| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google redirectvirus entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.11.2012, 12:04
| #1 |
| |  Google redirectvirus entfernen Hallo, habe seit Neuestem ein Problem und bin durch Suche auf dieses Forum gestoßen, bzw. auch auf eine "maßgeschneiderte" Lösung (Mathias und Barbara, es ging um das gleiche Problem)..... Aber wie gesagt: maßgeschneidert, dh. nicht für alle und jeden....So hoffe ich ebenfalls auf eure kompetente Hilfe ! Ich werde seit 2 Tagen ebenfalls fast immer "umgeleitet", es erscheint so etwas wie eine blaue 8 und dann "find and try" oder "ihavent" oder irgendetwas, was mit meiner Suchanfrage gar nichts zu tun hat.... Könnt ihr mir helfen ? Hab gerade LukeFilewalker laufen und werde die Ergebnisse festhalten... LG Ortwin |
|
27.11.2012, 20:43
| #2 |
| /// TB-Ausbilder   | Google redirectvirus entfernen Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
27.11.2012, 22:34
| #3 |
| | Google redirectvirus entfernen Hallo Matthias, (sorry für das nur eine "t" in deinem Namen...), danke für deine Antwort; werde mich gleich an die Arbeit machen !
__________________Was habe ich bisher gemaht ? 1. Scan mit Avira (Free Avira), Report im hänge ich an) 2. Scan mit Malwarebytes, Report ebenfalls im Anhang.... Ich gehe jetzt vor wie du angegeben hast und poste dann wieder.... LG Ortwin Avira-Report: Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 27. November 2012 11:15 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Microsoft Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : Hannes Computername : ORTWIN Versionsinformationen: BUILD.DAT : 13.0.0.2832 48424 Bytes 20.11.2012 13:46:00 AVSCAN.EXE : 13.4.0.294 639264 Bytes 16.11.2012 15:03:34 AVSCANRC.DLL : 13.4.0.219 64800 Bytes 09.10.2012 12:49:58 LUKE.DLL : 13.4.0.267 67360 Bytes 13.11.2012 15:45:05 AVSCPLR.DLL : 13.4.0.271 93984 Bytes 14.11.2012 17:44:58 AVREG.DLL : 13.4.0.267 245536 Bytes 13.11.2012 15:36:46 avlode.dll : 13.4.0.294 426784 Bytes 16.11.2012 15:03:00 avlode.rdf : 13.0.0.24 7196 Bytes 27.09.2012 09:30:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 10:04:35 VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 10:04:36 VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 10:04:36 VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 10:04:36 VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 10:04:36 VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 10:04:36 VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 10:04:36 VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 10:04:37 VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 10:04:37 VBASE016.VDF : 7.11.51.96 2048 Bytes 26.11.2012 10:04:37 VBASE017.VDF : 7.11.51.97 2048 Bytes 26.11.2012 10:04:38 VBASE018.VDF : 7.11.51.98 2048 Bytes 26.11.2012 10:04:38 VBASE019.VDF : 7.11.51.99 2048 Bytes 26.11.2012 10:04:38 VBASE020.VDF : 7.11.51.100 2048 Bytes 26.11.2012 10:04:38 VBASE021.VDF : 7.11.51.101 2048 Bytes 26.11.2012 10:04:38 VBASE022.VDF : 7.11.51.102 2048 Bytes 26.11.2012 10:04:38 VBASE023.VDF : 7.11.51.103 2048 Bytes 26.11.2012 10:04:38 VBASE024.VDF : 7.11.51.104 2048 Bytes 26.11.2012 10:04:38 VBASE025.VDF : 7.11.51.105 2048 Bytes 26.11.2012 10:04:38 VBASE026.VDF : 7.11.51.106 2048 Bytes 26.11.2012 10:04:38 VBASE027.VDF : 7.11.51.107 2048 Bytes 26.11.2012 10:04:39 VBASE028.VDF : 7.11.51.108 2048 Bytes 26.11.2012 10:04:39 VBASE029.VDF : 7.11.51.109 2048 Bytes 26.11.2012 10:04:39 VBASE030.VDF : 7.11.51.110 2048 Bytes 26.11.2012 10:04:39 VBASE031.VDF : 7.11.51.140 59904 Bytes 27.11.2012 10:04:39 Engineversion : 8.2.10.204 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55 AESCRIPT.DLL : 8.1.4.68 467324 Bytes 27.11.2012 10:04:46 AESCN.DLL : 8.1.9.4 131445 Bytes 15.11.2012 15:08:00 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 10:09:14 AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 12:19:00 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38 AEHEUR.DLL : 8.1.4.142 5566841 Bytes 27.11.2012 10:04:45 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32 AEGEN.DLL : 8.1.6.10 438646 Bytes 15.11.2012 15:08:00 AEEXP.DLL : 8.2.0.12 119158 Bytes 27.11.2012 10:04:47 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 10:09:14 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38 AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30 AVPREF.DLL : 13.4.0.163 50464 Bytes 19.09.2012 17:07:51 AVREP.DLL : 13.4.0.244 177952 Bytes 30.10.2012 13:06:41 AVARKT.DLL : 13.4.0.292 260384 Bytes 16.11.2012 12:58:39 AVEVTLOG.DLL : 13.4.0.267 167200 Bytes 13.11.2012 15:35:34 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54 NETNT.DLL : 13.4.0.163 15648 Bytes 19.09.2012 17:16:26 RCIMAGE.DLL : 13.4.0.163 4780832 Bytes 19.09.2012 17:21:16 RCTEXT.DLL : 13.4.0.163 68384 Bytes 19.09.2012 17:21:16 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\Programme\Avira\AntiVir Desktop\alldrives.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Dienstag, 27. November 2012 11:15 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'rsmsink.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'ois.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'msdtc.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'dllhost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '85' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'taskmgr.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'Dot1XCfg.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxtray.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'QtZgAcer.EXE' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPLpr.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'epm-dm.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'ifrmewrk.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'ZCfgSvc.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '112' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiapsrv.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'RegSrvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '13' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'anbmServ.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'adminsvcff.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'S24EvMon.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'EvtEng.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '165' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2953' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <WinXP> [0] Archivtyp: RSRC --> C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe [1] Archivtyp: RSRC --> C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57\6053e339-5dae9280 [2] Archivtyp: ZIP --> com/teletrader/ticker/GenericImageProducer.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.DE [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> com/teletrader/ticker/RollingCanvas$BeginDragListener.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.DI [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57\6053e339-5dae9280 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.DI C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Temp\goog1e_gaggia_120.exe [FUND] Ist das Trojanische Pferd TR/Meredrop.A.10193 Beginne mit der Suche in 'D:\' <Programme> D:\Original Software\Codecsoftware\TMPGEnc-2.510.49.157-Plus-EN\TMPGEnc_Plus\keygen.exe [FUND] Ist das Trojanische Pferd TR/Agent.45568 Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Desinfektion: D:\Original Software\Codecsoftware\TMPGEnc-2.510.49.157-Plus-EN\TMPGEnc_Plus\keygen.exe [FUND] Ist das Trojanische Pferd TR/Agent.45568 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53e91357.qua' verschoben! C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Temp\goog1e_gaggia_120.exe [FUND] Ist das Trojanische Pferd TR/Meredrop.A.10193 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b703cfa.qua' verschoben! C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57\6053e339-5dae9280 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Jogek.DI [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '18e567d3.qua' verschoben! Ende des Suchlaufs: Dienstag, 27. November 2012 13:49 Benötigte Zeit: 1:23:18 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 8820 Verzeichnisse wurden überprüft 407564 Dateien wurden geprüft 5 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 407559 Dateien ohne Befall 2295 Archive wurden durchsucht 2 Warnungen 3 Hinweise 60395 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Malwarebytes-Report: (2 Reports): Report 1: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.27.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Hannes :: ORTWIN [Administrator] 27.11.2012 18:37:12 mbam-log-2012-11-27 (18-37-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 305532 Laufzeit: 1 Stunde(n), 19 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Report 2: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.11.27.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Hannes :: ORTWIN [Administrator] 27.11.2012 18:37:12 mbam-log-2012-11-27 (22-09-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 305532 Laufzeit: 1 Stunde(n), 19 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank für deine Mühe, alles andere wird gleich erledigt ! Gruss Ortwin Hier die Logdateien: (TDSKiller Logdatei im nächsten Beitrag, weil zu lang...) OTL Logdateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2012 22:39:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hannes\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,26% Memory free 3,33 Gb Paging File | 2,86 Gb Available in Paging File | 86,02% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,18 Gb Total Space | 5,73 Gb Free Space | 16,76% Space Free | Partition Type: NTFS Drive D: | 58,97 Gb Total Space | 56,55 Gb Free Space | 95,90% Space Free | Partition Type: NTFS Computer Name: ORTWIN | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 22:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe PRC - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.16 16:02:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.09 11:25:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.17 12:14:04 | 001,427,224 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\rapimgr.exe PRC - [2006.10.31 07:20:16 | 000,180,224 | ---- | M] (hablamax) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe PRC - [2005.12.28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.12.28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.12.28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005.12.01 16:38:38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2005.08.11 18:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe PRC - [2004.10.08 13:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2005.12.28 12:11:34 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll MOD - [2005.12.28 12:11:34 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.12.28 12:11:34 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2005.11.16 10:05:08 | 000,970,862 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll MOD - [2005.07.06 12:50:14 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\HokHIDKC.