 3580 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:24:50.0656 3580 gupdate - ok
21:24:50.0656 3580 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:24:50.0671 3580 gupdatem - ok
21:24:50.0687 3580 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:24:50.0781 3580 HDAudBus - ok
21:24:50.0843 3580 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:24:50.0937 3580 helpsvc - ok
21:24:50.0984 3580 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
21:24:51.0093 3580 HidServ - ok
21:24:51.0109 3580 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:24:51.0265 3580 HidUsb - ok
21:24:51.0328 3580 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:24:51.0453 3580 hkmsvc - ok
21:24:51.0453 3580 hpn - ok
21:24:51.0515 3580 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:24:51.0562 3580 HTTP - ok
21:24:51.0609 3580 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:24:51.0750 3580 HTTPFilter - ok
21:24:51.0750 3580 i2omgmt - ok
21:24:51.0765 3580 i2omp - ok
21:24:51.0781 3580 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:24:51.0906 3580 i8042prt - ok
21:24:52.0000 3580 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:24:52.0015 3580 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:24:52.0015 3580 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:24:52.0078 3580 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:24:52.0125 3580 idsvc - ok
21:24:52.0140 3580 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:24:52.0234 3580 Imapi - ok
21:24:52.0265 3580 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:24:52.0375 3580 ImapiService - ok
21:24:52.0375 3580 ini910u - ok
21:24:52.0578 3580 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:24:52.0859 3580 IntcAzAudAddService - ok
21:24:52.0906 3580 IntelIde - ok
21:24:52.0937 3580 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:24:53.0140 3580 Ip6Fw - ok
21:24:53.0171 3580 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:24:53.0296 3580 IpFilterDriver - ok
21:24:53.0312 3580 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:24:53.0406 3580 IpInIp - ok
21:24:53.0453 3580 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:24:53.0546 3580 IpNat - ok
21:24:54.0125 3580 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Programme\iPod\bin\iPodService.exe
21:24:54.0156 3580 iPod Service - ok
21:24:54.0171 3580 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:24:54.0265 3580 IPSec - ok
21:24:54.0296 3580 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:24:54.0390 3580 IRENUM - ok
21:24:54.0406 3580 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:24:54.0500 3580 isapnp - ok
21:24:54.0609 3580 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
21:24:54.0609 3580 JavaQuickStarterService - ok
21:24:54.0640 3580 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:24:54.0750 3580 Kbdclass - ok
21:24:54.0796 3580 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:24:54.0906 3580 kmixer - ok
21:24:54.0921 3580 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:24:54.0984 3580 KSecDD - ok
21:24:55.0015 3580 [ D1968DEA7BAFF4A917858C384339CEC8 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
21:24:55.0031 3580 L8042Kbd - ok
21:24:55.0031 3580 [ D6FC755FF505D99E6CC73E83492310DF ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
21:24:55.0046 3580 L8042mou - ok
21:24:55.0078 3580 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:24:55.0109 3580 lanmanserver - ok
21:24:55.0171 3580 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:24:55.0218 3580 lanmanworkstation - ok
21:24:55.0234 3580 lbrtfdc - ok
21:24:55.0296 3580 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
21:24:55.0312 3580 LBTServ - ok
21:24:55.0343 3580 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:24:55.0343 3580 LHidFilt - ok
21:24:55.0375 3580 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:24:55.0468 3580 LmHosts - ok
21:24:55.0484 3580 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:24:55.0500 3580 LMouFilt - ok
21:24:55.0515 3580 [ C149BDAD13194DF16EA33F9F601ED7BF ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:24:55.0531 3580 LMouKE - ok
21:24:55.0578 3580 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:24:55.0578 3580 LVPr2Mon - ok
21:24:55.0640 3580 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
21:24:55.0656 3580 LVPrcSrv - ok
21:24:55.0687 3580 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:24:55.0703 3580 LVRS - ok
21:24:55.0718 3580 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:24:55.0734 3580 LVUSBSta - ok
