|
Log-Analyse und Auswertung: Zugriff auf web.de-Postfach verweigert - BotnetzWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.11.2012, 19:16 | #1 |
| Zugriff auf web.de-Postfach verweigert - Botnetz Guten Abend, ich habe folgendes Problem. Als ich vor kurzem auf mein Postfach zugegriffen habe ist mir aufgefallen, dass ich ganze viele E-Mails verschickt haben soll (was ich nicht habe) und diese per Mailer Daemon wieder an mich zurückgesendet wurden. Kurz darauf wurde mein Mail-Account bei web.de gesperrt, mit folgender Nachricht: Unbefugte haben kürzlich auf Ihr Postfach zugegriffen. Um Sie und Ihre Daten zu schützen, haben wir Ihr Postfach daher gesperrt. ------- Sehr geehrter WEB.DE Nutzer, unser Sicherheits-Team hat den Versuch eines unbefugten Zugriffs auf Ihr Postfach festgestellt. Es besteht der dringende Verdacht, dass Ihr Postfach für den Spam-Versand missbraucht wurde oder dass sich Dritte unbefugt Zugriff verschafft haben. Um dies zu unterbinden, haben wir Ihr Postfach zu Ihrer und zu unserer Sicherheit vorsorglich für den Login gesperrt. Um Ihr Postfach wieder freizuschalten, gehen Sie bitte wie folgt vor: Führen Sie bitte umgehend einen Virenscan durch. Falls Sie keinen Virenscanner besitzen, besuchen Sie zunächst unsere Partnerseite https://www.botfrei.de/webde/ und laden sich den dort angebotenen Virenscanner herunter. Wenden Sie sich dann bitte zur Entsperrung Ihres Postfachs an unseren Kundenservice. Wir haben dazu eine kostenlose Rufnummer bereitgestellt: 0800 932 3322 Montag bis Freitag: 8 - 18 Uhr Samstag und Sonntag: 10 - 18 Uhr Uns ist die Sicherheit Ihres Postfachs und Ihrer Daten wichtig. Bitte helfen Sie uns, gemeinsam eine hohe Datenqualität zu erhalten und den vollen Funktionsumfang Ihres Postfachs zu gewährleisten. Vielen Dank für Ihre Mitwirkung! WEB.DE Abuse Abteilung ------ Das Schicksal hat wohl bereits einige erreicht, wie ich im Internet nachlesen durfte. Ich habe daraufhin einen Scan mit Malwarebytes und Avira gemacht. Avira hat tatsächlich etwas gefunden. Ich habe den Trojaner dann gelöscht (ich weis, das soll man nicht) aber der darauffolgende Scan ergab wieder einen Fund (den ich diesmal in die Quarantäne verschoben habe). Ich würde mich wirklich freuen, wenn mir einer von Euch weiterhelfen könnte. Ich arbeite mal die Checkliste ab und poste die Ergebnisse. Vielen Dank im Voraus Mit freundlichen Grüßen Wilms Die defogger disable log file: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:04 on 15/11/2012 (AnGoe) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 19:19:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AnGoe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,82% Memory free 4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 7,04 Gb Free Space | 10,11% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 6,32 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Drive F: | 14,91 Gb Total Space | 14,27 Gb Free Space | 95,75% Space Free | Partition Type: FAT32 Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe PRC - [2012.11.04 10:32:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe ========== Modules (No Company Name) ========== MOD - [2012.11.04 10:32:12 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7) SRV - [2012.11.04 10:32:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1) SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer) SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled) DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 10:32:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions [2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E} [2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com [2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged [2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions [2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\staged [2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com [2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012.11.04 10:32:17 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.15 19:04:15 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.02.04 11:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 10:32:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.04.27 18:40:04 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.11.04 10:32:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.27 18:40:04 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.04.27 18:40:04 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.11.04 10:32:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.04.27 18:40:04 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15173 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 19:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\TB [2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD_retreat_endgültige Versionen [2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD-draft [2012.10.26 23:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.10.23 21:30:09 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\AngioQuant [2012.10.23 19:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\MathWorks [2012.10.17 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Avira [2012.10.17 17:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.10.17 17:12:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.17 17:12:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.17 17:12:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 17:12:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.17 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.15 19:24:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2012.11.15 19:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\AnGoe\defogger_reenable [2012.11.15 18:39:49 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 18:39:49 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 18:39:49 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 18:39:49 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 18:39:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.15 18:35:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:47:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.11.14 22:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.14 22:28:25 | 000,216,064 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat [2012.10.26 23:25:29 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.26 23:25:28 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.18 18:51:56 | 083,023,306 | ---- | M] () -- C:\ProgramData\gifnocsm.pad [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 17:13:40 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 13:47:21 | 083,023,306 | ---- | M] () -- C:\ProgramData\dapeton.pad [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\AnGoe\defogger_reenable [2012.10.26 23:25:29 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.26 23:25:28 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad [2012.10.17 17:13:40 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad [2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini [2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\AnGoe\.recently-used.xbel [2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll [2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe [2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini [2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini [2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm [2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\AnGoe\ntuser.pol [2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\AnGoe\PCPanel2.ini [2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\AnGoe\.perlprimer [2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat [2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat [2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf [2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat [2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.16 00:49:06 | 000,216,064 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 19:19:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AnGoe\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 43,82% Memory free 4,23 Gb Paging File | 2,90 Gb Available in Paging File | 68,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 7,04 Gb Free Space | 10,11% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 6,32 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Drive F: | 14,91 Gb Total Space | 14,27 Gb Free Space | 95,75% Space Free | Partition Type: FAT32 Computer Name: MENKOU | User Name: AnGoe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe PRC - [2012.11.04 10:32:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe ========== Modules (No Company Name) ========== MOD - [2012.11.04 10:32:12 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7) SRV - [2012.11.04 10:32:12 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1) SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer) SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled) DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.04 10:32:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions [2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E} [2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com [2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged [2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions [2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.15 19:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\staged [2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\AnGoe\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com [2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012.11.04 10:32:17 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.15 19:04:15 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\AnGoe\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.02.04 11:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.04 10:32:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.04.27 18:40:04 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.11.04 10:32:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.27 18:40:04 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.04.27 18:40:04 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.11.04 10:32:10 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.04.27 18:40:04 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\AnGoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15173 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\AnGoe\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 19:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\TB [2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD_retreat_endgültige Versionen [2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\PhD-draft [2012.10.26 23:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.10.23 21:30:09 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\Desktop\AngioQuant [2012.10.23 19:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\MathWorks [2012.10.17 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\AnGoe\AppData\Roaming\Avira [2012.10.17 17:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 17:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.10.17 17:12:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.17 17:12:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.17 17:12:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 17:12:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.17 17:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\AnGoe\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.15 19:24:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnGoe\Desktop\OTL.exe [2012.11.15 19:05:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\AnGoe\defogger_reenable [2012.11.15 18:39:49 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 18:39:49 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 18:39:49 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 18:39:49 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 18:39:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.15 18:35:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:47:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 17:47:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.11.14 22:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.14 22:28:25 | 000,216,064 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat [2012.10.26 23:25:29 | 000,001,642 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.26 23:25:28 | 000,001,657 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.18 18:51:56 | 083,023,306 | ---- | M] () -- C:\ProgramData\gifnocsm.pad [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.17 17:13:40 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 13:47:21 | 083,023,306 | ---- | M] () -- C:\ProgramData\dapeton.pad [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\AnGoe\Desktop\*.tmp files -> C:\Users\AnGoe\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\AnGoe\defogger_reenable [2012.10.26 23:25:29 | 000,001,642 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.10.26 23:25:28 | 000,001,657 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad [2012.10.17 17:13:40 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad [2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini [2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\AnGoe\.recently-used.xbel [2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll [2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe [2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini [2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini [2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\AnGoe\AppData\Local\keyfile3.drm [2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\AnGoe\ntuser.pol [2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\AnGoe\PCPanel2.ini [2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\AnGoe\.perlprimer [2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\d3d9caps.dat [2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.cat [2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\pcouffin.inf [2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\AnGoe\AppData\Roaming\wklnhst.dat [2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.16 00:49:06 | 000,216,064 | ---- | C] () -- C:\Users\AnGoe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
17.11.2012, 12:36 | #2 | |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - BotnetzMein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Zitat:
Bitte alle Logs mit Funden posten Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
21.11.2012, 09:50 | #3 |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Fehlende Rückmeldung
__________________Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
28.11.2012, 10:10 | #4 |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, die Logdateien sind zu alt, wir benötigen neue. Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex netsvcs msconfig drivers32 safebootminimal safebootnetwork hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
28.11.2012, 23:50 | #5 |