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - File not found [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.07 08:54:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.09 11:25:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2012.05.04 09:15:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.01.17 12:14:04 | 001,427,224 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) SRV - [2006.10.31 07:20:16 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe -- (AdminSVCff) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\PNDIS5.SYS -- (PNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\EC168BDA.sys -- (EC168BDA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Hannes\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TMIMO31U.sys -- (Airgo3U) DRV - [2012.11.16 20:17:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.16 20:17:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.16 20:17:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.01.05 09:33:28 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.05.29 12:36:06 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.11.09 09:56:42 | 000,010,944 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2006.10.30 10:49:06 | 000,006,784 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - [2006.01.06 09:16:22 | 000,067,840 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2005.12.28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73) DRV - [2005.09.12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.08.09 15:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2005.06.30 14:16:58 | 001,034,752 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.06.30 14:16:06 | 000,200,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.06.30 14:16:02 | 000,716,416 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.04.07 17:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2005.04.01 21:34:51 | 000,913,280 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) DRV - [2005.03.04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2004.07.19 12:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2002.08.08 14:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=&src=crm&q={searchTerms}&locale= IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://at.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_at&p={searchTerms} IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com" FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.07 22:11:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.04 09:15:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.07 22:11:14 | 000,000,000 | ---D | M] [2008.09.03 20:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Extensions [2012.11.27 10:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions [2012.11.23 14:32:02 | 000,035,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.13 20:31:27 | 000,112,944 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2009.10.20 09:02:40 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\askcom.xml [2010.11.02 16:02:34 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\conduit.xml [2011.05.03 13:25:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-1.xml [2008.09.03 20:49:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-10.xml [2008.10.13 10:42:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-11.xml [2007.12.03 14:47:34 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-2.xml [2008.02.08 14:15:08 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-3.xml [2008.03.28 09:34:02 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-4.xml [2008.04.17 15:20:35 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-5.xml [2008.06.21 16:09:56 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-6.xml [2008.07.04 11:29:04 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-7.xml [2008.07.07 15:38:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-8.xml [2008.07.17 21:14:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-9.xml [2007.11.25 20:40:21 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin.xml [2012.05.04 09:15:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 07:49:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 07:49:26 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 07:49:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 07:49:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 07:49:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 07:49:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Hannes\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O15 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..Trusted Domains: ([]msn in Arbeitsplatz) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.19 07:04:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell\AutoRun\command - "" = F:\autorunner.exe "Film Kagerer~1.wmv" O33 - MountPoints2\{78112b14-50ee-11dd-b74c-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\hm1bfpuj.exe O33 - MountPoints2\{78112b14-50ee-11dd-b74c-0013ce9e6d05}\Shell\open\Command - "" = F:\hm1bfpuj.exe O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell - "" = AutoRun O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell - "" = AutoRun O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "JavaQuickStarterService" MsConfig - Services: "iPod Service" MsConfig - Services: "Apple Mobile Device" MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - File not found MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.I420 - lvcodec2.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 22:17:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe [2012.11.27 18:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Malwarebytes [2012.11.27 18:32:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.27 18:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.27 18:32:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.27 18:32:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.27 11:06:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Avira [2012.11.27 11:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.11.27 11:02:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.11.27 11:02:46 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.11.27 11:02:46 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.11.27 11:02:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.11.27 11:02:45 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.11.23 20:07:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\Gaggia [2012.11.22 15:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\SupVersammlung [2012.11.01 21:49:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\Felicia [2012.10.30 13:59:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Hannes\Desktop\HijackThis.exe [2008.06.14 20:41:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 22:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.27 22:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe [2012.11.27 22:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.11.27 18:32:37 | 000,000,761 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 11:03:11 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.11.27 11:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012.11.27 10:55:49 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\ZZIYJ.job [2012.11.27 10:55:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.27 10:55:43 | 000,312,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.27 10:55:42 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 10:41:26 | 106,088,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\avira_free_antivirus_de.exe [2012.11.26 22:33:32 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\Microsoft Office Word 2003.lnk [2012.11.26 20:47:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 07:53:53 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\newdev7.dll [2012.11.20 18:50:09 | 000,002,165 | ---- | M] () -- C:\WINDOWS\musi.ini [2012.11.16 20:17:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.11.16 20:17:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.11.16 20:17:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.11.16 07:49:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.16 07:46:13 | 000,453,046 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.16 07:46:13 | 000,436,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.16 07:46:13 | 000,081,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.16 07:46:13 | 000,068,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.12 19:54:52 | 000,016,629 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\FirewireKabel.JPG [2012.11.10 15:47:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.11.07 08:54:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.07 08:54:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.06 13:01:44 | 000,169,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.30 13:59:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Hannes\Desktop\HijackThis.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 18:32:37 | 000,000,761 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 11:03:11 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.11.27 10:32:31 | 106,088,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\avira_free_antivirus_de.exe [2012.11.21 07:53:54 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\ZZIYJ.job [2012.11.21 07:53:53 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\newdev7.dll [2012.11.12 19:54:51 | 000,016,629 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\FirewireKabel.JPG [2012.06.14 13:54:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.30 19:50:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.02.24 16:36:24 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2011.01.19 18:01:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.03.17 09:23:16 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\setup_ldm.iss [2010.01.26 20:11:55 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.01.28 17:23:20 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\.zreglib [2008.12.26 12:48:03 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\$_hpcst$.hpc [2008.06.26 14:41:37 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.06.16 10:43:50 | 001,147,939 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\mdbu.bin [2008.06.14 20:41:27 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\ezpinst.exe [2008.06.14 20:41:27 | 000,007,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.cat [2008.06.14 20:41:26 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.inf [2007.09.24 21:40:18 | 000,000,095 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\default.pls [2007.09.24 21:29:15 | 000,169,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.10.27 13:06:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2012.08.30 21:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008.04.14 03:22:48 | 000,093,184 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008.04.14 03:22:48 | 000,093,184 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 60 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Verdauung.ppt:AFP_AfpInfo @Alternate Data Stream - 24 bytes -> C:\WINDOWS:D3123324D53BF896 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 22:39:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hannes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,26% Memory free
3,33 Gb Paging File | 2,86 Gb Available in Paging File | 86,02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 5,73 Gb Free Space | 16,76% Space Free | Partition Type: NTFS