21:24:55.0750 3580 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:24:55.0750 3580 MBAMProtector - ok
21:24:55.0843 3580 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:24:55.0859 3580 MBAMScheduler - ok
21:24:55.0906 3580 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:24:55.0921 3580 MBAMService - ok
21:24:56.0000 3580 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
21:24:56.0015 3580 MDM - ok
21:24:56.0046 3580 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:24:56.0265 3580 Messenger - ok
21:24:56.0359 3580 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
21:24:56.0375 3580 Microsoft Office Groove Audit Service - ok
21:24:56.0421 3580 [ C8907D722B398D002C227F08761B5687 ] MIINPazX C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
21:24:56.0437 3580 MIINPazX ( UnsignedFile.Multi.Generic ) - warning
21:24:56.0437 3580 MIINPazX - detected UnsignedFile.Multi.Generic (1)
21:24:56.0453 3580 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:24:56.0562 3580 mnmdd - ok
21:24:56.0609 3580 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:24:56.0703 3580 mnmsrvc - ok
21:24:56.0734 3580 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:24:56.0843 3580 Modem - ok
21:24:56.0859 3580 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:24:56.0984 3580 Mouclass - ok
21:24:57.0031 3580 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:24:57.0171 3580 mouhid - ok
21:24:57.0187 3580 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:24:57.0265 3580 MountMgr - ok
21:24:57.0328 3580 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:24:57.0343 3580 MozillaMaintenance - ok
21:24:57.0359 3580 mraid35x - ok
21:24:57.0359 3580 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:24:57.0453 3580 MRxDAV - ok
21:24:57.0484 3580 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:24:57.0578 3580 MRxSmb - ok
21:24:57.0671 3580 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:24:57.0765 3580 MSDTC - ok
21:24:57.0781 3580 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:24:57.0890 3580 Msfs - ok
21:24:57.0953 3580 MSIServer - ok
21:24:57.0968 3580 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:24:58.0062 3580 MSKSSRV - ok
21:24:58.0078 3580 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:24:58.0171 3580 MSPCLOCK - ok
21:24:58.0218 3580 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:24:58.0312 3580 MSPQM - ok
21:24:58.0328 3580 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:24:58.0406 3580 mssmbios - ok
21:24:58.0437 3580 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:24:58.0531 3580 MSTEE - ok
21:24:58.0562 3580 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:24:58.0593 3580 MTsensor - ok
21:24:58.0609 3580 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:24:58.0656 3580 Mup - ok
21:24:58.0671 3580 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:24:58.0781 3580 NABTSFEC - ok
21:24:58.0859 3580 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:24:58.0968 3580 napagent - ok
21:24:59.0078 3580 [ 89844C3D3A7AAE8999E229C88E452633 ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
21:24:59.0109 3580 NBService ( UnsignedFile.Multi.Generic ) - warning
21:24:59.0109 3580 NBService - detected UnsignedFile.Multi.Generic (1)
21:24:59.0156 3580 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:24:59.0234 3580 NDIS - ok
21:24:59.0250 3580 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:24:59.0359 3580 NdisIP - ok
21:24:59.0375 3580 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:24:59.0421 3580 NdisTapi - ok
21:24:59.0453 3580 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:24:59.0546 3580 Ndisuio - ok
21:24:59.0562 3580 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:24:59.0656 3580 NdisWan - ok
21:24:59.0671 3580 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:24:59.0703 3580 NDProxy - ok
21:24:59.0718 3580 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:24:59.0812 3580 NetBIOS - ok
21:24:59.0843 3580 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:24:59.0937 3580 NetBT - ok
21:24:59.0984 3580 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:25:00.0078 3580 NetDDE - ok
21:25:00.0078 3580 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:25:00.0171 3580 NetDDEdsdm - ok
21:25:00.0218 3580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:25:00.0312 3580 Netlogon - ok
21:25:00.0375 3580 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:25:00.0468 3580 Netman - ok
21:25:00.0546 3580 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:25:00.0562 3580 NetTcpPortSharing - ok