| Zugriff auf web.de-Postfach verweigert - Botnetz hallo M-K-D-B, freut mich sehr, dass es doch noch klappt. Ich bin immer relativ lange bei der Arbeit, deshalb werde ich meistens erst gegen Abend antworten. Ich hoffe, das ist okay. Ich arbeite jetzt mal die Schritte ab und poste die Ergebnisse. Viele Grüße OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2012 23:44:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,90% Memory free 4,24 Gb Paging File | 3,08 Gb Available in Paging File | 72,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 21,23 Gb Free Space | 30,48% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS Drive H: | 1,86 Gb Total Space | 0,27 Gb Free Space | 14,75% Space Free | Partition Type: FAT32 Computer Name: MENKOU | User Name: ..... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7) SRV - [2012.11.20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1) SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer) SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled) DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235} IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.26 21:57:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions [2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E} [2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com [2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged [2012.11.15 21:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions [2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com [2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012.11.15 21:46:43 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.26 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.20 07:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.03.12 20:04:27 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15173 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\.....\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\.....\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10EB7847-2806-9C49-4815-4E64A85A606E} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8E9EDC1B-5B74-8111-B966-47D72A703524} - Microsoft Windows Media Player 11.0 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig - StartUpReg: CamAppSTI.exe - hkey= - key= - C:\Programme\AVEO USB2.0 PC Camera\CamAppSTI.exe (AVEO) MsConfig - StartUpReg: Cm108Sound - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) MsConfig - StartUpReg: PLFSet - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: RemoTerm.exe - hkey= - key= - File not found MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - File not found MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: VolPanel - hkey= - key= - C:\Program Files\Creative\Sound Blaster Play\Volume Panel\VolPanlu.exe (Creative Technology Ltd) MsConfig - StartUpReg: WarReg_PopUp - hkey= - key= - C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\sx_cam_i420.dll (Xirlink, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 23:39:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe [2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.11.23 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\FolderSize [2012.11.23 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything [2012.11.23 13:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Everything [2012.11.18 10:42:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.18 10:42:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.18 10:42:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.18 10:42:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.18 10:42:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.18 10:42:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.18 10:42:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.18 10:42:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\.....\.imagej [2012.11.17 11:46:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.17 11:45:47 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\TB [2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\PhD_retreat_endgültige Versionen [2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\.....\Desktop\PhD-draft [2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\.....\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\.....\Desktop\*.tmp files -> C:\Users\.....\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.28 23:44:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job [2012.11.28 23:35:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 23:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.28 22:48:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 22:48:28 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 21:03:03 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.28 21:03:03 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.28 21:03:03 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.28 21:03:03 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.28 20:49:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.28 20:48:29 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.11.28 20:48:19 | 244,118,311 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.28 00:08:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.26 23:19:13 | 000,222,720 | ---- | M] () -- C:\Users\.....\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.26 21:57:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.22 18:45:18 | 000,420,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe [2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\.....\defogger_reenable [2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\.....\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\.....\Desktop\*.tmp files -> C:\Users\.....\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.26 21:57:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\.....\defogger_reenable [2012.10.18 18:47:06 | 083,023,306 | ---- | C] () -- C:\ProgramData\gifnocsm.pad [2012.10.16 23:34:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dapeton.pad [2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini [2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\.....\.recently-used.xbel [2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll [2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe [2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini [2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini [2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\.....\AppData\Local\keyfile3.drm [2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\.....\ntuser.pol [2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\.....\PCPanel2.ini [2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\.....\.perlprimer [2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\.....\AppData\Local\d3d9caps.dat [2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\.....\AppData\Roaming\pcouffin.cat [2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\.....\AppData\Roaming\pcouffin.inf [2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\.....\AppData\Roaming\wklnhst.dat [2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.16 00:49:06 | 000,222,720 | ---- | C] () -- C:\Users\.....\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.11.20 07:17:52 | 000,890,008 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.11.20 07:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.10.31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.02.05 14:27:24 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.10.08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012.09.01 09:21:42 | 000,874,896 | ---- | M] (Opera Software) < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.11.2012 23:44:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\...\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,90% Memory free 4,24 Gb Paging File | 3,08 Gb Available in Paging File | 72,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 21,23 Gb Free Space | 30,48% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS Drive H: | 1,86 Gb Total Space | 0,27 Gb Free Space | 14,75% Space Free | Partition Type: FAT32 Computer Name: MENKOU | User Name: ... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.) "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST) "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E77E7F-DE13-4CF6-A9A9-C7578BBBEA2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{065C9460-F936-4941-AE68-B274DF7C7DF4}" = rport=138 | protocol=17 | dir=out | app=system | "{0BCDCBD0-43C0-45C9-87F4-F8D1DA30CFA8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{1EABA1C6-A240-4B2C-AE5C-73C44F2C9F5E}" = rport=139 | protocol=6 | dir=out | app=system | "{30D6649E-0305-4534-828B-A115E2FF35FD}" = lport=138 | protocol=17 | dir=in | app=system | "{4AEB381A-FCF1-4AA7-BF6E-99EE287EF7C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{58F3D252-8911-4F8B-92E9-3F7695D4CCBF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{66D87C95-50F0-44BA-9077-0237328C97E0}" = rport=445 | protocol=6 | dir=out | app=system | "{7260CD35-A51B-498C-B35F-925C8BE4D7C8}" = lport=445 | protocol=6 | dir=in | app=system | "{810BEBB9-DF61-4BD2-8164-A6FA487EA37B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{83527D8B-14B6-4AD9-A943-8EB5970887B2}" = rport=137 | protocol=17 | dir=out | app=system | "{864BAC36-752E-49DF-B940-7E81517EC749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9214F1D2-107F-4309-8E3B-B0246D092AD7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{95D0A141-A248-4A61-B7FB-2AFCEBA208CA}" = lport=2869 | protocol=6 | dir=in | app=system | "{A2C3D533-203D-4C20-B734-F9750911335D}" = lport=139 | protocol=6 | dir=in | app=system | "{A7DDC671-14A0-48A3-BD01-62F0CE4D4F68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{AC8D1D60-B24F-4E7C-A0B0-6AC9B113061C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1ABFF8A-F46D-4D43-A657-9125B3C1134B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{DA56E6D4-5D7B-4FDC-B86C-5E87492A83CF}" = lport=137 | protocol=17 | dir=in | app=system | "{F4E6236B-3F95-41BE-B004-55918741470A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1176668C-D6A8-46D7-98AE-517791695A56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{264F230D-AE95-4EB8-8E9D-65DA9066EF22}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | "{269B078E-7E8D-40BE-905E-D2B26944C8D5}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{37433D6E-F9AF-488E-869D-7260249F2683}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{379A2A16-EB7D-4024-ABAF-D12DC084EED4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{3CD4282D-7921-4C71-978D-E41E68B02695}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{480EB638-76A7-4094-94EF-1A6B24119727}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{587B7E37-A678-4498-9CA0-E63C6776DECC}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{5C647CD7-83AD-4093-A523-443F2BFB8334}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{630AC123-9284-4259-AE85-C134CE864F01}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | "{63E6143C-BBB9-41A7-B8A7-CEE8FD8B166F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{71F9E79D-E8E4-42EC-9BD2-20DED870E42F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{790FE5E6-453A-49F7-B915-D93D4D659E1C}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{7D45DE3A-904D-486F-817B-78F1E14D91BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9639F690-4D28-4990-A09E-973DAD9504C0}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{A7783587-535F-458D-AAAF-56F74FE2C6D2}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{B0C64015-0693-4E61-8EF2-153062D707D6}" = protocol=6 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | "{BFFFA56E-A5D9-42B0-AC92-A43CBF8671A4}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | "{CE851C04-E1FC-43BD-8B4D-512FF75397A3}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{CF743434-8C71-42B2-AA26-4C4DDF68C533}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{D412970E-83F2-4B62-B3D6-FB488D60B9B0}" = protocol=17 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | "{D4AF83A7-A298-4CFA-973F-1DB8421FCFCA}" = protocol=17 | dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | "{E117BF38-A0B1-4F95-80CA-31391F2273FB}" = protocol=6 | dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | "{E4106503-5FA1-4202-A495-A766BF249CAB}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{E53E6766-5029-4473-B404-6A6B54572DB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F1CDC54C-5686-4BAF-A76E-2F77AE56BA75}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | "{F5D3B397-3AF7-4627-9968-6AB1B050BFB6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{FD876DD9-1355-4B89-92F6-A6CA7A442ACC}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{0EDF04DA-E88A-4B6C-989C-EF369B206E45}C:\program files\imagej\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | "TCP Query User{16A21B4E-E6CE-4F27-85A0-7579BD276D4F}D:\applied biosystems\7500 fast system\sdsshell.exe" = protocol=6 | dir=in | app=d:\applied biosystems\7500 fast system\sdsshell.exe | "TCP Query User{46A32858-B65F-4F5D-8FDD-100A037A4AA2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{49C2B847-5E39-41EA-9B5A-83A685F6C601}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{50DA9D83-1AFE-44AC-835A-B19F5C56DF8F}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{5A57C19C-C6E8-48C1-8F2B-F125954EDF31}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{622C23CC-031B-4F9D-A397-B1326028F1C0}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{731FBD91-E9D0-438D-AE99-D2DE4F78E4E6}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{B521E8E8-5D1F-46AA-B1C1-57EECB91FC68}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{CDC6CAF7-59CE-4594-ADE4-FE4166159885}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe | "TCP Query User{DDD67533-F9BE-45A9-9A66-C9070AB9D120}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=6 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | "TCP Query User{DDD8484E-23A2-4D16-A723-4C753A484C20}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=6 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | "UDP Query User{110A4731-6541-4E37-A4E0-69A13DE5C06F}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{1CE0EC26-B122-4315-B2D7-6FCBA918EE7E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{1FD3C2FF-9BA3-443A-A72A-D0944C610F7B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{568F011F-C88C-429D-BC06-D65DEF3E2B4A}C:\program files\imagej\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\imagej\jre\bin\javaw.exe | "UDP Query User{60FB7D84-2A2C-413A-8429-5157B4196D64}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{622521CA-E6E9-431F-9ECE-B11E27A35427}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=17 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | "UDP Query User{6CE11091-A3E4-49D8-AE2F-9CD8C6DF918E}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe | "UDP Query User{74C9FF21-A374-4809-973B-06673F0427E8}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{A5B7F41D-FB0D-4017-963D-3F1CC30E0AD6}D:\applied biosystems\7500 fast system\sdsshell.exe" = protocol=17 | dir=in | app=d:\applied biosystems\7500 fast system\sdsshell.exe | "UDP Query User{C2C57145-DD8F-4D92-A722-1CC56239F1BE}D:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe" = protocol=17 | dir=in | app=d:\program files\leica microsystems cms gmbh\leica las af lite\bin\lasafapplication.exe | "UDP Query User{ED7FFC0B-DEB3-41F8-8292-0F4F1472080E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{EDC593FC-7D20-42A1-9791-C2C01960DD2E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E0C7BCA-4DE6-4CB3-A2D0-D0E99766BD43}" = Primer Express 3.0 "{0F0122E0-5665-4B91-9C71-85F98E20DCF2}" = Scion Image 4.0.3.2 "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean "{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation "{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding "{359E7E50-5ED2-466A-88A6-C36F8AB59018}" = MATLAB(R) Compiler Runtime 7.8 "{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 (Trial) "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{487C2D48-A9E3-4F34-92BD-B6A847025C16}" = Free eXPert PDF Reader "{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED "{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French "{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C8D0421-2896-45E0-AFDA-960BC2E2E2EF}" = Sound Blaster Play! "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "{6F96D3F2-E938-4275-82C0-F89125B3C62D}" = MATLAB Component Runtime "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera "{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update "{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal "{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7ADCF137-F6C0-4121-817D-A4AE98048794}" = Carl Zeiss AxioVision Rel. 4.8.2 "{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090 "{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1 "{88637F72-B46E-43F9-B306-6DA1FF478D51}" = WIDCOMM Bluetooth Software 6.0.1.3900 "{8DA83EA6-E731-4722-958D-613399AE1031}" = Nero 7 Essentials "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{958B08B0-C784-4A77-8D2B-C0A58F1E14B5}" = HP Officejet 6500 E710a-f Hilfe "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FFD78AC-16E3-4C6B-B8B9-2D739CF3F66D}" = Leica LAS AF Lite "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management "{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish "{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian "{BA0BE54D-BB87-4ED4-B5C5-5F7A8CE2B4EA}" = Scion FG Java Package for ImageJ "{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek "{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C04BADDA-A8E5-4460-8385-88F2A9E2A305}" = MATLAB Component Runtime 7.6 "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C51975DE-6450-4B3A-908F-5CA91494B1D3}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät "{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D4E01931-9B3F-49BD-B19B-511000A1E039}" = Samsung PC Studio II 2.0 PIMS & File Manager "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E6064576-236D-4C12-ACBD-BC8B606F9329}_is1" = CellProfiler 2.0 r10997 "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.053 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech "7-Zip" = 7-Zip 9.20 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALchemy" = Creative ALchemy "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CCleaner" = CCleaner "C-Media CM108 Like Sound Driver" = hama USB-Sound Card 7.1 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Creative Software AutoUpdate" = Creative Software AutoUpdate "DivX Setup" = DivX-Setup "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 8_is1" = DVDFab 8.0.6.1 (18/12/2010) "DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.1.6 (24/12/2010) "EndNote" = EndNote "Everything" = Everything 1.2.1.371 "FBDBServer1_is1" = Firebird 1.0.0.796 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "GENtle" = GENtle "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "ImageTool" = ImageTool "InstallShield_{0E0C7BCA-4DE6-4CB3-A2D0-D0E99766BD43}" = Primer Express 3.0 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "InstallShield_{A81A0CFE-7C45-46B8-93B4-8A4BEEC424E9}" = 7500 Fast System "InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers. "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "LManager" = Launch Manager "MAGIX Filme auf CD & DVD TerraTec Edition D" = MAGIX Filme auf CD & DVD TerraTec Edition 6.0.3.7 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US) "Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office 2007 Word Konverter_is1" = Office 2007 Word Konverter 1.0.1 "OpenVPN" = OpenVPN 2.1_rc15 "Opera 12.02.1578" = Opera 12.02 "Peak Drivers" = Peak Drivers "PerlPrimer" = PerlPrimer 1.1.16 "QuickTime" = QuickTime "realplex" = realplex "REST 2008_is1" = REST 2008 2.0.7 "Secunia PSI" = Secunia PSI (2.0.0.3003) "SynTPDeinstKey" = Synaptics Pointing Device Driver "SysInfo" = Creative Systeminformationen "TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50 "Update Engine" = Sony Ericsson Update Engine "Update Service" = Sony Ericsson Update Service "VLC media player" = VLC media player 2.0.1 "WinAce Archiver 2.0" = WinAce Archiver 2.0 "Winamp" = Winamp "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Works2005Setup" = Setup-Start von Microsoft Works 2005 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1364391621-1354317732-1358625866-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.11.2012 15:11:23 | Computer Name = menkou | Source = Perflib | ID = 1010 Description = Error - 16.11.2012 19:51:17 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 17.11.2012 04:20:27 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 18.11.2012 06:02:58 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 18.11.2012 16:49:14 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 21.11.2012 18:12:06 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 22.11.2012 14:04:00 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 23.11.2012 08:53:15 | Computer Name = menkou | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Everything.exe, Version 1.2.1.371, Zeitstempel 0x49b9b478, fehlerhaftes Modul Everything.exe, Version 1.2.1.371, Zeitstempel 0x49b9b478, Ausnahmecode 0xc0000005, Fehleroffset 0x00005f54, Prozess-ID 0x1298, Anwendungsstartzeit 01cdc977a971053b. Error - 23.11.2012 09:19:38 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 25.11.2012 11:51:24 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = Error - 27.11.2012 19:07:49 | Computer Name = menkou | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 27.11.2012 13:18:25 | Computer Name = menkou | Source = Service Control Manager | ID = 7000 Description = Error - 27.11.2012 14:48:12 | Computer Name = menkou | Source = DCOM | ID = 10010 Description = Error - 27.11.2012 17:01:40 | Computer Name = menkou | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker HP LaserJet 6L (Kopie 3) nicht unter dem Namen HP LaserJet 6L (Kopie 3) freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 27.11.2012 17:02:03 | Computer Name = menkou | Source = Service Control Manager | ID = 7000 Description = Error - 27.11.2012 17:32:44 | Computer Name = menkou | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 27.11.2012 um 22:13:23 unerwartet heruntergefahren. Error - 27.11.2012 17:33:13 | Computer Name = menkou | Source = Service Control Manager | ID = 7000 Description = Error - 27.11.2012 19:07:48 | Computer Name = menkou | Source = DCOM | ID = 10010 Description = Error - 28.11.2012 14:19:49 | Computer Name = menkou | Source = Service Control Manager | ID = 7000 Description = Error - 28.11.2012 15:48:29 | Computer Name = menkou | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 28.11.2012 um 20:44:24 unerwartet heruntergefahren. Error - 28.11.2012 15:49:17 | Computer Name = menkou | Source = Service Control Manager | ID = 7000 Description = < End of report > defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:59 on 28/11/2012 (....) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-29 00:03:01 ----------------------------- 00:03:01.802 OS Version: Windows 6.0.6002 Service Pack 2 00:03:01.802 Number of processors: 2 586 0xF0A 00:03:01.802 ComputerName: MENKOU UserName: AnGoe 00:03:02.645 Initialize success 00:08:00.927 AVAST engine defs: 12112801 00:08:10.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 00:08:10.802 Disk 0 Vendor: ST916082 3.AL Size: 152627MB BusType: 3 00:08:10.849 Disk 0 MBR read successfully 00:08:10.849 Disk 0 MBR scan 00:08:10.942 Disk 0 unknown MBR code 00:08:10.974 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048 00:08:11.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048 00:08:11.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264 00:08:11.083 Disk 0 scanning sectors +312578048 00:08:11.286 Disk 0 scanning C:\Windows\system32\drivers 00:08:49.038 Service scanning 00:10:57.207 Modules scanning 00:11:26.972 Disk 0 trace - called modules: 00:11:27.518 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 00:11:27.518 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f0faa0] 00:11:27.518 3 CLASSPNP.SYS[893c28b3] -> nt!IofCallDriver -> [0x85e18710] 00:11:27.534 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85e23030] 00:11:28.704 AVAST engine scan C:\Windows 00:11:34.616 AVAST engine scan C:\Windows\system32 00:17:15.273 AVAST engine scan C:\Windows\system32\drivers 00:18:04.975 AVAST engine scan C:\Users\AnGoe 00:22:13.608 AVAST engine scan C:\ProgramData 00:24:37.081 Scan finished successfully 00:26:44.012 Disk 0 MBR has been saved successfully to "C:\Users\AnGoe\Desktop\TB_Files_121128\MBR.dat" 00:26:44.044 The log file has been saved successfully to "C:\Users\AnGoe\Desktop\TB_Files_121128\aswMBR.txt" |
29.11.2012, 00:39 | #6 |
| Zugriff auf web.de-Postfach verweigert - Botnetz 00:28:21.0681 0252 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 00:28:21.0727 0252 ============================================================ 00:28:21.0727 0252 Current date / time: 2012/11/29 00:28:21.0727 00:28:21.0727 0252 SystemInfo: 00:28:21.0727 0252 00:28:21.0727 0252 OS Version: 6.0.6002 ServicePack: 2.0 00:28:21.0727 0252 Product type: Workstation 00:28:21.0727 0252 ComputerName: MENKOU 00:28:21.0727 0252 UserName: ...... 00:28:21.0727 0252 Windows directory: C:\Windows 00:28:21.0727 0252 System windows directory: C:\Windows 00:28:21.0727 0252 Processor architecture: Intel x86 00:28:21.0727 0252 Number of processors: 2 00:28:21.0727 0252 Page size: 0x1000 00:28:21.0727 0252 Boot type: Normal boot 00:28:21.0727 0252 ============================================================ 00:28:22.0289 0252 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 00:28:22.0305 0252 Drive \Device\Harddisk1\DR10 - Size: 0x775F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 00:28:22.0305 0252 ============================================================ 00:28:22.0305 0252 \Device\Harddisk0\DR0: 00:28:22.0320 0252 MBR partitions: 00:28:22.0320 0252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800 00:28:22.0320 0252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000 00:28:22.0320 0252 \Device\Harddisk1\DR10: 00:28:22.0320 0252 MBR partitions: 00:28:22.0320 0252 \Device\Harddisk1\DR10\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3BAD41 00:28:22.0320 0252 ============================================================ 00:28:22.0461 0252 C: <-> \Device\Harddisk0\DR0\Partition1 00:28:22.0648 0252 D: <-> \Device\Harddisk0\DR0\Partition2 00:28:22.0648 0252 ============================================================ 00:28:22.0648 0252 Initialize success 00:28:22.0648 0252 ============================================================ 00:28:27.0936 4928 ============================================================ 00:28:27.0936 4928 Scan started 00:28:27.0936 4928 Mode: Manual; 00:28:27.0936 4928 ============================================================ 00:28:28.0482 4928 ================ Scan system memory ======================== 00:28:28.0482 4928 System memory - ok 00:28:28.0482 4928 ================ Scan services ============================= 00:28:28.0810 4928 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 00:28:28.0810 4928 ACPI - ok 00:28:28.0872 4928 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:28:28.0872 4928 AdobeFlashPlayerUpdateSvc - ok 00:28:28.0919 4928 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 00:28:28.0919 4928 adp94xx - ok 00:28:28.0950 4928 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 00:28:28.0950 4928 adpahci - ok 00:28:28.0981 4928 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 00:28:28.0981 4928 adpu160m - ok 00:28:28.0997 4928 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 00:28:29.0013 4928 adpu320 - ok 00:28:29.0059 4928 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:28:29.0059 4928 AeLookupSvc - ok 00:28:29.0137 4928 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 00:28:29.0137 4928 AFD - ok 00:28:29.0153 4928 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:28:29.0169 4928 agp440 - ok 00:28:29.0200 4928 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 00:28:29.0200 4928 aic78xx - ok 00:28:29.0262 4928 [ 730E9D3BB324FB1899005AEA63C6782D ] aksfridge C:\Windows\system32\drivers\aksfridge.sys 00:28:29.0262 4928 aksfridge - ok 00:28:29.0309 4928 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 00:28:29.0309 4928 ALG - ok 00:28:29.0325 4928 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 00:28:29.0325 4928 aliide - ok 00:28:29.0356 4928 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 00:28:29.0356 4928 amdagp - ok 00:28:29.0371 4928 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 00:28:29.0371 4928 amdide - ok 00:28:29.0403 4928 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 00:28:29.0403 4928 AmdK7 - ok 00:28:29.0418 4928 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 00:28:29.0418 4928 AmdK8 - ok 00:28:29.0527 4928 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 00:28:29.0527 4928 AntiVirSchedulerService - ok 00:28:29.0590 4928 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 00:28:29.0590 4928 AntiVirService - ok 00:28:29.0652 4928 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 00:28:29.0652 4928 AntiVirWebService - ok 00:28:29.0715 4928 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 00:28:29.0715 4928 Appinfo - ok 00:28:29.0746 4928 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 00:28:29.0746 4928 arc - ok 00:28:29.0793 4928 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 00:28:29.0793 4928 arcsas - ok 00:28:29.0839 4928 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:28:29.0839 4928 AsyncMac - ok 00:28:29.0871 4928 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 00:28:29.0871 4928 atapi - ok 00:28:29.0917 4928 [ 6046A55F79DE9C581B8D5E9C1366CC81 ] athr C:\Windows\system32\DRIVERS\athr.sys 00:28:29.0933 4928 athr - ok 00:28:29.0995 4928 [ 581B9BE9E92A0F3856CC85EC011EDC6F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 00:28:29.0995 4928 Ati External Event Utility - ok 00:28:30.0136 4928 [ 22D300F835600C9C634860CF2912F9CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 00:28:30.0151 4928 atikmdag - ok 00:28:30.0214 4928 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:28:30.0229 4928 AudioEndpointBuilder - ok 00:28:30.0229 4928 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 00:28:30.0229 4928 Audiosrv - ok 00:28:30.0323 4928 [ 5B0DD6940188900A4F2681092EFEA6D2 ] AVEO C:\Windows\system32\DRIVERS\AVEOdcnt.sys 00:28:30.0323 4928 AVEO - ok 00:28:30.0370 4928 [ 59AB11F9B541C6279E0D45DFB77D7B17 ] AVerAF15 C:\Windows\system32\Drivers\AVerAF15.sys 00:28:30.0370 4928 AVerAF15 - ok 00:28:30.0432 4928 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 00:28:30.0432 4928 avgntflt - ok 00:28:30.0479 4928 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 00:28:30.0479 4928 avipbb - ok 00:28:30.0510 4928 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 00:28:30.0510 4928 avkmgr - ok 00:28:30.0557 4928 [ 0A5E8178EFF1D8F109A95235AEB7D76F ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys 00:28:30.0557 4928 azvusb - ok 00:28:30.0588 4928 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 00:28:30.0588 4928 b57nd60x - ok 00:28:30.0697 4928 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 00:28:30.0697 