Drive D: | 58,97 Gb Total Space | 56,55 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
Computer Name: ORTWIN | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupXu.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
"C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{708FBDB1-13E2-42CC-AA8C-36EF91D1E6B6}" = Auktionsbuddy Ebay Stopwatch
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros-Clientinstallationsprogramm
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6C885D1-A91C-4A2D-9C72-BF2D2D97E795}" = Smart Organizing Monitor for DDST
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ants DVD Player_is1" = Ants DVD Player 1.00
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F" = HDAUDIO Soft Voice Modem with SmartCP
"Exif-Viewer" = Exif-Viewer 2.44
"FormatFactory" = FormatFactory 2.70
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"GMX Firefox Browser Update" = GMX Firefox Browser Update
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"KontoNrCheck_is1" = KontoNrCheck
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft AutoRoute Express EUR" = Microsoft AutoRoute Express Europa 98
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Suite" = Nokia Suite
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Labtec® Camera-Treiber
"Revo Uninstaller" = Revo Uninstaller 1.89
"Security Task Manager" = Security Task Manager 1.7e
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 18:39:06 | Computer Name = ORTWIN | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 02.11.2012 18:44:29 | Computer Name = ORTWIN | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
[ System Events ]
Error - 26.11.2012 11:52:25 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman.
Error - 26.11.2012 15:48:32 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 02:52:26 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 27.11.2012 05:28:23 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 05:57:14 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 11:28:26 | Computer Name = ORTWIN | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
Defogger Logdatei: defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:49 on 27/11/2012 (Hannes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-27 23:51:19 ----------------------------- 23:51:19.750 OS Version: Windows 5.1.2600 Service Pack 3 23:51:19.750 Number of processors: 1 586 0xD08 23:51:19.750 ComputerName: ORTWIN UserName: Hannes 23:51:20.296 Initialize success 00:08:49.750 AVAST engine defs: 12112701 00:11:49.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 00:11:49.781 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204A Size: 95396MB BusType: 3 00:11:49.812 Disk 0 MBR read successfully 00:11:49.812 Disk 0 MBR scan 00:11:49.828 Disk 0 Windows XP default MBR code 00:11:49.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63 00:11:49.843 Disk 0 Partition - 00 0F Extended LBA 60384 MB offset 71682030 00:11:49.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60384 MB offset 71682093 00:11:49.875 Disk 0 scanning sectors +195350400 00:11:49.937 Disk 0 scanning C:\WINDOWS\system32\drivers 00:12:09.031 Service scanning 00:12:25.484 Service PNDIS5 E:\PNDIS5.SYS **LOCKED** 21 00:12:35.765 Modules scanning 00:12:43.734 Disk 0 trace - called modules: 00:12:43.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 00:12:43.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a8ab8] 00:12:43.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a86a9e8] 00:12:43.750 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a88a940] 00:12:44.203 AVAST engine scan C:\WINDOWS 00:13:05.921 AVAST engine scan C:\WINDOWS\system32 00:14:46.281 File: C:\WINDOWS\system32\newdev7.dll **INFECTED** Win32:Malware-gen 00:16:39.437 AVAST engine scan C:\WINDOWS\system32\drivers 00:17:00.062 AVAST engine scan C:\Dokumente und Einstellungen\Hannes 00:18:14.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hannes\Desktop\MBR.dat" 00:18:14.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hannes\Desktop\aswMBR.txt" Gruss Ortwin |
|
28.11.2012, 08:32
| #4 |
| | Google redirectvirus entfernen Hier die Logdateien: (TDSKiller Logdatei im nächsten Beitrag, weil zu lang...) OTL Logdateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2012 22:39:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hannes\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,26% Memory free 3,33 Gb Paging File | 2,86 Gb Available in Paging File | 86,02% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 34,18 Gb Total Space | 5,73 Gb Free Space | 16,76% Space Free | Partition Type: NTFS Drive D: | 58,97 Gb Total Space | 56,55 Gb Free Space | 95,90% Space Free | Partition Type: NTFS Computer Name: ORTWIN | User Name: Hannes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 22:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe PRC - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.16 16:02:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.09 11:25:56 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.17 12:14:04 | 001,427,224 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Programme\Microsoft ActiveSync\rapimgr.exe PRC - [2006.10.31 07:20:16 | 000,180,224 | ---- | M] (hablamax) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe PRC - [2005.12.28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005.12.28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005.12.28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005.12.01 16:38:38 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2005.08.11 18:21:00 | 000,200,704 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe PRC - [2004.10.08 13:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2005.12.28 12:11:34 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll MOD - [2005.12.28 12:11:34 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2005.12.28 12:11:34 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll MOD - [2005.11.16 10:05:08 | 000,970,862 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll MOD - [2005.07.06 12:50:14 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\HokHIDKC.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - File not found [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.07 08:54:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.09 11:25:56 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.06.03 09:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2012.05.04 09:15:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.01.17 12:14:04 | 001,427,224 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) SRV - [2006.10.31 07:20:16 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe -- (AdminSVCff) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\PNDIS5.SYS -- (PNDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\EC168BDA.sys -- (EC168BDA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Hannes\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TMIMO31U.sys -- (Airgo3U) DRV - [2012.11.16 20:17:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.16 20:17:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.16 20:17:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.01.05 09:33:28 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.05.29 12:36:06 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2006.11.09 09:56:42 | 000,010,944 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2006.10.30 10:49:06 | 000,006,784 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - [2006.01.06 09:16:22 | 000,067,840 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2005.12.28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73) DRV - [2005.09.12 09:49:44 | 003,298,432 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.08.09 15:43:00 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2005.06.30 14:16:58 | 001,034,752 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.06.30 14:16:06 | 000,200,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005.06.30 14:16:02 | 000,716,416 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.04.07 17:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2005.04.01 21:34:51 | 000,913,280 | R--- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) DRV - [2005.03.04 10:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005.01.07 16:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2004.07.19 12:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2002.08.08 14:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=&src=crm&q={searchTerms}&locale= IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2206084 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://at.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_at&p={searchTerms} IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com" FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.07 22:11:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.04 09:15:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.07 22:11:14 | 000,000,000 | ---D | M] [2008.09.03 20:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Extensions [2012.11.27 10:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions [2012.11.23 14:32:02 | 000,035,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.07.13 20:31:27 | 000,112,944 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2009.10.20 09:02:40 | 000,002,236 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\askcom.xml [2010.11.02 16:02:34 | 000,000,941 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\conduit.xml [2011.05.03 13:25:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-1.xml [2008.09.03 20:49:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-10.xml [2008.10.13 10:42:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-11.xml [2007.12.03 14:47:34 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-2.xml [2008.02.08 14:15:08 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-3.xml [2008.03.28 09:34:02 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-4.xml [2008.04.17 15:20:35 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-5.xml [2008.06.21 16:09:56 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-6.xml [2008.07.04 11:29:04 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-7.xml [2008.07.07 15:38:20 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-8.xml [2008.07.17 21:14:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin-9.xml [2007.11.25 20:40:21 | 000,000,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla\Firefox\Profiles\dl882d81.default\searchplugins\icqplugin.xml [2012.05.04 09:15:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.02.16 