21:25:00.0609 3580 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:25:00.0640 3580 Nla - ok
21:25:00.0671 3580 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
21:25:00.0781 3580 nm - ok
21:25:00.0859 3580 [ 8DD0CDB0C700992D10169D8769EF5F43 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
21:25:00.0875 3580 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
21:25:00.0875 3580 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
21:25:00.0906 3580 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:25:00.0984 3580 Npfs - ok
21:25:01.0046 3580 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:25:01.0187 3580 Ntfs - ok
21:25:01.0203 3580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:25:01.0281 3580 NtLmSsp - ok
21:25:01.0375 3580 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:25:01.0468 3580 NtmsSvc - ok
21:25:01.0500 3580 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:25:01.0593 3580 Null - ok
21:25:01.0890 3580 [ C190757A29A9BC0199032F353DD2557A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:25:02.0265 3580 nv - ok
21:25:02.0453 3580 [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:25:02.0578 3580 NVENETFD - ok
21:25:02.0609 3580 [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:25:02.0640 3580 nvnetbus - ok
21:25:02.0765 3580 [ 8D64B827A6709C3D18F855619D7D89E9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:25:02.0812 3580 NVSvc - ok
21:25:02.0843 3580 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:25:03.0062 3580 NwlnkFlt - ok
21:25:03.0062 3580 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:25:03.0171 3580 NwlnkFwd - ok
21:25:03.0281 3580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
21:25:03.0312 3580 odserv - ok
21:25:03.0359 3580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:25:03.0359 3580 ose - ok
21:25:03.0390 3580 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:25:03.0468 3580 Parport - ok
21:25:03.0500 3580 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:25:03.0578 3580 PartMgr - ok
21:25:03.0609 3580 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:25:03.0718 3580 ParVdm - ok
21:25:03.0765 3580 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:25:03.0796 3580 pccsmcfd - ok
21:25:03.0812 3580 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:25:03.0906 3580 PCI - ok
21:25:03.0906 3580 PCIDump - ok
21:25:03.0921 3580 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:25:04.0015 3580 PCIIde - ok
21:25:04.0062 3580 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:25:04.0156 3580 Pcmcia - ok
21:25:04.0171 3580 PDCOMP - ok
21:25:04.0171 3580 PDFRAME - ok
21:25:04.0187 3580 PDRELI - ok
21:25:04.0203 3580 PDRFRAME - ok
21:25:04.0234 3580 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\WINDOWS\system32\DRIVERS\lv302af.sys
21:25:04.0250 3580 pepifilter - ok
21:25:04.0250 3580 perc2 - ok
21:25:04.0265 3580 perc2hib - ok
21:25:04.0281 3580 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
21:25:04.0296 3580 pfc ( UnsignedFile.Multi.Generic ) - warning
21:25:04.0296 3580 pfc - detected UnsignedFile.Multi.Generic (1)
21:25:04.0421 3580 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:25:04.0546 3580 PID_PEPI - ok
21:25:04.0625 3580 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:25:04.0656 3580 PlugPlay - ok
21:25:04.0703 3580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:25:04.0781 3580 PolicyAgent - ok
21:25:04.0812 3580 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:25:04.0906 3580 PptpMiniport - ok
21:25:04.0937 3580 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:25:05.0031 3580 Processor - ok
21:25:05.0046 3580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:25:05.0125 3580 ProtectedStorage - ok
21:25:05.0140 3580 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:25:05.0218 3580 PSched - ok
21:25:05.0218 3580 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:25:05.0328 3580 Ptilink - ok
21:25:05.0343 3580 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:25:05.0359 3580 PxHelp20 - ok
21:25:05.0359 3580 ql1080 - ok
21:25:05.0375 3580 Ql10wnt - ok
21:25:05.0390 3580 ql12160 - ok
21:25:05.0390 3580 ql1240 - ok
21:25:05.0406 3580 ql1280 - ok
21:25:05.0406 3580 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:25:05.0500 3580 RasAcd - ok
21:25:05.0546 3580 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:25:05.0640 3580 RasAuto - ok
21:25:05.0671 3580 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:25:05.0765 3580 Rasl2tp - ok
21:25:05.0828 3580 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:25:05.0921 3580 RasMan - ok