4928 BcmSqlStartupSvc - ok 00:28:30.0744 4928 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 00:28:30.0744 4928 Beep - ok 00:28:30.0807 4928 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 00:28:30.0807 4928 BFE - ok 00:28:30.0900 4928 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 00:28:30.0931 4928 BITS - ok 00:28:30.0931 4928 blbdrive - ok 00:28:30.0978 4928 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:28:30.0978 4928 bowser - ok 00:28:31.0009 4928 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 00:28:31.0009 4928 BrFiltLo - ok 00:28:31.0025 4928 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 00:28:31.0025 4928 BrFiltUp - ok 00:28:31.0072 4928 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 00:28:31.0072 4928 Browser - ok 00:28:31.0103 4928 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 00:28:31.0103 4928 Brserid - ok 00:28:31.0119 4928 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 00:28:31.0119 4928 BrSerWdm - ok 00:28:31.0134 4928 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 00:28:31.0134 4928 BrUsbMdm - ok 00:28:31.0134 4928 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 00:28:31.0134 4928 BrUsbSer - ok 00:28:31.0197 4928 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 00:28:31.0197 4928 BthEnum - ok 00:28:31.0228 4928 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:28:31.0243 4928 BTHMODEM - ok 00:28:31.0290 4928 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 00:28:31.0290 4928 BthPan - ok 00:28:31.0368 4928 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 00:28:31.0368 4928 BTHPORT - ok 00:28:31.0415 4928 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 00:28:31.0415 4928 BthServ - ok 00:28:31.0462 4928 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 00:28:31.0462 4928 BTHUSB - ok 00:28:31.0493 4928 [ C879F83C1F1FC1F8C7D568CB56CFC3AB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 00:28:31.0493 4928 btwaudio - ok 00:28:31.0509 4928 [ 032D5459BB8AF9266CE95B18F9CD59B2 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 00:28:31.0509 4928 btwavdt - ok 00:28:31.0555 4928 [ 0F3408C5934752DB8316DF09FCCD7B33 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 00:28:31.0555 4928 btwrchid - ok 00:28:31.0587 4928 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:28:31.0587 4928 cdfs - ok 00:28:31.0633 4928 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 00:28:31.0633 4928 cdrom - ok 00:28:31.0696 4928 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 00:28:31.0696 4928 CertPropSvc - ok 00:28:31.0711 4928 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 00:28:31.0711 4928 circlass - ok 00:28:31.0758 4928 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 00:28:31.0758 4928 CLFS - ok 00:28:31.0821 4928 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:28:31.0821 4928 clr_optimization_v2.0.50727_32 - ok 00:28:31.0930 4928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:28:31.0930 4928 clr_optimization_v4.0.30319_32 - ok 00:28:31.0992 4928 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:28:31.0992 4928 CmBatt - ok 00:28:32.0008 4928 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:28:32.0008 4928 cmdide - ok 00:28:32.0039 4928 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:28:32.0039 4928 Compbatt - ok 00:28:32.0055 4928 COMSysApp - ok 00:28:32.0055 4928 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 00:28:32.0055 4928 crcdisk - ok 00:28:32.0133 4928 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 00:28:32.0133 4928 Creative ALchemy AL6 Licensing Service - ok 00:28:32.0179 4928 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 00:28:32.0179 4928 Creative Audio Engine Licensing Service - ok 00:28:32.0195 4928 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 00:28:32.0195 4928 Crusoe - ok 00:28:32.0257 4928 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:28:32.0257 4928 CryptSvc - ok 00:28:32.0320 4928 [ FF686C4620B646773C8181F1C7C5101C ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe 00:28:32.0320 4928 CTAudSvcService - ok 00:28:32.0367 4928 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 00:28:32.0367 4928 CVirtA - ok 00:28:32.0429 4928 [ F432260E59AAE3284ED7E795264C16D0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 00:28:32.0491 4928 CVPND - ok 00:28:32.0523 4928 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 00:28:32.0523 4928 CVPNDRVA - ok 00:28:32.0601 4928 [ 3E26199DB3208FA1CF16CB89929537A9 ] CZCanSrv C:\Program Files\Common Files\Carl Zeiss\CZCanSrv.exe 00:28:32.0601 4928 CZCanSrv - ok 00:28:32.0679 4928 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:28:32.0725 4928 DcomLaunch - ok 00:28:32.0741 4928 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:28:32.0741 4928 DfsC - ok 00:28:32.0866 4928 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 00:28:32.0944 4928 DFSR - ok 00:28:33.0006 4928 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 00:28:33.0006 4928 Dhcp - ok 00:28:33.0069 4928 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 00:28:33.0069 4928 disk - ok 00:28:33.0100 4928 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys 00:28:33.0100 4928 DKbFltr - ok 00:28:33.0131 4928 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 00:28:33.0131 4928 DNE - ok 00:28:33.0178 4928 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:28:33.0178 4928 Dnscache - ok 00:28:33.0225 4928 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:28:33.0225 4928 dot3svc - ok 00:28:33.0287 4928 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 00:28:33.0287 4928 DPS - ok 00:28:33.0334 4928 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:28:33.0334 4928 drmkaud - ok 00:28:33.0396 4928 [ 4DA616313CC5924550D52FA1815D6F95 ] dvdfab C:\Windows\system32\drivers\dvdfab.sys 00:28:33.0396 4928 dvdfab - ok 00:28:33.0459 4928 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:28:33.0459 4928 DXGKrnl - ok 00:28:33.0490 4928 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 00:28:33.0490 4928 E1G60 - ok 00:28:33.0537 4928 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 00:28:33.0537 4928 EapHost - ok 00:28:33.0599 4928 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 00:28:33.0599 4928 Ecache - ok 00:28:33.0693 4928 [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 00:28:33.0708 4928 eDataSecurity Service - ok 00:28:33.0771 4928 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:28:33.0771 4928 ehRecvr - ok 00:28:33.0817 4928 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 00:28:33.0817 4928 ehSched - ok 00:28:33.0833 4928 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 00:28:33.0833 4928 ehstart - ok 00:28:33.0895 4928 [ A7B5F3B9363F9AB1D4FE459BAF3B15D6 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 00:28:33.0895 4928 eLockService - ok 00:28:33.0942 4928 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 00:28:33.0942 4928 elxstor - ok 00:28:34.0005 4928 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 00:28:34.0036 4928 EMDMgmt - ok 00:28:34.0083 4928 [ 207E2DDA01AAC6AD64F0368CA59FC179 ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe 00:28:34.0083 4928 eNet Service - ok 00:28:34.0145 4928 [ A7B084BFBBD582A843D2F5C35220F962 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 00:28:34.0145 4928 eRecoveryService - ok 00:28:34.0207 4928 [ 06484E97D22F06DE8DE0F8E2BEC6FA9E ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 00:28:34.0207 4928 eSettingsService - ok 00:28:34.0239 4928 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 00:28:34.0254 4928 EventSystem - ok 00:28:34.0332 4928 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 00:28:34.0332 4928 exfat - ok 00:28:34.0348 4928 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:28:34.0348 4928 fastfat - ok 00:28:34.0379 4928 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:28:34.0379 4928 fdc - ok 00:28:34.0426 4928 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 00:28:34.0426 4928 fdPHost - ok 00:28:34.0457 4928 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 00:28:34.0457 4928 FDResPub - ok 00:28:34.0488 4928 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:28:34.0488 4928 FileInfo - ok 00:28:34.0535 4928 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:28:34.0535 4928 Filetrace - ok 00:28:34.0722 4928 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe 00:28:34.0785 4928 FirebirdServerMAGIXInstance - ok 00:28:34.0816 4928 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:28:34.0816 4928 flpydisk - ok 00:28:34.0863 4928 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:28:34.0863 4928 FltMgr - ok 00:28:34.0941 4928 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe 00:28:34.0941 4928 FolderSize - ok 00:28:35.0019 4928 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 00:28:35.0065 4928 FontCache - ok 00:28:35.0143 4928 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 00:28:35.0143 4928 FontCache3.0.0.0 - ok 00:28:35.0175 4928 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:28:35.0175 4928 Fs_Rec - ok 00:28:35.0206 4928 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 00:28:35.0206 4928 gagp30kx - ok 00:28:35.0253 4928 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 00:28:35.0253 4928 ggflt - ok 00:28:35.0284 4928 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 00:28:35.0284 4928 ggsemc - ok 00:28:35.0331 4928 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 00:28:35.0362 4928 gpsvc - ok 00:28:35.0424 4928 [ 7676DEC43BB23B2A88BBB6E6963F1D46 ] GrabsterSeries.X86 C:\Windows\system32\DRIVERS\GrabsterSeries.X86.SYS 00:28:35.0424 4928 GrabsterSeries.X86 - ok 00:28:35.0518 4928 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9876aa347e0fb C:\Program Files\Google\Update\GoogleUpdate.exe 00:28:35.0518 4928 gupdate1c9876aa347e0fb - ok 00:28:35.0533 4928 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 00:28:35.0533 4928 gupdatem - ok 00:28:35.0596 4928 [ A9D587E31DBEE3E9BD97FEFECE0BA874 ] hardlock C:\Windows\system32\drivers\hardlock.sys 00:28:35.0596 4928 hardlock - ok 00:28:35.0611 4928 hasplms - ok 00:28:35.0658 4928 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:28:35.0658 4928 HdAudAddService - ok 00:28:35.0721 4928 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 00:28:35.0721 4928 HDAudBus - ok 00:28:35.0752 4928 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 00:28:35.0752 4928 HidBth - ok 00:28:35.0767 4928 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 00:28:35.0767 4928 HidIr - ok 00:28:35.0799 4928 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 00:28:35.0799 4928 hidserv - ok 00:28:35.0830 4928 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:28:35.0830 4928 HidUsb - ok 00:28:35.0877 4928 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:28:35.0877 4928 hkmsvc - ok 00:28:35.0892 4928 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 00:28:35.0892 4928 HpCISSs - ok 00:28:35.0939 4928 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 00:28:35.0939 4928 HSFHWAZL - ok 00:28:36.0001 4928 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 00:28:36.0001 4928 HSF_DPV - ok 00:28:36.0033 4928 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 00:28:36.0033 4928 HSXHWAZL - ok 00:28:36.0095 4928 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:28:36.0095 4928 HTTP - ok 00:28:36.0142 4928 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 00:28:36.0142 4928 i2omp - ok 00:28:36.0220 4928 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 00:28:36.0220 4928 i8042prt - ok 00:28:36.0298 4928 [ 204A73A56751C68C6031E9D5D611EC98 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 00:28:36.0298 4928 IAANTMON - ok 00:28:36.0360 4928 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys 00:28:36.0376 4928 ialm - ok 00:28:36.0407 4928 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:28:36.0407 4928 iaStor - ok 00:28:36.0423 4928 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 00:28:36.0438 4928 iaStorV - ok 00:28:36.0516 4928 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 00:28:36.0532 4928 IDriverT - ok 00:28:36.0594 4928 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:28:36.0641 4928 idsvc - ok 00:28:36.0672 4928 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 00:28:36.0672 4928 iirsp - ok 00:28:36.0719 4928 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 00:28:36.0735 4928 IKEEXT - ok 00:28:36.0797 4928 [ 544F76E71F026099A563C202E2E4A341 ] InCDfs C:\Windows\system32\drivers\InCDFs.sys 00:28:36.0797 4928 InCDfs - ok 00:28:36.0813 4928 [ 13708047B3988AC50E81E524AC32EDBE ] InCDPass C:\Windows\system32\drivers\InCDPass.sys 00:28:36.0813 4928 InCDPass - ok 00:28:36.0828 4928 [ 182EDEE6CFAEAF5174AE6E6D714CF778 ] InCDrec C:\Windows\system32\drivers\InCDrec.sys 00:28:36.0828 4928 InCDrec - ok 00:28:36.0844 4928 [ 367F3D160E7129F057838A341A5339B2 ] incdrm C:\Windows\system32\drivers\InCDRm.sys 00:28:36.0844 4928 incdrm - ok 00:28:36.0922 4928 [ 9911DF610834B7F06374FB59F3C250A9 ] InCDsrv C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe 00:28:36.0969 4928 InCDsrv - ok 00:28:36.0984 4928 [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15 C:\Windows\system32\drivers\int15.sys 00:28:37.0000 4928 int15 - ok 00:28:37.0093 4928 [ 9438FE15DA89C6AACE8A79DB2C6F60C1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 00:28:37.0109 4928 IntcAzAudAddService - ok 00:28:37.0156 4928 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 00:28:37.0156 4928 intelide - ok 00:28:37.0187 4928 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:28:37.0187 4928 intelppm - ok 00:28:37.0234 4928 InterBaseGuardian - ok 00:28:37.0234 4928 InterBaseServer - ok 00:28:37.0281 4928 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:28:37.0281 4928 IPBusEnum - ok 00:28:37.0312 4928 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:28:37.0312 4928 IpFilterDriver - ok 00:28:37.0374 4928 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:28:37.0374 4928 iphlpsvc - ok 00:28:37.0374 4928 IpInIp - ok 00:28:37.0421 4928 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 00:28:37.0421 4928 IPMIDRV - ok 00:28:37.0468 4928 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 00:28:37.0468 4928 IPNAT - ok 00:28:37.0515 4928 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys 00:28:37.0515 4928 irda - ok 00:28:37.0546 4928 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:28:37.0546 4928 IRENUM - ok 00:28:37.0561 4928 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll 00:28:37.0577 4928 Irmon - ok 00:28:37.0593 4928 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:28:37.0593 4928 isapnp - ok 00:28:37.0639 4928 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 00:28:37.0639 4928 iScsiPrt - ok 00:28:37.0655 4928 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 00:28:37.0655 4928 iteatapi - ok 00:28:37.0671 4928 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 00:28:37.0671 4928 iteraid - ok 00:28:37.0702 4928 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 00:28:37.0702 4928 kbdclass - ok 00:28:37.0717 4928 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 00:28:37.0717 4928 kbdhid - ok 00:28:37.0733 4928 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 00:28:37.0733 4928 KeyIso - ok 00:28:37.0795 4928 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:28:37.0795 4928 KSecDD - ok 00:28:37.0858 4928 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 00:28:37.0873 4928 KtmRm - ok 00:28:37.0905 4928 