07:49:26 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 07:49:26 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.02.16 07:49:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 07:49:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 07:49:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 07:49:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [epm-dm] c:\Acer\ePM\epm-dm.exe (Acer Inc) O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Hannes\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O15 - HKU\S-1-5-21-507921405-1563985344-839522115-1003\..Trusted Domains: ([]msn in Arbeitsplatz) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.09.19 07:04:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{710e0936-fcd5-11e0-b9b0-00163609fee0}\Shell\AutoRun\command - "" = F:\autorunner.exe "Film Kagerer~1.wmv" O33 - MountPoints2\{78112b14-50ee-11dd-b74c-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\hm1bfpuj.exe O33 - MountPoints2\{78112b14-50ee-11dd-b74c-0013ce9e6d05}\Shell\open\Command - "" = F:\hm1bfpuj.exe O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell - "" = AutoRun O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7be89918-18a6-11e0-b91a-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell - "" = AutoRun O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{972a9c5c-18a5-11e0-b919-0013ce9e6d05}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ce8c33b6-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell - "" = AutoRun O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ce8c33b8-6ab8-11dc-b67c-00163609fee0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "JavaQuickStarterService" MsConfig - Services: "iPod Service" MsConfig - Services: "Apple Mobile Device" MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - File not found MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.I420 - lvcodec2.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 22:17:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe [2012.11.27 18:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Malwarebytes [2012.11.27 18:32:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.27 18:32:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.27 18:32:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.27 18:32:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.11.27 11:06:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Avira [2012.11.27 11:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.11.27 11:02:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.11.27 11:02:46 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.11.27 11:02:46 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.11.27 11:02:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.11.27 11:02:45 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.11.23 20:07:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\Gaggia [2012.11.22 15:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\SupVersammlung [2012.11.01 21:49:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hannes\Desktop\Felicia [2012.10.30 13:59:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Hannes\Desktop\HijackThis.exe [2008.06.14 20:41:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 22:34:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.27 22:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannes\Desktop\OTL.exe [2012.11.27 22:01:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.11.27 18:32:37 | 000,000,761 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 11:03:11 | 000,001,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.11.27 11:00:56 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012.11.27 10:55:49 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\ZZIYJ.job [2012.11.27 10:55:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.27 10:55:43 | 000,312,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.27 10:55:42 | 2137,116,672 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 10:41:26 | 106,088,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\avira_free_antivirus_de.exe [2012.11.26 22:33:32 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\Microsoft Office Word 2003.lnk [2012.11.26 20:47:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 07:53:53 | 000,126,976 | RHS- | M] () -- C:\WINDOWS\System32\newdev7.dll [2012.11.20 18:50:09 | 000,002,165 | ---- | M] () -- C:\WINDOWS\musi.ini [2012.11.16 20:17:15 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.11.16 20:17:15 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.11.16 20:17:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.11.16 07:49:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.16 07:46:13 | 000,453,046 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.16 07:46:13 | 000,436,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.16 07:46:13 | 000,081,826 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.16 07:46:13 | 000,068,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.12 19:54:52 | 000,016,629 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\FirewireKabel.JPG [2012.11.10 15:47:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.11.07 08:54:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.07 08:54:52 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.06 13:01:44 | 000,169,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.30 13:59:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Hannes\Desktop\HijackThis.exe [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 18:32:37 | 000,000,761 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 11:03:11 | 000,001,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.11.27 10:32:31 | 106,088,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\avira_free_antivirus_de.exe [2012.11.21 07:53:54 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\ZZIYJ.job [2012.11.21 07:53:53 | 000,126,976 | RHS- | C] () -- C:\WINDOWS\System32\newdev7.dll [2012.11.12 19:54:51 | 000,016,629 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Desktop\FirewireKabel.JPG [2012.06.14 13:54:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.03.30 19:50:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.02.24 16:36:24 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2011.01.19 18:01:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.03.17 09:23:16 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\setup_ldm.iss [2010.01.26 20:11:55 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.01.28 17:23:20 | 000,000,043 | -HS- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\.zreglib [2008.12.26 12:48:03 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\$_hpcst$.hpc [2008.06.26 14:41:37 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2008.06.16 10:43:50 | 001,147,939 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\mdbu.bin [2008.06.14 20:41:27 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\ezpinst.exe [2008.06.14 20:41:27 | 000,007,176 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.cat [2008.06.14 20:41:26 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\pcouffin.inf [2007.09.24 21:40:18 | 000,000,095 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\default.pls [2007.09.24 21:29:15 | 000,169,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Hannes\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.10.27 13:06:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2012.08.30 21:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008.04.14 03:22:48 | 000,093,184 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Programme\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.05.04 09:15:44 | 000,868,952 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Programme\Mozilla Firefox\firefox.exe [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -preferences [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Programme\Mozilla Firefox\firefox.exe" -safe-mode [2012.05.04 09:15:48 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008.04.14 03:23:00 | 000,045,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008.04.14 03:22:48 | 000,093,184 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 60 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\Verdauung.ppt:AFP_AfpInfo @Alternate Data Stream - 24 bytes -> C:\WINDOWS:D3123324D53BF896 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 22:39:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Hannes\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,26% Memory free
3,33 Gb Paging File | 2,86 Gb Available in Paging File | 86,02% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,18 Gb Total Space | 5,73 Gb Free Space | 16,76% Space Free | Partition Type: NTFS
Drive D: | 58,97 Gb Total Space | 56,55 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
Computer Name: ORTWIN | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare
"E:\Setup.exe" = E:\Setup.exe:*:Enabled:Setup
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update -- (AccSys GmbH)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupXu.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup
"D:\Programme\Microsoft ActiveSync\rapimgr.exe" = D:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\wcescomm.exe" = D:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Microsoft ActiveSync\WCESMgr.exe" = D:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\FileZilla FTP Client\filezilla.exe" = C:\Programme\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
"C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{708FBDB1-13E2-42CC-AA8C-36EF91D1E6B6}" = Auktionsbuddy Ebay Stopwatch
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros-Clientinstallationsprogramm
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6C885D1-A91C-4A2D-9C72-BF2D2D97E795}" = Smart Organizing Monitor for DDST
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ants DVD Player_is1" = Ants DVD Player 1.00
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F" = HDAUDIO Soft Voice Modem with SmartCP
"Exif-Viewer" = Exif-Viewer 2.44
"FormatFactory" = FormatFactory 2.70
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"GMX Firefox Browser Update" = GMX Firefox Browser Update
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"KontoNrCheck_is1" = KontoNrCheck
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft AutoRoute Express EUR" = Microsoft AutoRoute Express Europa 98
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Suite" = Nokia Suite
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"QcDrv" = Labtec® Camera-Treiber
"Revo Uninstaller" = Revo Uninstaller 1.89
"Security Task Manager" = Security Task Manager 1.7e
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-507921405-1563985344-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2012 18:39:06 | Computer Name = ORTWIN | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 02.11.2012 18:44:29 | Computer Name = ORTWIN | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
[ System Events ]
Error - 26.11.2012 11:52:25 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman.