21:25:05.0937 3580 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:25:06.0015 3580 RasPppoe - ok
21:25:06.0015 3580 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:25:06.0140 3580 Raspti - ok
21:25:06.0156 3580 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:25:06.0250 3580 Rdbss - ok
21:25:06.0265 3580 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:25:06.0375 3580 RDPCDD - ok
21:25:06.0421 3580 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:25:06.0437 3580 RDPWD - ok
21:25:06.0468 3580 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:25:06.0578 3580 RDSessMgr - ok
21:25:06.0593 3580 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:25:06.0687 3580 redbook - ok
21:25:06.0765 3580 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:25:06.0859 3580 RemoteAccess - ok
21:25:06.0921 3580 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:25:07.0015 3580 RpcLocator - ok
21:25:07.0078 3580 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:25:07.0093 3580 RpcSs - ok
21:25:07.0125 3580 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:25:07.0234 3580 RSVP - ok
21:25:07.0281 3580 [ C3880BF1BAD0B8EB69EFB07A9C3FA7D9 ] RTLWUSB C:\WINDOWS\system32\DRIVERS\wg111v2.sys
21:25:07.0328 3580 RTLWUSB - ok
21:25:07.0359 3580 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\WINDOWS\system32\DRIVERS\s0017bus.sys
21:25:07.0375 3580 s0017bus - ok
21:25:07.0421 3580 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:25:07.0500 3580 SamSs - ok
21:25:07.0546 3580 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:25:07.0640 3580 SCardSvr - ok
21:25:07.0703 3580 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:25:07.0781 3580 Schedule - ok
21:25:07.0828 3580 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:25:07.0906 3580 Secdrv - ok
21:25:07.0953 3580 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:25:08.0046 3580 seclogon - ok
21:25:08.0109 3580 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:25:08.0203 3580 SENS - ok
21:25:08.0218 3580 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:25:08.0312 3580 serenum - ok
21:25:08.0328 3580 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:25:08.0421 3580 Serial - ok
21:25:08.0453 3580 serviceIEConfig - ok
21:25:08.0578 3580 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
21:25:08.0609 3580 ServiceLayer - ok
21:25:08.0687 3580 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:25:08.0765 3580 Sfloppy - ok
21:25:08.0843 3580 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:25:08.0968 3580 SharedAccess - ok
21:25:09.0000 3580 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:25:09.0015 3580 ShellHWDetection - ok
21:25:09.0015 3580 Simbad - ok
21:25:09.0140 3580 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
21:25:09.0140 3580 SkypeUpdate - ok
21:25:09.0171 3580 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:25:09.0265 3580 SLIP - ok
21:25:09.0359 3580 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:25:09.0375 3580 Sony Ericsson PCCompanion - ok
21:25:09.0390 3580 Sparrow - ok
21:25:09.0421 3580 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:25:09.0515 3580 splitter - ok
21:25:09.0562 3580 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:25:09.0593 3580 Spooler - ok
21:25:09.0625 3580 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:25:09.0718 3580 sr - ok
21:25:09.0765 3580 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:25:09.0859 3580 srservice - ok
21:25:09.0890 3580 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:25:09.0937 3580 Srv - ok
21:25:09.0984 3580 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:25:10.0078 3580 SSDPSRV - ok
21:25:10.0093 3580 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:25:10.0109 3580 ssmdrv - ok
21:25:10.0203 3580 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:25:10.0328 3580 stisvc - ok
21:25:10.0359 3580 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:25:10.0468 3580 streamip - ok
21:25:10.0484 3580 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:25:10.0562 3580 swenum - ok
21:25:10.0593 3580 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:25:10.0687 3580 swmidi - ok
21:25:10.0718 3580 SwPrv - ok
21:25:10.0734 3580 symc810 - ok
21:25:10.0750 3580 symc8xx - ok
21:25:10.0750 3580 sym_hi - ok
21:25:10.0765 3580 sym_u3 - ok
21:25:10.0781 3580 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:25:10.0859 3580 sysaudio - ok
21:25:10.0921 3580 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:25:11.0015 3580 SysmonLog - ok
21:25:11.0062 3580 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:25:11.0156 3580 TapiSrv - ok