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 00:28:37.0920 4928 LanmanServer - ok 00:28:37.0951 4928 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:28:37.0951 4928 LanmanWorkstation - ok 00:28:38.0045 4928 [ 5032826225E3294CF5583441DDB06D8B ] Leica Microsystems Data Container V1 D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe 00:28:38.0045 4928 Leica Microsystems Data Container V1 - ok 00:28:38.0092 4928 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 00:28:38.0092 4928 LHidFilt - ok 00:28:38.0170 4928 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 00:28:38.0170 4928 LightScribeService - ok 00:28:38.0217 4928 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:28:38.0217 4928 lltdio - ok 00:28:38.0248 4928 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:28:38.0248 4928 lltdsvc - ok 00:28:38.0279 4928 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:28:38.0295 4928 lmhosts - ok 00:28:38.0295 4928 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 00:28:38.0295 4928 LMouFilt - ok 00:28:38.0326 4928 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 00:28:38.0341 4928 LSI_FC - ok 00:28:38.0341 4928 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 00:28:38.0341 4928 LSI_SAS - ok 00:28:38.0373 4928 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 00:28:38.0373 4928 LSI_SCSI - ok 00:28:38.0419 4928 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 00:28:38.0419 4928 luafv - ok 00:28:38.0451 4928 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 00:28:38.0451 4928 LUsbFilt - ok 00:28:38.0497 4928 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:28:38.0497 4928 Mcx2Svc - ok 00:28:38.0529 4928 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 00:28:38.0529 4928 mdmxsdk - ok 00:28:38.0560 4928 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 00:28:38.0560 4928 megasas - ok 00:28:38.0591 4928 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 00:28:38.0591 4928 MMCSS - ok 00:28:38.0607 4928 MobilityService - ok 00:28:38.0669 4928 [ C4FEE5E6C41B3C5A7257B33AD624BB10 ] mod7700 C:\Windows\system32\Drivers\mod7700.sys 00:28:38.0669 4928 mod7700 - ok 00:28:38.0731 4928 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 00:28:38.0731 4928 Modem - ok 00:28:38.0747 4928 [ 370E88453EC0D7BEA6EB24BE8D865DBE ] MODRC C:\Windows\system32\DRIVERS\modrc.sys 00:28:38.0747 4928 MODRC - ok 00:28:38.0794 4928 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:28:38.0794 4928 monitor - ok 00:28:38.0841 4928 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 00:28:38.0841 4928 mouclass - ok 00:28:38.0856 4928 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:28:38.0856 4928 mouhid - ok 00:28:38.0887 4928 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 00:28:38.0887 4928 MountMgr - ok 00:28:38.0950 4928 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 00:28:38.0965 4928 MozillaMaintenance - ok 00:28:38.0997 4928 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 00:28:39.0012 4928 mpio - ok 00:28:39.0043 4928 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:28:39.0043 4928 mpsdrv - ok 00:28:39.0090 4928 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 00:28:39.0106 4928 MpsSvc - ok 00:28:39.0153 4928 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 00:28:39.0153 4928 Mraid35x - ok 00:28:39.0215 4928 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:28:39.0215 4928 MRxDAV - ok 00:28:39.0246 4928 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:28:39.0246 4928 mrxsmb - ok 00:28:39.0293 4928 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:28:39.0293 4928 mrxsmb10 - ok 00:28:39.0309 4928 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:28:39.0309 4928 mrxsmb20 - ok 00:28:39.0324 4928 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys 00:28:39.0324 4928 msahci - ok 00:28:39.0355 4928 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:28:39.0355 4928 msdsm - ok 00:28:39.0387 4928 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 00:28:39.0387 4928 MSDTC - ok 00:28:39.0418 4928 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:28:39.0418 4928 Msfs - ok 00:28:39.0449 4928 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:28:39.0449 4928 msisadrv - ok 00:28:39.0480 4928 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:28:39.0480 4928 MSiSCSI - ok 00:28:39.0496 4928 msiserver - ok 00:28:39.0543 4928 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:28:39.0543 4928 MSKSSRV - ok 00:28:39.0543 4928 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:28:39.0543 4928 MSPCLOCK - ok 00:28:39.0558 4928 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:28:39.0558 4928 MSPQM - ok 00:28:39.0589 4928 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:28:39.0589 4928 MsRPC - ok 00:28:39.0621 4928 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 00:28:39.0621 4928 mssmbios - ok 00:28:39.0683 4928 MSSQL$MSSMLBIZ - ok 00:28:39.0745 4928 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 00:28:39.0761 4928 MSSQLServerADHelper - ok 00:28:39.0792 4928 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:28:39.0792 4928 MSTEE - ok 00:28:39.0870 4928 [ 55478E7136C752F3D6F7DE187383ADE7 ] MTBService_1.8.1.7 C:\Program Files\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe 00:28:39.0870 4928 MTBService_1.8.1.7 - ok 00:28:39.0886 4928 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 00:28:39.0886 4928 Mup - ok 00:28:39.0933 4928 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 00:28:39.0933 4928 napagent - ok 00:28:39.0979 4928 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:28:39.0979 4928 NativeWifiP - ok 00:28:40.0042 4928 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 00:28:40.0089 4928 NBService - ok 00:28:40.0151 4928 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:28:40.0167 4928 NDIS - ok 00:28:40.0213 4928 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:28:40.0213 4928 NdisTapi - ok 00:28:40.0245 4928 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:28:40.0245 4928 Ndisuio - ok 00:28:40.0291 4928 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:28:40.0291 4928 NdisWan - ok 00:28:40.0354 4928 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:28:40.0354 4928 NDProxy - ok 00:28:40.0354 4928 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:28:40.0354 4928 NetBIOS - ok 00:28:40.0401 4928 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 00:28:40.0401 4928 netbt - ok 00:28:40.0432 4928 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 00:28:40.0432 4928 Netlogon - ok 00:28:40.0479 4928 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 00:28:40.0494 4928 Netman - ok 00:28:40.0541 4928 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 00:28:40.0557 4928 netprofm - ok 00:28:40.0603 4928 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:28:40.0603 4928 NetTcpPortSharing - ok 00:28:40.0681 4928 [ A15F219208843A5A210C8CB391384453 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 00:28:40.0697 4928 NETw3v32 - ok 00:28:40.0791 4928 [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys 00:28:40.0806 4928 NETw4v32 - ok 00:28:40.0822 4928 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 00:28:40.0822 4928 nfrd960 - ok 00:28:40.0869 4928 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:28:40.0869 4928 NlaSvc - ok 00:28:40.0915 4928 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 00:28:40.0915 4928 NMIndexingService - ok 00:28:40.0962 4928 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:28:40.0962 4928 Npfs - ok 00:28:40.0993 4928 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys 00:28:40.0993 4928 NSCIRDA - ok 00:28:41.0040 4928 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 00:28:41.0040 4928 nsi - ok 00:28:41.0071 4928 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:28:41.0071 4928 nsiproxy - ok 00:28:41.0149 4928 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:28:41.0149 4928 Ntfs - ok 00:28:41.0181 4928 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 00:28:41.0181 4928 NTIDrvr - ok 00:28:41.0181 4928 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 00:28:41.0181 4928 ntrigdigi - ok 00:28:41.0212 4928 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 00:28:41.0212 4928 Null - ok 00:28:41.0227 4928 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:28:41.0227 4928 nvraid - ok 00:28:41.0243 4928 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:28:41.0243 4928 nvstor - ok 00:28:41.0259 4928 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:28:41.0259 4928 nv_agp - ok 00:28:41.0259 4928 NwlnkFlt - ok 00:28:41.0274 4928 NwlnkFwd - ok 00:28:41.0368 4928 [ B36BAFB2C54953771680EA25B03419F0 ] O&O DriveLED C:\Program Files\OO Software\DriveLED\oodlag.exe 00:28:41.0383 4928 O&O DriveLED - ok 00:28:41.0430 4928 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 00:28:41.0430 4928 ohci1394 - ok 00:28:41.0446 4928 [ 911B1F6512D954EDF468D536790465CF ] OODrvled C:\Windows\system32\DRIVERS\OODrvled.sys 00:28:41.0446 4928 OODrvled - ok 00:28:41.0524 4928 [ C076C1B24728D2183622A15F66E86C2F ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe 00:28:41.0524 4928 OpenVPNService - ok 00:28:41.0555 4928 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:28:41.0555 4928 ose - ok 00:28:41.0617 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 00:28:41.0633 4928 p2pimsvc - ok 00:28:41.0649 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 00:28:41.0649 4928 p2psvc - ok 00:28:41.0680 4928 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 00:28:41.0680 4928 Parport - ok 00:28:41.0711 4928 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:28:41.0711 4928 partmgr - ok 00:28:41.0742 4928 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 00:28:41.0742 4928 Parvdm - ok 00:28:41.0789 4928 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 00:28:41.0789 4928 PcaSvc - ok 00:28:41.0836 4928 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 00:28:41.0836 4928 pci - ok 00:28:41.0851 4928 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys 00:28:41.0851 4928 pciide - ok 00:28:41.0867 4928 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:28:41.0867 4928 pcmcia - ok 00:28:41.0929 4928 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys 00:28:41.0929 4928 pcouffin - ok 00:28:41.0961 4928 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:28:41.0992 4928 PEAUTH - ok 00:28:42.0085 4928 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 00:28:42.0117 4928 pla - ok 00:28:42.0179 4928 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:28:42.0179 4928 PlugPlay - ok 00:28:42.0226 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 00:28:42.0226 4928 PNRPAutoReg - ok 00:28:42.0257 4928 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 00:28:42.0257 4928 PNRPsvc - ok 00:28:42.0288 4928 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:28:42.0288 4928 PolicyAgent - ok 00:28:42.0335 4928 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:28:42.0335 4928 PptpMiniport - ok 00:28:42.0351 4928 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 00:28:42.0351 4928 Processor - ok 00:28:42.0366 4928 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 00:28:42.0366 4928 ProfSvc - ok 00:28:42.0382 4928 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 00:28:42.0397 4928 ProtectedStorage - ok 00:28:42.0429 4928 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 00:28:42.0429 4928 PSched - ok 00:28:42.0460 4928 [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 00:28:42.0460 4928 PSDFilter - ok 00:28:42.0475 4928 [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys 00:28:42.0475 4928 PSDNServ - ok 00:28:42.0507 4928 [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys 00:28:42.0507 4928 psdvdisk - ok 00:28:42.0553 4928 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 00:28:42.0569 4928 PSI - ok 00:28:42.0631 4928 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 00:28:42.0631 4928 ql2300 - ok 00:28:42.0647 4928 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 00:28:42.0647 4928 ql40xx - ok 00:28:42.0694 4928 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 00:28:42.0694 4928 QWAVE - ok 00:28:42.0741 4928 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:28:42.0741 4928 QWAVEdrv - ok 00:28:42.0772 4928 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:28:42.0772 4928 RasAcd - ok 00:28:42.0819 4928 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 00:28:42.0819 4928 RasAuto - ok 00:28:42.0865 4928 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:28:42.0865 4928 Rasl2tp - ok 00:28:42.0912 4928 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 00:28:42.0912 4928 RasMan - ok 00:28:42.0943 4928 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:28:42.0943 4928 RasPppoe - ok 00:28:42.0975 4928 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:28:42.0975 4928 RasSstp - ok 00:28:43.0021 4928 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:28:43.0021 4928 rdbss - ok 00:28:43.0037 4928 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:28:43.0037 4928 RDPCDD - ok 00:28:43.0068 4928 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 00:28:43.0068 4928 rdpdr - ok 00:28:43.0084 4928 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:28:43.0084 4928 RDPENCDD - ok 00:28:43.0131 4928 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:28:43.0131 4928 RDPWD - ok 00:28:43.0177 4928 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:28:43.0177 4928 RemoteAccess - ok 00:28:43.0224 4928 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:28:43.0224 4928 RemoteRegistry - ok 00:28:43.0255 4928 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 00:28:43.0255 4928 RFCOMM - ok 00:28:43.0333 4928 [ 2DE0A33A7E58BEDC8D70B1940E0FFE28 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 00:28:43.0333 4928 RichVideo - ok 00:28:43.0365 4928 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 00:28:43.0365 4928 RpcLocator - ok 00:28:43.0427 4928 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 00:28:43.0427 4928 RpcSs - ok 00:28:43.0474 4928 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:28:43.0474 4928 rspndr - ok 00:28:43.0489 4928 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 00:28:43.0505 4928 RTL8169 - ok 00:28:43.0505 4928 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 00:28:43.0505 4928 SamSs - ok 00:28:43.0521 4928 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:28:43.0521 4928 sbp2port - ok 00:28:43.0614 4928 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 00:28:43.0661 4928 SBSDWSCService - ok 00:28:43.0723 4928 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:28:43.0723 4928 SCardSvr - ok 00:28:43.0786 4928 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 00:28:43.0786 4928 Schedule - ok 00:28:43.0833 4928 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 00:28:43.0833 4928 SCPolicySvc - ok 00:28:43.0864 4928 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 00:28:43.0879 4928 sdbus - ok 00:28:43.0911 4928 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:28:43.0911 4928 SDRSVC - ok 00:28:43.0942 4928 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:28:43.0942 4928 secdrv - ok 00:28:43.0989 4928 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 00:28:43.0989 4928 seclogon - ok 00:28:44.0082 4928 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe 00:28:44.0113 4928 Secunia PSI Agent - ok 00:28:44.0176 4928 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe 00:28:44.0191 4928 Secunia Update Agent - ok 00:28:44.0254 4928 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys 00:28:44.0254 4928 seehcri - ok 00:28:44.0285 4928 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 00:28:44.0301 4928 SENS - ok 00:28:44.0301 4928 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 00:28:44.0301 4928 Serenum - ok 00:28:44.0332 4928 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 00:28:44.0332 4928 Serial - ok 00:28:44.0347 4928 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 00:28:44.0347 4928 sermouse - ok 00:28:44.0394 4928 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 00:28:44.0394 4928 SessionEnv - ok 00:28:44.0425 4928 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 00:28:44.0425 4928 sffdisk - ok 00:28:44.0441 4928 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:28:44.0457 4928 sffp_mmc - ok 00:28:44.0503 4928 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 00:28:44.0503 4928 sffp_sd - ok 00:28:44.0519 4928 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 00:28:44.0519 4928 sfloppy - ok 00:28:44.0535 4928 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:28:44.0550 4928 SharedAccess - ok 00:28:44.0597 4928 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:28:44.0597 4928 ShellHWDetection - ok 00:28:44.0613 4928 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 00:28:44.0613 4928 sisagp - ok 00:28:44.0628 4928 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 00:28:44.0628 4928 SiSRaid2 - ok 00:28:44.0644 4928 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 00:28:44.0644 4928 SiSRaid4 - ok 00:28:44.0706 4928 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 00:28:44.0722 4928 SkypeUpdate - ok 00:28:44.0847 4928 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 00:28:44.0940 4928 slsvc - ok 00:28:45.0003 4928 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 00:28:45.0003 4928 SLUINotify - ok 00:28:45.0049 4928 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:28:45.0049 4928 Smb - ok 00:28:45.0081 4928 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:28:45.0081 4928 SNMPTRAP - ok 00:28:45.0159 4928 [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 00:28:45.0190 4928 SNP2UVC - ok 00:28:45.0330 4928 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe 00:28:45.0330 4928 Sony PC Companion - ok 00:28:45.0361 4928 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 00:28:45.0361 4928 spldr - ok 00:28:45.0393 4928 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 00:28:45.0408 4928 Spooler - ok 00:28:45.0439 4928 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 00:28:45.0439 4928 SQLBrowser - ok 00:28:45.0471 4928 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 00:28:45.0471 4928 SQLWriter - ok 00:28:45.0517 4928 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 00:28:45.0517 4928 srv - ok 00:28:45.0564 4928 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:28:45.0564 4928 srv2 - ok 00:28:45.0564 4928 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:28:45.0564 4928 srvnet - ok 00:28:45.0611 4928 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:28:45.0611 4928 SSDPSRV - ok 00:28:45.0658 4928 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 00:28:45.0658 4928 ssmdrv - ok 00:28:45.0720 4928 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:28:45.0720 4928 SstpSvc - ok 00:28:45.0783 4928 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 00:28:45.0783 4928 stisvc - ok 00:28:45.0829 4928 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 00:28:45.0829 4928 swenum - ok 00:28:45.0876 4928 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 00:28:45.0892 4928 swprv - ok 00:28:45.0923 4928 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 00:28:45.0923 4928 Symc8xx - ok 00:28:45.0939 4928 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 00:28:45.0939 4928 Sym_hi - ok 00:28:45.0954 4928 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 00:28:45.0954 4928 Sym_u3 - ok 00:28:45.0985 4928 [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 00:28:45.0985 4928 SynTP - ok 00:28:46.0048 4928 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 00:28:46.0048 4928 SysMain - ok 00:28:46.0079 4928 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:28:46.0095 4928 TabletInputService - ok 00:28:46.0126 4928 [ 0C82061920A2DE35D33C2C2BB83B1E98 ] tap0801 C:\Windows\system32\DRIVERS\tap0801.sys 00:28:46.0126 4928 tap0801 - ok 00:28:46.0173 4928 [ 1E89DE7A4FB7A854EBB241D0AA8996DD ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 00:28:46.0173 4928 tap0901 - ok 00:28:46.0219 4928 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:28:46.0219 4928 TapiSrv - ok 00:28:46.0251 4928 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 00:28:46.0266 4928 TBS - ok 00:28:46.0313 4928 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:28:46.0329 4928 Tcpip - ok 00:28:46.0360 4928 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 00:28:46.0375 4928 Tcpip6 - ok 00:28:46.0407 4928 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:28:46.0407 4928 tcpipreg - ok 00:28:46.0453 4928 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:28:46.0453 4928 TDPIPE - ok 00:28:46.0485 4928 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:28:46.0485 4928 TDTCP - ok 00:28:46.0516 4928 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:28:46.0516 4928 tdx - ok 00:28:46.0563 4928 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 00:28:46.0563 4928 TermDD - ok 00:28:46.0609 4928 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 00:28:46.0625 4928 TermService - ok 00:28:46.0656 4928 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 00:28:46.0656 4928 Themes - ok 00:28:46.0672 4928 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 00:28:46.0687 4928 THREADORDER - ok 00:28:46.0719 4928 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\Windows\system32\drivers\tifm21.sys 00:28:46.0719 4928 tifm21 - ok 00:28:46.0765 4928 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 00:28:46.0765 4928 TrkWks - ok 00:28:46.0812 4928 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:28:46.0828 4928 TrustedInstaller - ok 00:28:46.0859 4928 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:28:46.0875 4928 tssecsrv - ok 00:28:46.0937 4928 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 00:28:46.0937 4928 tunmp - ok 00:28:46.0984 4928 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:28:46.0984 4928 tunnel - ok 00:28:47.0046 4928 [ 5E9619DA2C4B0A1B6DEB3568F3996CC0 ] twtyfilt C:\Windows\system32\drivers\twtyfilt.sys 00:28:47.0046 4928 twtyfilt - ok 00:28:47.0077 4928 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 00:28:47.0077 4928 uagp35 - ok 00:28:47.0109 4928 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:28:47.0124 4928 udfs - ok 00:28:47.0155 4928 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:28:47.0155 4928 UI0Detect - ok 00:28:47.0187 4928 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:28:47.0187 4928 uliagpkx - ok 00:28:47.0218 4928 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 00:28:47.0218 4928 uliahci - ok 00:28:47.0233 4928 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 00:28:47.0233 4928 UlSata - ok 00:28:47.0249 4928 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 00:28:47.0249 4928 ulsata2 - ok 00:28:47.0296 4928 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 00:28:47.0296 4928 umbus - ok 00:28:47.0343 4928 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 00:28:47.0343 4928 upnphost - ok 00:28:47.0358 4928 urvpndrv - ok 00:28:47.0405 4928 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:28:47.0405 4928 usbaudio - ok 00:28:47.0467 4928 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:28:47.0467 4928 usbccgp - ok 00:28:47.0499 4928 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:28:47.0499 4928 usbcir - ok 00:28:47.0545 4928 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 00:28:47.0545 4928 usbehci - ok 00:28:47.0561 4928 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:28:47.0561 4928 usbhub - ok 00:28:47.0577 4928 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:28:47.0577 4928 usbohci - ok 00:28:47.0670 4928 [ 010506E59F95B02E091D158A523F8B4C ] USBPNPA C:\Windows\system32\drivers\CM108.sys 00:28:47.0686 4928 USBPNPA - ok 00:28:47.0733 4928 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:28:47.0733 4928 usbprint - ok 00:28:47.0764 4928 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 00:28:47.0764 4928 usbscan - ok 00:28:47.0811 4928 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:28:47.0811 4928 USBSTOR - ok 00:28:47.0842 4928 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 00:28:47.0842 4928 usbuhci - ok 00:28:47.0889 4928 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 00:28:47.0889 4928 usbvideo - ok 00:28:47.0951 4928 [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys 00:28:47.0951 4928 USB_RNDIS - ok 00:28:47.0982 4928 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 00:28:47.0982 4928 UxSms - ok 00:28:48.0029 4928 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 00:28:48.0029 4928 vds - ok 00:28:48.0060 4928 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:28:48.0060 4928 vga - ok 00:28:48.0091 4928 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 00:28:48.0091 4928 VgaSave - ok 00:28:48.0107 4928 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 00:28:48.0107 4928 viaagp - ok 00:28:48.0123 4928 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 00:28:48.0123 4928 ViaC7 - ok 00:28:48.0138 4928 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 00:28:48.0138 4928 viaide - ok 00:28:48.0185 4928 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:28:48.0185 4928 volmgr - ok 00:28:48.0232 4928 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:28:48.0232 4928 volmgrx - ok 00:28:48.0279 4928 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:28:48.0279 4928 volsnap - ok 00:28:48.0310 4928 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 00:28:48.0310 4928 vsmraid - ok 00:28:48.0357 4928 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 00:28:48.0372 4928 VSS - ok 00:28:48.0419 4928 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 00:28:48.0435 4928 W32Time - ok 00:28:48.0450 4928 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 00:28:48.0450 4928 WacomPen - ok 00:28:48.0497 4928 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 00:28:48.0497 4928 Wanarp - ok 00:28:48.0497 4928 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:28:48.0497 4928 Wanarpv6 - ok 00:28:48.0559 4928 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:28:48.0559 4928 wcncsvc - ok 00:28:48.0591 4928 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:28:48.0591 4928 WcsPlugInService - ok 00:28:48.0606 4928 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 00:28:48.0606 4928 Wd - ok 00:28:48.0669 4928 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:28:48.0669 4928 Wdf01000 - ok 00:28:48.0700 4928 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:28:48.0715 4928 WdiServiceHost - ok 00:28:48.0715 4928 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:28:48.0715 4928 WdiSystemHost - ok 00:28:48.0762 4928 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 00:28:48.0778 4928 WebClient - ok 00:28:48.0809 4928 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:28:48.0809 4928 Wecsvc - ok 00:28:48.0856 4928 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:28:48.0856 4928 wercplsupport - ok 00:28:48.0903 4928 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 00:28:48.0903 4928 WerSvc - ok 00:28:48.0965 4928 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 00:28:48.0981 4928 winachsf - ok 00:28:49.0043 4928 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 00:28:49.0059 4928 WinDefend - ok 00:28:49.0059 4928 WinHttpAutoProxySvc - ok 00:28:49.0137 4928 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:28:49.0137 4928 Winmgmt - ok 00:28:49.0215 4928 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 00:28:49.0261 4928 WinRM - ok 00:28:49.0293 4928 WisINT15 - ok 00:28:49.0355 4928 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 00:28:49.0386 4928 Wlansvc - ok 00:28:49.0417 4928 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 00:28:49.0417 4928 WmiAcpi - ok 00:28:49.0449 4928 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:28:49.0449 4928 wmiApSrv - ok 00:28:49.0542 4928 [ E8781CF1A4262881897444D22921A3A6 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 00:28:49.0542 4928 WMIService - ok 00:28:49.0636 4928 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 00:28:49.0667 4928 WMPNetworkSvc - ok 00:28:49.0714 4928 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:28:49.0714 4928 WPCSvc - ok 00:28:49.0761 4928 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:28:49.0761 4928 WPDBusEnum - ok 00:28:49.0807 4928 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 00:28:49.0807 4928 WpdUsb - ok 00:28:49.0948 4928 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 00:28:49.0995 4928 WPFFontCache_v0400 - ok 00:28:50.0041 4928 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:28:50.0041 4928 ws2ifsl - ok 00:28:50.0073 4928 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 00:28:50.0073 4928 wscsvc - ok 00:28:50.0073 4928 WSearch - ok 00:28:50.0104 4928 [ 2584DF81CC9F7E7BD3545691106F8CAE ] WSVD C:\Windows\system32\drivers\WSVD.sys 00:28:50.0119 4928 WSVD - ok 00:28:50.0213 4928 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 00:28:50.0275 4928 wuauserv - ok 00:28:50.0322 4928 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:28:50.0322 4928 WUDFRd - ok 00:28:50.0369 4928 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:28:50.0369 4928 wudfsvc - ok 00:28:50.0385 4928 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 00:28:50.0385 4928 XAudio - ok 00:28:50.0431 4928 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 00:28:50.0431 4928 XAudioService - ok 00:28:50.0494 4928 [ 8098180B3F6C430A4E60333BC036F936 ] {95808DC4-FA4A-4c74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl 00:28:50.0509 4928 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok 00:28:50.0509 4928 ================ Scan global =============================== 00:28:50.0541 4928 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 00:28:50.0587 4928 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 00:28:50.0603 4928 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 00:28:50.0665 4928 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 00:28:50.0681 4928 [Global] - ok 00:28:50.0681 4928 ================ Scan MBR ================================== 00:28:50.0697 4928 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0 00:28:53.0115 4928 \Device\Harddisk0\DR0 - ok 00:28:53.0130 4928 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR10 00:28:53.0130 4928 \Device\Harddisk1\DR10 - ok 00:28:53.0130 4928 ================ Scan VBR ================================== 00:28:53.0193 4928 [ 3A469FFE687AEB959AF09E1180256F53 ] \Device\Harddisk0\DR0\Partition1 00:28:53.0193 4928 \Device\Harddisk0\DR0\Partition1 - ok 00:28:53.0208 4928 [ DA96A0720743CC20CE3BA2FC15E53FD5 ] \Device\Harddisk0\DR0\Partition2 00:28:53.0208 4928 \Device\Harddisk0\DR0\Partition2 - ok 00:28:53.0208 4928 [ 07AB1AAD9C73B7F3642A04E6F7CB6EB2 ] \Device\Harddisk1\DR10\Partition1 00:28:53.0208 4928 \Device\Harddisk1\DR10\Partition1 - ok 00:28:53.0208 4928 ============================================================ 00:28:53.0208 4928 Scan finished 00:28:53.0208 4928 ============================================================ 00:28:53.0224 5764 Detected object count: 0 00:28:53.0224 5764 Actual detected object count: 0 okay, geschafft. Nur aus reinem Interesse, was sieht man den in diesen einzelnen Log-files. Noch einen schönen Abend bzw. Gute Nacht |