Error - 26.11.2012 15:48:32 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 02:52:26 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error - 27.11.2012 04:57:41 | Computer Name = ORTWIN | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 27.11.2012 05:28:23 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 05:57:14 | Computer Name = ORTWIN | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb
Error - 27.11.2012 11:28:26 | Computer Name = ORTWIN | Source = DCOM | ID = 10010
Description = Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
Defogger Logdatei: defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:49 on 27/11/2012 (Hannes) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-27 23:51:19 ----------------------------- 23:51:19.750 OS Version: Windows 5.1.2600 Service Pack 3 23:51:19.750 Number of processors: 1 586 0xD08 23:51:19.750 ComputerName: ORTWIN UserName: Hannes 23:51:20.296 Initialize success 00:08:49.750 AVAST engine defs: 12112701 00:11:49.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 00:11:49.781 Disk 0 Vendor: TOSHIBA_MK1031GAS AA204A Size: 95396MB BusType: 3 00:11:49.812 Disk 0 MBR read successfully 00:11:49.812 Disk 0 MBR scan 00:11:49.828 Disk 0 Windows XP default MBR code 00:11:49.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63 00:11:49.843 Disk 0 Partition - 00 0F Extended LBA 60384 MB offset 71682030 00:11:49.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60384 MB offset 71682093 00:11:49.875 Disk 0 scanning sectors +195350400 00:11:49.937 Disk 0 scanning C:\WINDOWS\system32\drivers 00:12:09.031 Service scanning 00:12:25.484 Service PNDIS5 E:\PNDIS5.SYS **LOCKED** 21 00:12:35.765 Modules scanning 00:12:43.734 Disk 0 trace - called modules: 00:12:43.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 00:12:43.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8a8ab8] 00:12:43.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8a86a9e8] 00:12:43.750 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a88a940] 00:12:44.203 AVAST engine scan C:\WINDOWS 00:13:05.921 AVAST engine scan C:\WINDOWS\system32 00:14:46.281 File: C:\WINDOWS\system32\newdev7.dll **INFECTED** Win32:Malware-gen 00:16:39.437 AVAST engine scan C:\WINDOWS\system32\drivers 00:17:00.062 AVAST engine scan C:\Dokumente und Einstellungen\Hannes 00:18:14.968 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hannes\Desktop\MBR.dat" 00:18:14.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hannes\Desktop\aswMBR.txt" Gruss Ortwin |
|
28.11.2012, 08:35
| #5 |
| | Google redirectvirus entfernen Und die TDSKiller Logdatei: 00:19:56.0359 4944 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 00:19:56.0453 4944 ============================================================ 00:19:56.0453 4944 Current date / time: 2012/11/28 00:19:56.0453 00:19:56.0453 4944 SystemInfo: 00:19:56.0453 4944 00:19:56.0453 4944 OS Version: 5.1.2600 ServicePack: 3.0 00:19:56.0453 4944 Product type: Workstation 00:19:56.0453 4944 ComputerName: ORTWIN 00:19:56.0453 4944 UserName: Hannes 00:19:56.0453 4944 Windows directory: C:\WINDOWS 00:19:56.0453 4944 System windows directory: C:\WINDOWS 00:19:56.0453 4944 Processor architecture: Intel x86 00:19:56.0453 4944 Number of processors: 1 00:19:56.0453 4944 Page size: 0x1000 00:19:56.0453 4944 Boot type: Normal boot 00:19:56.0453 4944 ============================================================ 00:19:58.0093 4944 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 00:19:58.0109 4944 ============================================================ 00:19:58.0109 4944 \Device\Harddisk0\DR0: 00:19:58.0109 4944 MBR partitions: 00:19:58.0109 4944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445C7AF 00:19:58.0109 4944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C82D, BlocksNum 0x75F0753 00:19:58.0109 4944 ============================================================ 00:19:58.0140 4944 C: <-> \Device\Harddisk0\DR0\Partition1 00:19:58.0187 4944 D: <-> \Device\Harddisk0\DR0\Partition2 00:19:58.0187 4944 ============================================================ 00:19:58.0187 4944 Initialize success 00:19:58.0187 4944 ============================================================ 00:20:08.0781 6004 ============================================================ 00:20:08.0781 6004 Scan started 00:20:08.0781 6004 Mode: Manual; 00:20:08.0781 6004 ============================================================ 00:20:09.0828 6004 ================ Scan system memory ======================== 00:20:09.0828 6004 System memory - ok 00:20:09.0828 6004 ================ Scan services ============================= 00:20:09.0968 6004 Abiosdsk - ok 00:20:09.0984 6004 abp480n5 - ok 00:20:10.0046 6004 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 00:20:10.0046 6004 ACPI - ok 00:20:10.0093 6004 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 00:20:10.0093 6004 ACPIEC - ok 00:20:10.0156 6004 [ 460268DB66AD23C98A9DD553C69D27BF ] AdminSVCff C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\adminsvcff.exe 00:20:10.0171 6004 AdminSVCff - ok 00:20:10.0250 6004 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 00:20:10.0250 6004 AdobeFlashPlayerUpdateSvc - ok 00:20:10.0265 6004 adpu160m - ok 00:20:10.0296 6004 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 00:20:10.0296 6004 aec - ok 00:20:10.0343 6004 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 00:20:10.0343 6004 AegisP - ok 00:20:10.0390 6004 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 00:20:10.0390 6004 AFD - ok 00:20:10.0406 6004 Aha154x - ok 00:20:10.0406 6004 aic78u2 - ok 00:20:10.0421 6004 aic78xx - ok 00:20:10.0421 6004 Airgo3U - ok 00:20:10.0468 6004 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 00:20:10.0484 6004 Alerter - ok 00:20:10.0500 6004 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 00:20:10.0500 6004 ALG - ok 00:20:10.0515 6004 AliIde - ok 00:20:10.0531 6004 amsint - ok 00:20:10.0656 6004 [ 35499115D11E600BC36990AEB01A3FF1 ] anbmService C:\Acer\eManager\anbmServ.exe 00:20:10.0687 6004 anbmService - ok 00:20:10.0812 6004 [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 00:20:10.0812 6004 AntiVirSchedulerService - ok 00:20:10.0843 6004 [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 00:20:10.0843 6004 AntiVirService - ok 00:20:10.0890 6004 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 00:20:10.0890 6004 AppMgmt - ok 00:20:10.0906 6004 asc - ok 00:20:10.0921 6004 asc3350p - ok 00:20:10.0921 6004 asc3550 - ok 00:20:11.0000 6004 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 00:20:11.0015 6004 aspnet_state - ok 00:20:11.0046 6004 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 00:20:11.0046 6004 AsyncMac - ok 00:20:11.0062 6004 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 00:20:11.0062 6004 atapi - ok 00:20:11.0078 6004 Atdisk - ok 00:20:11.0109 6004 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 00:20:11.0109 6004 Atmarpc - ok 00:20:11.0156 6004 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 00:20:11.0156 6004 AudioSrv - ok 00:20:11.0187 6004 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 00:20:11.0187 6004 audstub - ok 00:20:11.0203 6004 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 00:20:11.0203 6004 avgntflt - ok 00:20:11.0265 6004 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 00:20:11.0265 6004 avipbb - ok 00:20:11.0281 6004 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys 00:20:11.0281 6004 avkmgr - ok 00:20:11.0312 6004 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 