21:25:11.0171 3580 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:25:11.0234 3580 Tcpip - ok
21:25:11.0265 3580 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:25:11.0343 3580 TDPIPE - ok
21:25:11.0343 3580 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:25:11.0453 3580 TDTCP - ok
21:25:11.0468 3580 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:25:11.0546 3580 TermDD - ok
21:25:11.0625 3580 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:25:11.0734 3580 TermService - ok
21:25:11.0796 3580 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:25:11.0812 3580 Themes - ok
21:25:11.0812 3580 TosIde - ok
21:25:11.0875 3580 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:25:11.0953 3580 TrkWks - ok
21:25:12.0000 3580 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:25:12.0093 3580 Udfs - ok
21:25:12.0109 3580 ultra - ok
21:25:12.0140 3580 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:25:12.0234 3580 Update - ok
21:25:12.0312 3580 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:25:12.0390 3580 upnphost - ok
21:25:12.0453 3580 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:25:12.0546 3580 UPS - ok
21:25:12.0562 3580 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:25:12.0656 3580 usbaudio - ok
21:25:12.0671 3580 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:25:12.0750 3580 usbccgp - ok
21:25:12.0750 3580 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:25:12.0843 3580 usbehci - ok
21:25:12.0859 3580 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:25:12.0937 3580 usbhub - ok
21:25:12.0968 3580 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:25:13.0046 3580 usbohci - ok
21:25:13.0093 3580 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:25:13.0187 3580 usbprint - ok
21:25:13.0234 3580 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:25:13.0312 3580 usbscan - ok
21:25:13.0359 3580 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\DRIVERS\usbser.sys
21:25:13.0453 3580 usbser - ok
21:25:13.0468 3580 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:25:13.0562 3580 USBSTOR - ok
21:25:13.0593 3580 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:25:13.0687 3580 VgaSave - ok
21:25:13.0687 3580 ViaIde - ok
21:25:13.0718 3580 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:25:13.0796 3580 VolSnap - ok
21:25:13.0859 3580 [ 0354BA3A5BA5E28CC247EB5F5DD8793C ] vsdatant C:\WINDOWS\system32\vsdatant.sys
21:25:13.0875 3580 vsdatant - ok
21:25:13.0937 3580 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:25:14.0015 3580 VSS - ok
21:25:14.0062 3580 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:25:14.0171 3580 W32Time - ok
21:25:14.0203 3580 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:25:14.0312 3580 Wanarp - ok
21:25:14.0343 3580 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:25:14.0375 3580 Wdf01000 - ok
21:25:14.0390 3580 WDICA - ok
21:25:14.0421 3580 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:25:14.0546 3580 wdmaud - ok
21:25:14.0609 3580 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:25:14.0718 3580 WebClient - ok
21:25:14.0781 3580 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:25:14.0906 3580 winmgmt - ok
21:25:14.0984 3580 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:25:15.0046 3580 WmdmPmSN - ok
21:25:15.0062 3580 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:25:15.0140 3580 WmiAcpi - ok
21:25:15.0187 3580 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:25:15.0265 3580 WmiApSrv - ok
21:25:15.0375 3580 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:25:15.0453 3580 WMPNetworkSvc - ok
21:25:15.0484 3580 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:25:15.0500 3580 WpdUsb - ok
21:25:15.0515 3580 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:25:15.0640 3580 WS2IFSL - ok
21:25:15.0671 3580 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:25:15.0765 3580 wscsvc - ok
21:25:15.0796 3580 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:25:15.0890 3580 WSTCODEC - ok
21:25:15.0937 3580 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:25:16.0031 3580 wuauserv - ok
21:25:16.0046 3580 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:25:16.0109 3580 WudfPf - ok
21:25:16.0140 3580 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:25:16.0171 3580 WudfRd - ok
21:25:16.0234 3580 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:25:16.0265 3580 WudfSvc - ok
21:25:16.0312 3580 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:25:16.0437 3580 WZCSVC - ok
21:25:16.0500 3580 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:25:16.0593 3580 xmlprov - ok