29.11.2012, 09:32 | #7 | |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, Zitat:
Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
30.11.2012, 00:56 | #8 |
| Zugriff auf web.de-Postfach verweigert - Botnetz Hallo, so hier die Combofix-Dateien Combofix Logfile: Code:
ATTFilter ComboFix 12-11-29.02 - .......... 30.11.2012 0:39.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1128 [GMT 1:00] ausgeführt von:: c:\users\..........\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\dapeton.pad c:\programdata\gifnocsm.pad . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-29 )))))))))))))))))))))))))))))) . . 2012-11-29 22:51 . 2012-11-29 22:51 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76A9D8F6-5089-446C-8063-00FA5268A1C1}\offreg.dll 2012-11-28 23:07 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76A9D8F6-5089-446C-8063-00FA5268A1C1}\mpengine.dll 2012-11-27 17:28 . 2012-11-27 17:28 -------- d-----w- c:\program files\7-Zip 2012-11-23 12:40 . 2012-11-23 12:40 -------- d-----w- c:\program files\FolderSize 2012-11-23 12:40 . 2012-11-23 13:18 -------- d-----w- c:\program files\Everything 2012-11-17 13:32 . 2012-11-17 13:32 -------- d-----w- c:\users\..........\.imagej 2012-11-17 10:46 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-17 10:45 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-04 09:32 . 2012-11-20 06:17 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2012-11-04 09:32 . 2012-11-20 06:17 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe 2012-11-04 09:32 . 2012-11-20 06:17 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-18 16:17 . 2012-10-17 16:12 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-10-18 16:17 . 2012-10-17 16:12 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-10-09 17:05 . 2012-04-03 19:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 17:05 . 2011-05-16 20:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 18:54 . 2011-05-16 21:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 13:28 . 2012-10-10 17:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-20 06:17 . 2011-06-23 22:23 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime St.....dardeinträge werden nicht .....gezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] "avgnt"="c:\program files\Avira\.....tiVir Desktop\avgnt.exe" [2012-10-18 348664] "PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-10-25 162408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk backup=c:\windows\pss\VPN Client.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2012-06-20 11:18 1568976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] 2012-10-18 16:17 348664 ----a-w- c:\program files\Avira\.....tiVir Desktop\avgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamAppSTI.exe] 2009-01-04 14:26 28672 ----a-w- c:\program files\AVEO USB2.0 PC Camera\CamAppSTI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] 2007-04-25 15:33 457216 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2010-03-12 12:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IA.....otif] 2007-07-12 15:36 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage M.....ager\IA.....otif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel .....d Hardware Abstraction Layer] 2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L.....guageShortcut] 2007-02-07 15:21 54832 ----a-w- c:\program files\CyberLink\PowerDVD\L.....guage\L.....guage.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LM.....ager] 2007-06-15 05:45 850704 ----a-w- c:\progra~1\LAUNCH~1\LM.....ager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint] 2012-10-25 21:10 162408 ----a-w- c:\program files\PDF24\pdf24.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet] 2007-04-24 10:49 45056 ----a-w- c:\windows\PLFSet.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-08-05 16:01 77824 ----a-w- c:\program files\QuickTime\qttask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2007-05-29 00:29 4472832 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2006-11-10 11:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2006-10-23 19:00 815104 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolP.....el] 2008-05-05 07:30 221300 ------w- c:\program files\Creative\Sound Blaster Play\Volume P.....el\VolP.....lu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] 2006-11-05 20:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\Sym.....tec.....tiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\Sym.....tecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalService.....dNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 18:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "gepl.....te Tasks" Ordners . 2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 17:26] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20] . 2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 08:20] . 2012-11-29 c:\windows\Tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job - c:\windows\system32\msfeedssync.exe [2012-02-05 13:27] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://spiegel-online.de/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://de.intl.acer.yahoo.com uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo! Deutschland IE: Bild ..... &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite ..... &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files\Avira\.....tiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\..........\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\ FF - prefs.js: browser.startup.homepage - tagesschau.de FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-10-17 18:13; toolbar@ask.com; c:\users\..........\AppData\Roaming\Mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com FF - ExtSQL: !HIDDEN! 2009-09-01 17:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssist.....tExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) MSConfigStartUp-Cm108Sound - cm108.cpl MSConfigStartUp-RemoTerm - c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe MSConfigStartUp-Sony Ericsson PC Comp.....ion - c:\program files\Sony Ericsson\Sony Ericsson PC Comp.....ion\PCComp.....ion.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit sc..... 2012-11-30 00:48 Windows 6.0.6002 Service Pack 2 NTFS . Sc.....ne versteckte Prozesse... . Sc.....ne versteckte Autostarteinträge... . Sc.....ne versteckte Dateien... . Sc..... erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseGuardi.....] "ImagePath"="c:\program files\Firebird\bin\ibguard -s" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterBaseServer] "ImagePath"="c:\program files\Firebird\bin\ibserver -s" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-11-30 00:53:58 ComboFix-quar.....tined-files.txt 2012-11-29 23:53 . Vor Suchlauf: 16 Verzeichnis(se), 21.528.264.704 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 22.480.666.624 Bytes frei . - - End Of File - - 85223EA0FBE7E0B918486C6E5FE672B1 Vielleicht sollte ich noch erwähnen, dass, ich momentan häufiger einen Bluescreen bekomme, was aber vermutlich eher mit meinem angeschlossenen Monitor zu tun hat (Windows wurde aufgrundeines Anzeigenfehlers....) als mit einem Trojaner. Glaube ich... hoffe ich.. oder? Viele Grüße und bis bald |
30.11.2012, 09:55 | #9 |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, gibt es noch Probleme, die auf Malware hindeuten? Die Ursache eines BSOD kann sehr zahlreiche Ursachen haben. Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
30.11.2012, 23:01 | #10 |
| Zugriff auf web.de-Postfach verweigert - Botnetz Hi, na, er ist extrem langsam und der Bluescreen taucht mittlerweile regelmäßig auf. Ich befürchte fast, wenn das so weiter geht macht der Rechner es nicht mehr lange. Ansonsten fällt mir gerade nichts ein. hier die neue OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.11.2012 21:26:10 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\......\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,62% Memory free 4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,65 Gb Total Space | 20,92 Gb Free Space | 30,04% Space Free | Partition Type: NTFS Drive D: | 69,64 Gb Total Space | 2,21 Gb Free Space | 3,18% Space Free | Partition Type: NTFS Computer Name: MENKOU | User Name: ...... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe PRC - [2012.10.25 22:10:30 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.18 17:17:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.10.18 17:17:01 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.10.19 11:56:26 | 000,020,480 | ---- | M] (Carl Zeiss) -- C:\Programme\Carl Zeiss\MTB 2004 - 1.8.1.7\MTB Server Console\MTBService.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\DriveLED\oodlag.exe PRC - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibserver.exe PRC - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) -- C:\Programme\Firebird\bin\ibguard.exe ========== Modules (No Company Name) ========== MOD - [2007.07.28 08:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Carl Zeiss\MTB 2004 -- (MTBService_1.8.1.7) SRV - [2012.11.20 07:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.18 17:17:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.18 17:17:02 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.18 17:17:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.09 18:26:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2011.09.02 06:21:38 | 000,258,048 | ---- | M] (Carl Zeiss MicroImaging GmbH) [On_Demand | Stopped] -- C:\Programme\Common Files\Carl Zeiss\CZCanSrv.exe -- (CZCanSrv) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.10.01 14:30:30 | 000,285,696 | ---- | M] (Leica Microsystems) [On_Demand | Stopped] -- D:\Program Files\Leica Microsystems CMS GmbH\Leica LAS AF Lite\DC\LMSDataContainerServer.exe -- (Leica Microsystems Data Container V1) SRV - [2010.08.23 23:28:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.08.23 23:01:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Programme\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.04.06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED) SRV - [2009.04.21 11:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.04.30 09:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2007.07.12 16:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.02.12 12:18:50 | 000,924,160 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2002.03.08 16:30:50 | 001,748,992 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\ibserver.exe -- (InterBaseServer) SRV - [2002.03.07 12:18:50 | 000,032,768 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\bin\ibguard.exe -- (InterBaseGuardian) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Elements\1stboot\WisINT15.SYS -- (WisINT15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\covpnwlh.sys -- (urvpndrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\......\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.18 17:17:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.18 17:17:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.26 23:56:53 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.06.26 23:56:53 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.04.02 15:08:35 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.23 17:25:50 | 000,082,304 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.03.15 10:48:02 | 000,281,472 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO) DRV - [2009.12.14 11:34:42 | 001,499,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 16:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\System32\drivers\OODrvled.sys -- (OODrvled) DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb) DRV - [2009.07.09 13:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.01.16 11:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.26 13:43:06 | 000,819,072 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700) DRV - [2008.04.10 09:20:20 | 000,020,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\twtyfilt.sys -- (twtyfilt) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.11.28 00:21:56 | 000,310,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GrabsterSeries.X86.SYS -- (GrabsterSeries.X86) DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2007.10.19 13:22:04 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.08 17:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.07.28 08:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.07.17 04:28:52 | 000,269,056 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15) DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2007.03.02 18:19:34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.02.12 12:17:40 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.02.12 12:17:24 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.02.12 12:14:52 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.02.12 12:14:42 | 000,112,384 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.02.07 18:35:10 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2006.10.01 14:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {2E859481-AB5B-4609-A975-1A6B68544235} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2E859481-AB5B-4609-A975-1A6B68544235}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledAddons: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.14 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.4 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 48 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.charite.de/" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.29 20:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.26 21:57:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.20 20:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.20 20:55:36 | 000,000,000 | ---D | M] [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Extensions [2012.01.08 22:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.14 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions [2011.01.24 19:45:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.01.23 09:05:01 | 000,000,000 | ---D | M] (F5 Networks Cache Cleaner Plugin) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E} [2009.02.27 10:42:22 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011.08.08 12:05:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.01.23 09:09:37 | 000,000,000 | ---D | M] (F5 Networks Host Plugin) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2009.10.22 20:25:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.01.24 19:45:54 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.04.26 09:07:18 | 000,000,000 | ---D | M] ("Unofficial Myspace Toolbar") -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\myspacetoolbar@gmail.com [2011.09.14 12:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\ck3lusd9.default\extensions\staged [2012.11.15 21:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions [2010.07.24 22:21:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.03 08:13:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.10.17 17:13:29 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\......