00:20:11.0328 6004 Beep - ok 00:20:11.0390 6004 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 00:20:11.0406 6004 BITS - ok 00:20:11.0453 6004 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 00:20:11.0468 6004 Browser - ok 00:20:11.0500 6004 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 00:20:11.0500 6004 cbidf2k - ok 00:20:11.0546 6004 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 00:20:11.0546 6004 CCDECODE - ok 00:20:11.0546 6004 cd20xrnt - ok 00:20:11.0562 6004 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 00:20:11.0578 6004 Cdaudio - ok 00:20:11.0609 6004 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 00:20:11.0609 6004 Cdfs - ok 00:20:11.0625 6004 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 00:20:11.0625 6004 Cdrom - ok 00:20:11.0640 6004 Changer - ok 00:20:11.0671 6004 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\System32\cisvc.exe 00:20:11.0671 6004 cisvc - ok 00:20:11.0687 6004 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 00:20:11.0687 6004 ClipSrv - ok 00:20:11.0734 6004 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:20:11.0734 6004 clr_optimization_v2.0.50727_32 - ok 00:20:11.0750 6004 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 00:20:11.0750 6004 CmBatt - ok 00:20:11.0750 6004 CmdIde - ok 00:20:11.0765 6004 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 00:20:11.0765 6004 Compbatt - ok 00:20:11.0765 6004 COMSysApp - ok 00:20:11.0781 6004 Cpqarray - ok 00:20:11.0890 6004 cpuz132 - ok 00:20:11.0921 6004 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 00:20:11.0921 6004 CryptSvc - ok 00:20:11.0921 6004 dac2w2k - ok 00:20:11.0937 6004 dac960nt - ok 00:20:11.0984 6004 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 00:20:12.0000 6004 DcomLaunch - ok 00:20:12.0046 6004 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 00:20:12.0062 6004 Dhcp - ok 00:20:12.0109 6004 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 00:20:12.0109 6004 Disk - ok 00:20:12.0140 6004 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 00:20:12.0140 6004 DKbFltr - ok 00:20:12.0156 6004 dmadmin - ok 00:20:12.0203 6004 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 00:20:12.0203 6004 dmboot - ok 00:20:12.0250 6004 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 00:20:12.0250 6004 dmio - ok 00:20:12.0906 6004 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 00:20:12.0906 6004 dmload - ok 00:20:12.0937 6004 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 00:20:12.0937 6004 dmserver - ok 00:20:12.0984 6004 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 00:20:12.0984 6004 DMusic - ok 00:20:13.0031 6004 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 00:20:13.0031 6004 Dnscache - ok 00:20:13.0093 6004 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 00:20:13.0093 6004 Dot3svc - ok 00:20:13.0093 6004 dpti2o - ok 00:20:13.0125 6004 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 00:20:13.0125 6004 drmkaud - ok 00:20:13.0140 6004 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 00:20:13.0140 6004 EapHost - ok 00:20:13.0156 6004 EC168BDA - ok 00:20:13.0187 6004 [ D68564FCFBDFC04280CDBBB37CF7EF7F ] EpmPsd C:\WINDOWS\system32\drivers\epm-psd.sys 00:20:13.0187 6004 EpmPsd - ok 00:20:13.0218 6004 [ 2D0C4A7077F6C68449479F5444C580A7 ] EpmShd C:\WINDOWS\system32\drivers\epm-shd.sys 00:20:13.0234 6004 EpmShd - ok 00:20:13.0281 6004 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 00:20:13.0281 6004 ERSvc - ok 00:20:13.0328 6004 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 00:20:13.0343 6004 Eventlog - ok 00:20:13.0375 6004 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll 00:20:13.0390 6004 EventSystem - ok 00:20:13.0453 6004 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe 00:20:13.0468 6004 EvtEng - ok 00:20:13.0531 6004 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 00:20:13.0531 6004 Fastfat - ok 00:20:13.0578 6004 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 00:20:13.0578 6004 FastUserSwitchingCompatibility - ok 00:20:13.0593 6004 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 00:20:13.0593 6004 Fdc - ok 00:20:13.0609 6004 FilterService - ok 00:20:13.0625 6004 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 00:20:13.0625 6004 Fips - ok 00:20:13.0640 6004 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 00:20:13.0640 6004 Flpydisk - ok 00:20:13.0687 6004 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 00:20:13.0687 6004 FltMgr - ok 00:20:13.0796 6004 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 00:20:13.0796 6004 FontCache3.0.0.0 - ok 00:20:13.0812 6004 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 00:20:13.0812 6004 Fs_Rec - ok 00:20:13.0828 6004 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 00:20:13.0843 6004 Ftdisk - ok 00:20:13.0875 6004 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 00:20:13.0890 6004 GEARAspiWDM - ok 00:20:13.0906 6004 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 00:20:13.0906 6004 Gpc - ok 00:20:13.0953 6004 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 00:20:13.0953 6004 HdAudAddService - ok 00:20:13.0984 6004 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 00:20:13.0984 6004 HDAudBus - ok 00:20:14.0062 6004 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 00:20:14.0062 6004 helpsvc - ok 00:20:14.0093 6004 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll 00:20:14.0093 6004 HidServ - ok 00:20:14.0156 6004 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 00:20:14.0156 6004 hidusb - ok 00:20:14.0203 6004 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 00:20:14.0203 6004 hkmsvc - ok 00:20:14.0203 6004 hpn - ok 00:20:14.0218 6004 hpt3xx - ok 00:20:14.0265 6004 [ AEDB219413121F3AEFCE69E564239A53 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 00:20:14.0265 6004 HSFHWAZL - ok 00:20:14.0328 6004 [ 5E49B0DBE883F3473BC9916B5551859A ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 00:20:14.0328 6004 HSF_DPV - ok 00:20:14.0359 6004 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 00:20:14.0359 6004 HTTP - ok 00:20:14.0375 6004 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 00:20:14.0390 6004 HTTPFilter - ok 00:20:14.0437 6004 [ 4A77F036F7234ED24351AC486D2A29B9 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 00:20:14.0437 6004 hwdatacard - ok 00:20:14.0453 6004 i2omgmt - ok 00:20:14.0468 6004 i2omp - ok 00:20:14.0515 6004 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 00:20:14.0515 6004 i8042prt - ok 00:20:14.0593 6004 [ 4007984827E19E6A5B6FAF8532EAEFBA ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 00:20:14.0609 6004 ialm - ok 00:20:14.0718 6004 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe 00:20:14.0718 6004 IDriverT - ok 00:20:14.0828 6004 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:20:14.0843 6004 idsvc - ok 00:20:14.0890 6004 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 00:20:14.0890 6004 Imapi - ok 00:20:14.0953 6004 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe 00:20:14.0953 6004 ImapiService - ok 00:20:14.0968 6004 ini910u - ok 00:20:15.0156 6004 [ 8443479648F804445E9DAFEF0F219231 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 00:20:15.0187 6004 IntcAzAudAddService - ok 00:20:15.0203 6004 IntelIde - ok 00:20:15.0250 6004 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 00:20:15.0250 6004 intelppm - ok 00:20:15.0296 6004 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys 00:20:15.0296 