21:25:16.0609 3580 ZSMC301b - ok
21:25:16.0609 3580 ================ Scan global ===============================
21:25:16.0718 3580 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:25:16.0781 3580 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:25:16.0828 3580 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:25:16.0859 3580 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:25:16.0859 3580 [Global] - ok
21:25:16.0859 3580 ================ Scan MBR ==================================
21:25:16.0890 3580 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:25:17.0125 3580 \Device\Harddisk0\DR0 - ok
21:25:17.0125 3580 ================ Scan VBR ==================================
21:25:17.0140 3580 [ 639AD97F5F96C9A03EFBD90AB3981C58 ] \Device\Harddisk0\DR0\Partition1
21:25:17.0140 3580 \Device\Harddisk0\DR0\Partition1 - ok
21:25:17.0140 3580 ============================================================
21:25:17.0140 3580 Scan finished
21:25:17.0140 3580 ============================================================
21:25:17.0265 3292 Detected object count: 9
21:25:17.0265 3292 Actual detected object count: 9
21:26:00.0312 3292 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0312 3292 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0312 3292 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0312 3292 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0312 3292 cdrbsvsd ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0312 3292 cdrbsvsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0312 3292 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0312 3292 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0312 3292 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0312 3292 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0328 3292 MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0328 3292 MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0328 3292 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0328 3292 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0328 3292 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0328 3292 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:00.0328 3292 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
21:26:00.0328 3292 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:26:41.0734 5288 Deinitialize success
|
|
16.10.2012, 14:52
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.10.2012, 19:50
| #29 |
| | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Hi Cosinus! Leider selbes Problem wie auf dem Rechner meiner Mum.. Ich habe alles befolgt, wie Du es geschrieben hast. Nachdem ComboFix fertig war, war nur noch das Fenster und mein Hintergrundbild da. Keine Startleiste mehr, nichts mehr auf dem Desktop (keine Icons). Daraufhin hab ich den Rechner runtergefahren und wieder hoch. (in 3 Versuchen, immer mit dem gleichen Ergebnis) combofix scheint also wieder nicht zu funktionieren.. das einzige was ich bekomme ist dieses mal das hier: Autoscan: Suche nach infizierten Dateien: Dies dauert in der Regel nicht länger als 10 Min, bei stark infizierten Rechnern kann sich die Zeit leicht verdoppeln.. Fertiggestellt Stufe_1 . . . Fertiggestellt Stufe_50 Lösche Dateien C:\Dokumente und Einstellungen\andy\Favoriten\Games.url C:\WINDOWS\IsUn0407.exe C:\WINDOWS\system32\msstdfmt.dll C:\WINDOWS\system32\URITemp\regtlib.exe C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll Lösche Ordner C:\Dokumente und Einstellungen\andy\4.0 _ (Cursor blinkt und es passiert nichts mehr, habe ein-einviertel Stunden gewartet) Das wars.. Ich habe alle Programme beendet, selbst die Windows Firewall und weder eine Taste noch die Maus berührt.. Was soll ich tun? Bei meiner Mum hatten wir auf NTFS umgestellt - sollen wir das wieder tun? Liebe Grüße, ANDY |
|
17.10.2012, 13:49
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan Glaub ich zwar nicht, dass es an FAT32 liegt, aber konvertieren sollten wir Wie das geht weißt du noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 7 Infizierte Registrierungsschlüssel (Trojan.BHO) nach Malwarebytes Anti-Malware Scan |
| 7-zip, bonjour, browser, canon, desktop, dllhost.exe, error, excel, fehler, flash player, google, home, infizierte registrierungsschlüssel, launch, lws.exe, mozilla, mp3, netgear, office 2007, programm, prozesse, realtek, registry, revo uninstaller, rundll, scan, security, software, speicherplatz, super, svchost.exe, system, trojan.bho, usb 2.0, warnung, windows, windows internet |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