\AppData\Roaming\mozilla\Firefox\Profiles\sulic17f.Privat\extensions\toolbar@ask.com [2011.07.18 16:57:42 | 000,450,199 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\ck3lusd9.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012.11.15 21:46:43 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.26 20:07:32 | 000,013,610 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi [2012.07.25 22:45:57 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\......\AppData\Roaming\mozilla\firefox\profiles\sulic17f.Privat\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.26 21:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.20 07:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.11.20 07:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 07:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.15.4.24329_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\......\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2012.11.30 00:48:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56DD1A89-E996-44B2-9D4B-0CDB38641D96}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84D539C8-75D7-4273-AAD8-E35ADCB845C1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\......\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\......\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.30 00:54:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.30 00:54:00 | 000,000,000 | ---D | C] -- C:\Users\......\AppData\Local\temp [2012.11.30 00:35:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.30 00:35:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.30 00:35:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.30 00:35:26 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.30 00:35:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.30 00:33:27 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\......\Desktop\ComboFix.exe [2012.11.29 00:28:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\......\Desktop\tdsskiller.exe [2012.11.29 00:01:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\......\Desktop\aswMBR.exe [2012.11.28 23:55:28 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\TB_Files_121128 [2012.11.28 23:39:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe [2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.11.27 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.11.23 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\FolderSize [2012.11.23 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\......\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything [2012.11.23 13:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Everything [2012.11.17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\......\.imagej [2012.11.15 19:01:54 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\TB [2012.11.07 01:24:48 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\PhD_retreat_endgültige Versionen [2012.11.01 12:48:58 | 000,000,000 | ---D | C] -- C:\Users\......\Desktop\PhD-draft [2008.10.01 20:50:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\......\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\......\Desktop\*.tmp files -> C:\Users\......\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.30 21:29:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C7582DAA-D08C-4632-9C0D-91A5F09AFD02}.job [2012.11.30 21:19:52 | 000,690,158 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.30 21:19:52 | 000,646,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.30 21:19:52 | 000,151,750 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.30 21:19:52 | 000,123,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.30 21:14:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.30 21:12:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.30 21:12:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.30 21:12:31 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.11.30 01:32:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.30 01:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.30 00:48:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.30 00:37:20 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\......\Desktop\ComboFix.exe [2012.11.30 00:35:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.29 23:25:10 | 256,594,725 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.29 00:31:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\......\Desktop\tdsskiller.exe [2012.11.29 00:05:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\......\Desktop\aswMBR.exe [2012.11.29 00:02:20 | 000,050,477 | ---- | M] () -- C:\Users\......\Desktop\Defogger.exe [2012.11.26 23:19:13 | 000,222,720 | ---- | M] () -- C:\Users\......\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.26 21:57:31 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.22 18:45:18 | 000,420,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.15 19:18:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\......\Desktop\OTL.exe [2012.11.15 19:04:06 | 000,000,000 | ---- | M] () -- C:\Users\......\defogger_reenable [2012.11.08 21:28:45 | 000,007,484 | ---- | M] () -- C:\Users\......\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\......\Desktop\*.tmp files -> C:\Users\......\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.30 00:35:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.30 00:35:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.30 00:35:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.30 00:35:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.30 00:35:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.28 23:58:42 | 000,050,477 | ---- | C] () -- C:\Users\......\Desktop\Defogger.exe [2012.11.26 21:57:31 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.15 19:04:06 | 000,000,000 | ---- | C] () -- C:\Users\......\defogger_reenable [2012.08.27 15:24:34 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini [2011.12.21 21:14:20 | 000,000,906 | ---- | C] () -- C:\Users\......\.recently-used.xbel [2011.09.20 14:39:49 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix108.dll [2011.09.20 14:39:32 | 000,000,139 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2011.09.20 14:39:30 | 000,503,808 | R--- | C] () -- C:\Windows\System32\Cmeau108.exe [2011.09.20 14:38:14 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011.09.20 14:38:14 | 000,002,029 | R--- | C] () -- C:\Windows\Cm108.ini.cfg [2011.09.20 14:38:14 | 000,000,736 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2011.09.14 15:26:02 | 000,000,265 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini [2011.08.05 18:26:42 | 000,000,858 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.05 16:58:04 | 000,000,208 | ---- | C] () -- C:\Windows\Ulead32.ini [2011.02.06 17:05:07 | 000,004,096 | -H-- | C] () -- C:\Users\......\AppData\Local\keyfile3.drm [2011.01.10 18:35:03 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2010.07.03 10:20:10 | 000,000,680 | RHS- | C] () -- C:\Users\......\ntuser.pol [2009.11.30 22:15:07 | 000,000,101 | ---- | C] () -- C:\Users\......\PCPanel2.ini [2009.02.20 14:54:20 | 000,001,107 | ---- | C] () -- C:\Users\......\.perlprimer [2009.01.16 01:13:14 | 000,007,484 | ---- | C] () -- C:\Users\......\AppData\Local\d3d9caps.dat [2008.10.01 20:50:37 | 000,007,887 | ---- | C] () -- C:\Users\......\AppData\Roaming\pcouffin.cat [2008.10.01 20:50:37 | 000,001,144 | ---- | C] () -- C:\Users\......\AppData\Roaming\pcouffin.inf [2008.07.16 01:10:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.31 16:46:56 | 000,037,246 | ---- | C] () -- C:\Users\......\AppData\Roaming\wklnhst.dat [2008.01.22 18:35:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.16 00:49:06 | 000,222,720 | ---- | C] () -- C:\Users\......\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.23 22:11:08 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Amazon [2012.08.27 15:40:12 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Carl Zeiss [2012.11.28 23:43:40 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\EndNote [2010.12.05 14:50:47 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\eXPert PDF Editor [2011.05.19 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\FILEminimizerPictures [2008.07.28 04:21:45 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\FrostWire [2011.01.10 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\GraphPad Software [2011.12.21 21:59:13 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\gtk-2.0 [2008.03.02 01:00:06 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\ICQ [2011.05.19 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\IrfanView [2009.12.07 17:06:57 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\ISI ResearchSoft [2011.05.21 12:59:05 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Leica Microsystems [2009.08.10 22:47:54 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Opera [2012.05.16 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Sony [2008.05.11 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Thinstall [2012.01.08 22:06:31 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Thunderbird [2008.11.30 00:14:48 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Toolbars [2011.08.05 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Ulead Systems [2010.12.25 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\......\AppData\Roaming\Vso ========== Purity Check ========== < End of report > Hast du denn schon etwas Auffälliges entdecken können? Und besteht potentiell die Gefahr, dass ich durch, z.B. einen USB-Stick, andere Rechner infizieren kann. Viele Grüße und ein schönes Wochenende Wilms |
01.12.2012, 10:50 | #11 | |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, ComboFix hat zwei schädlcihe Dateien erkannt und gelöscht. Wie gesagt, der Bluescreen kann auch von einem fehlerhalten Treiber stammen (nur ein Beispiel). Zitat:
Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
02.12.2012, 01:27 | #12 |
| Zugriff auf web.de-Postfach verweigert - Botnetz Hi, hier die Logs von MBAM und ESET. SecurityCheck habe ich heute leider nicht mehr geschafft. Ich hole das morgen nach. Vg Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.01.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 .... :: MENKOU [Administrator] 01.12.2012 16:23:53 mbam-log-2012-12-01 (16-23-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234976 Laufzeit: 12 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internet# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e6c8b3870fd8064c99c994811f29b9bf # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-01 06:48:07 # local_time=2012-12-01 07:48:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 3886306 3886306 0 0 # compatibility_mode=5892 16776573 100 100 144700 191909399 0 0 # compatibility_mode=8192 67108863 100 0 3836 3836 0 0 # scanned=222992 # found=5 # cleaned=0 # scan_time=11016 D:\...\...\.....\... - 110529\IT\Programme\Outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\Programme\programm 2010\Foxit PDF\SoftonicDownloader_fuer_foxit-pdf-reader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\Programme\programm 2010\godfather\SoftonicDownloader_fuer_the-godfather.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\Programme\programm 2010\outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I D:\Programme\programm 2010\Recuva\SoftonicDownloader_fuer_recuva.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I Hallo, so hier die fehlende SecurityCheck Log. Ich musste das Programm 2x laufen lassen, da ich beim ersten Mal vergessen habe zu speichern. Ich hoffe, dass ist kein Problem. Viele Grüße Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Spybot - Search & Destroy Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware Version 1.65.1.1000 Java(TM) 6 Update 30 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Scion FG Java Package for ImageJ Java version out of Date! Adobe Flash Player 11.2.202.235 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (17.0) Mozilla Thunderbird (3.1.20) Thunderbird out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe Empowering Technology eSettings Service capuserv.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
02.12.2012, 13:16 | #13 |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, Lösche die folgenden Dateien per Hand: D:\...\...\.....\... - 110529\IT\Programme\Outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe D:\Programme\programm 2010\Foxit PDF\SoftonicDownloader_fuer_foxit-pdf-reader.exe D:\Programme\programm 2010\godfather\SoftonicDownloader_fuer_the-godfather.exe D:\Programme\programm 2010\outlook on the desktop\SoftonicDownloader_fuer_outlook-on-the-desktop.exe D:\Programme\programm 2010\Recuva\SoftonicDownloader_fuer_recuva.exe Du bist auch so ein Kandidat, der die Software fälschlicherweise bei Softonic herunterlädt. Softonic ist für Adware und unerwünschte Software bekannt, also schlage ich vor, dass du dir in Zukunft Software direkt beim Hersteller herunterladest. Finger weg von Softonic! Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 4
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 5 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 6 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 7 Downloade dir bitte delfix auf deinen Desktop.
Schritt 8 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
03.12.2012, 20:27 | #14 |
| Zugriff auf web.de-Postfach verweigert - Botnetz Hallo, erst Mal "Vielen Dank" Matthias, das ist echt super nett, wie ihr einem hier helft. Das hat schon was von Feuerwehr rettet alte Dame mit Katze vom brennendem Baum. Hätte garnicht gewusst, an wen ich mich sonst hätte wenden sollen. "Du bist auch so ein Kandidat, der die Software fälschlicherweise bei Softonic herunterlädt. Softonic ist für Adware und unerwünschte Software bekannt, also schlage ich vor, dass du dir in Zukunft Software direkt beim Hersteller herunterladest. Finger weg von Softonic!" jaaa... ich kann mir schon vorstellen, dass jemand, der sich mit Computern gut auskennt, schon mal die Haare zu berge stehen, wenn man sieht, was unsereiner so macht aber ganz ehrlich, bei den vielen Minen, die hier auf Gelegenheits-User warten, kann man nicht alles auf dem Schirm haben. Ich bin ja schon froh, dass mein Fahrad nicht gepfändet und meine Arbeits-Kollegen nicht mit wüsten Mails belästigt wurden. "You learn it the hard way... "hier" in the internet" ... und manche Gaunerstücke sind ja auch echt gut gemacht.... um so wichtiger, dass es Foren wie das TB gibt. So, ich hätte noch eine Frage. Ich denke ich werde mir die Vollversion von Malewarebytes zulegen. Ist denn bei der Software auch ein Browserschutz dabei oder ist das garnicht nötig? Und ist die Vollversion dann auch für 2 Rechner gültig? So genug. Matthias, nimms mir nicht übel, wenn ich hoffe, dass ich mich nicht mehr sobald bei dir melden muss. Machet jut. Wilms |
04.12.2012, 16:19 | #15 | |
/// TB-Ausbilder | Zugriff auf web.de-Postfach verweigert - Botnetz Servus, Zitat:
Für wie viele Rechner die Pro Version gültig ist, kann ich nicht 100% ig sagen, ich vermute aber nur für einen. Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu Zugriff auf web.de-Postfach verweigert - Botnetz |
application/pdf:, avira, avira searchfree toolbar, bot, checkliste, daten, folge, gelöscht, gesperrt, guten, hohe, internet, kostenlose, kunde, laden, malwarebytes, microsoft office 2003, missbraucht, nodrives, picasa, plug-in, quarantäne, safer networking, scan, scanner, schützen, secunia psi, sonntag, trojaner, unterbinden, verdacht, verschickt, virenscan, virenscanner, wirklich, zugriff |