6004 ip6fw - ok 00:20:15.0328 6004 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 00:20:15.0328 6004 IpFilterDriver - ok 00:20:15.0359 6004 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 00:20:15.0359 6004 IpInIp - ok 00:20:15.0390 6004 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 00:20:15.0390 6004 IpNat - ok 00:20:15.0406 6004 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 00:20:15.0406 6004 IPSec - ok 00:20:15.0437 6004 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 00:20:15.0437 6004 IRENUM - ok 00:20:15.0468 6004 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 00:20:15.0468 6004 isapnp - ok 00:20:15.0609 6004 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 00:20:15.0609 6004 JavaQuickStarterService - ok 00:20:15.0625 6004 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 00:20:15.0625 6004 Kbdclass - ok 00:20:15.0640 6004 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 00:20:15.0640 6004 kbdhid - ok 00:20:15.0671 6004 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 00:20:15.0671 6004 kmixer - ok 00:20:15.0703 6004 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 00:20:15.0703 6004 KSecDD - ok 00:20:15.0765 6004 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 00:20:15.0765 6004 lanmanserver - ok 00:20:15.0812 6004 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 00:20:15.0812 6004 lanmanworkstation - ok 00:20:15.0812 6004 lbrtfdc - ok 00:20:15.0859 6004 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 00:20:15.0859 6004 LmHosts - ok 00:20:15.0875 6004 LVRS - ok 00:20:15.0875 6004 LVUSBSta - ok 00:20:15.0890 6004 LVUVC - ok 00:20:15.0937 6004 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 00:20:15.0937 6004 mdmxsdk - ok 00:20:15.0984 6004 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 00:20:15.0984 6004 Messenger - ok 00:20:16.0015 6004 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 00:20:16.0015 6004 mnmdd - ok 00:20:16.0046 6004 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe 00:20:16.0046 6004 mnmsrvc - ok 00:20:16.0078 6004 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 00:20:16.0078 6004 Modem - ok 00:20:16.0093 6004 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 00:20:16.0093 6004 MODEMCSA - ok 00:20:16.0140 6004 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 00:20:16.0140 6004 Mouclass - ok 00:20:16.0156 6004 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 00:20:16.0156 6004 mouhid - ok 00:20:16.0187 6004 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 00:20:16.0187 6004 MountMgr - ok 00:20:16.0218 6004 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 00:20:16.0218 6004 MozillaMaintenance - ok 00:20:16.0250 6004 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys 00:20:16.0250 6004 MPE - ok 00:20:16.0265 6004 mraid35x - ok 00:20:16.0281 6004 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 00:20:16.0296 6004 MRxDAV - ok 00:20:16.0359 6004 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 00:20:16.0359 6004 MRxSmb - ok 00:20:16.0406 6004 MSCSPTISRV - ok 00:20:16.0453 6004 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe 00:20:16.0453 6004 MSDTC - ok 00:20:16.0468 6004 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 00:20:16.0468 6004 Msfs - ok 00:20:16.0468 6004 MSIServer - ok 00:20:16.0515 6004 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 00:20:16.0515 6004 MSKSSRV - ok 00:20:16.0546 6004 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 00:20:16.0546 6004 MSPCLOCK - ok 00:20:16.0546 6004 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 00:20:16.0546 6004 MSPQM - ok 00:20:16.0578 6004 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 00:20:16.0578 6004 mssmbios - ok 00:20:16.0609 6004 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 00:20:16.0609 6004 MSTEE - ok 00:20:16.0656 6004 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 00:20:16.0656 6004 Mup - ok 00:20:16.0687 6004 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 00:20:16.0687 6004 NABTSFEC - ok 00:20:16.0734 6004 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 00:20:16.0750 6004 napagent - ok 00:20:16.0750 6004 NAUpdate - ok 00:20:16.0781 6004 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 00:20:16.0781 6004 NDIS - ok 00:20:16.0812 6004 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 00:20:16.0812 6004 NdisIP - ok 00:20:16.0859 6004 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 00:20:16.0859 6004 NdisTapi - ok 00:20:16.0875 6004 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 00:20:16.0875 6004 Ndisuio - ok 00:20:16.0890 6004 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 00:20:16.0890 6004 NdisWan - ok 00:20:16.0921 6004 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 00:20:16.0921 6004 NDProxy - ok 00:20:16.0953 6004 [ 29C45722E20572B6440B57E3359E73EE ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys 00:20:16.0953 6004 Netaapl - ok 00:20:17.0000 6004 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 00:20:17.0000 6004 NetBIOS - ok 00:20:17.0031 6004 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 00:20:17.0031 6004 NetBT - ok 00:20:17.0078 6004 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 00:20:17.0078 6004 NetDDE - ok 00:20:17.0093 6004 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 00:20:17.0093 6004 NetDDEdsdm - ok 00:20:17.0140 6004 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe 00:20:17.0140 6004 Netlogon - ok 00:20:17.0171 6004 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 00:20:17.0187 6004 Netman - ok 00:20:17.0234 6004 [ 986ACDECE933131288F1957DC359865F ] NETMDUSB C:\WINDOWS\system32\Drivers\NETMDUSB.sys 00:20:17.0250 6004 NETMDUSB - ok 00:20:17.0296 6004 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:20:17.0296 6004 NetTcpPortSharing - ok 00:20:17.0343 6004 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 00:20:17.0359 6004 Nla - ok 00:20:17.0437 6004 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe 00:20:17.0453 6004 NMSAccess - ok 00:20:17.0484 6004 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys 00:20:17.0484 6004 nmwcd - ok 00:20:17.0531 6004 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys 00:20:17.0531 6004 nmwcdc - ok 00:20:17.0578 6004 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 00:20:17.0578 6004 Npfs - ok 00:20:17.0625 6004 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 00:20:17.0640 6004 Ntfs - ok 00:20:17.0656 6004 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe 00:20:17.0656 6004 NtLmSsp - ok 00:20:17.0718 6004 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 00:20:17.0734 6004 NtmsSvc - ok 00:20:17.0750 6004 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 00:20:17.0750 6004 Null - ok 00:20:17.0781 6004 [ 039E60681BB68FD38D18684FD6B9DB84 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 00:20:17.0796 6004 NWADI - ok 00:20:17.0828 6004 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 00:20:17.0828 6004 NwlnkFlt - ok 00:20:17.0843 6004 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 00:20:17.0843 6004 NwlnkFwd - ok 00:20:17.0875 6004 [ 1204A181AAE8D17BE8786EF8FB70A1C6 ] osaio C:\WINDOWS\system32\drivers\osaio.sys 00:20:17.0875 6004 osaio - ok 00:20:17.0890 6004 [ DDA8BAA7E1B99C6CBD9DCB7621FB727E ] osanbm C:\WINDOWS\system32\drivers\osanbm.sys 00:20:17.0890 6004 osanbm - ok 00:20:17.0953 6004 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 00:20:17.0953 6004 ose - ok 00:20:17.0968 6004 PACSPTISVR - ok 00:20:18.0015 6004 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys 00:20:18.0015 6004 Parport - ok 00:20:18.0031 6004 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 00:20:18.0031 6004 PartMgr - ok 00:20:18.0078 6004 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 00:20:18.0078 6004 ParVdm - ok 00:20:18.0078 6004 PCASp50 - ok 00:20:18.0109 6004 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 00:20:18.0125 6004 pccsmcfd - ok 00:20:18.0156 6004 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 00:20:18.0156 6004 PCI - ok 00:20:18.0156 6004 PCIDump - ok 00:20:18.0187 6004 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 00:20:18.0187 6004 PCIIde - ok 00:20:18.0203 6004 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 00:20:18.0203 6004 Pcmcia - ok 00:20:18.0250 6004 [ 02AAAFB7BA137CE5DDABCDF8090954D9 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys 00:20:18.0265 6004 pcouffin - ok 00:20:18.0265 6004 PDCOMP - ok 00:20:18.0281 6004 PDFRAME - ok 00:20:18.0281 6004 PDRELI - ok 00:20:18.0296 6004 PDRFRAME - ok 00:20:18.0296 6004 pepifilter - ok 00:20:18.0312 6004 perc2 - ok 00:20:18.0312 6004 perc2hib - ok 00:20:18.0406 6004 [ 5E6F9A50473780850D05BBEF856C7A76 ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS 00:20:18.0421 6004 PID_08A0 - ok 00:20:18.0453 6004 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 00:20:18.0453 6004 PlugPlay - ok 00:20:18.0468 6004 PNDIS5 - ok 00:20:18.0500 6004 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe 00:20:18.0500 6004 PolicyAgent - ok 00:20:18.0546 6004 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 00:20:18.0546 6004 PptpMiniport - ok 00:20:18.0562 6004 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 00:20:18.0562 6004 Processor - ok 00:20:18.0578 6004 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 00:20:18.0578 6004 ProtectedStorage - ok 00:20:18.0609 6004 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 00:20:18.0609 6004 PSched - ok 00:20:18.0640 6004 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 00:20:18.0640 6004 Ptilink - ok 00:20:18.0687 6004 [ DB3B30C3A4CDCF07E164C14584D9D0F2 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 00:20:18.0687 6004 PxHelp20 - ok 00:20:18.0703 6004 ql1080 - ok 00:20:18.0718 6004 Ql10wnt - ok 00:20:18.0718 6004 ql12160 - ok 00:20:18.0734 6004 ql1240 - ok 00:20:18.0734 6004 ql1280 - ok 00:20:18.0750 6004 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 00:20:18.0750 6004 RasAcd - ok 00:20:18.0781 6004 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 00:20:18.0796 6004 RasAuto - ok 00:20:18.0812 6004 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 00:20:18.0812 6004 Rasl2tp - ok 00:20:18.0859 6004 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 00:20:18.0875 6004 RasMan - ok 00:20:18.0875 6004 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 00:20:18.0890 6004 RasPppoe - ok 00:20:18.0890 6004 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 00:20:18.0890 6004 Raspti - ok 00:20:18.0921 6004 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 00:20:18.0921 6004 Rdbss - ok 00:20:18.0921 6004 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 00:20:18.0921 6004 RDPCDD - ok 00:20:18.0953 6004 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 00:20:18.0953 6004 rdpdr - ok 00:20:19.0015 6004 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 00:20:19.0015 6004 RDPWD - ok 00:20:19.0046 6004 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 00:20:19.0062 6004 RDSessMgr - ok 00:20:19.0078 6004 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 00:20:19.0078 6004 redbook - ok 00:20:19.0125 6004 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 00:20:19.0140 6004 RegSrvc - ok 00:20:19.0187 6004 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 00:20:19.0187 6004 RemoteAccess - ok 00:20:19.0234 6004 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 00:20:19.0234 6004 RemoteRegistry - ok 00:20:19.0281 6004 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe 00:20:19.0281 6004 RpcLocator - ok 00:20:19.0328 6004 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 00:20:19.0328 6004 RpcSs - ok 00:20:19.0375 6004 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe 00:20:19.0375 6004 RSVP - ok 00:20:19.0437 6004 [ CB20F16AFDBA63707FB971E0922EDEC1 ] RT73 C:\WINDOWS\system32\DRIVERS\Dr71WU.sys 00:20:19.0437 6004 RT73 - ok 00:20:19.0484 6004 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 00:20:19.0484 6004 RTL8023xp - ok 00:20:19.0531 6004 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 00:20:19.0531 6004 rtl8139 - ok 00:20:19.0625 6004 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 00:20:19.0656 6004 S24EventMonitor - ok 00:20:19.0671 6004 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys 00:20:19.0671 6004 s24trans - ok 00:20:19.0687 6004 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 00:20:19.0687 6004 SamSs - ok 00:20:19.0734 6004 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 00:20:19.0734 6004 SCardSvr - ok 00:20:19.0781 6004 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 00:20:19.0781 6004 Schedule - ok 00:20:19.0843 6004 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 00:20:19.0843 6004 Secdrv - ok 00:20:19.0875 6004 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 00:20:19.0875 6004 seclogon - ok 00:20:19.0875 6004 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 00:20:19.0890 6004 SENS - ok 00:20:19.0906 6004 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys 00:20:19.0906 6004 Serial - ok 00:20:20.0015 6004 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe 00:20:20.0031 6004 ServiceLayer - ok 00:20:20.0078 6004 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 00:20:20.0078 6004 Sfloppy - ok 00:20:20.0125 6004 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 00:20:20.0125 6004 SharedAccess - ok 00:20:20.0156 6004 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 00:20:20.0156 6004 ShellHWDetection - ok 00:20:20.0156 6004 Simbad - ok 00:20:20.0187 6004 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 00:20:20.0187 6004 SLIP - ok 00:20:20.0187 6004 Sparrow - ok 00:20:20.0218 6004 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 00:20:20.0218 6004 splitter - ok 00:20:20.0265 6004 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 00:20:20.0281 6004 Spooler - ok 00:20:20.0296 6004 SPTISRV - ok 00:20:20.0343 6004 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 00:20:20.0343 6004 sr - ok 00:20:20.0406 6004 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll 00:20:20.0406 6004 srservice - ok 00:20:20.0453 6004 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 00:20:20.0468 6004 Srv - ok 00:20:20.0484 6004 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 00:20:20.0484 6004 SSDPSRV - ok 00:20:20.0515 6004 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 00:20:20.0531 6004 ssmdrv - ok 00:20:20.0562 6004 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys 00:20:20.0562 6004 StarOpen - ok 00:20:20.0625 6004 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 00:20:20.0640 6004 stisvc - ok 00:20:20.0671 6004 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 00:20:20.0671 6004 streamip - ok 00:20:20.0687 6004 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 00:20:20.0687 6004 swenum - ok 00:20:20.0703 6004 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 00:20:20.0703 6004 swmidi - ok 00:20:20.0718 6004 SwPrv - ok 00:20:20.0734 6004 symc810 - ok 00:20:20.0734 6004 symc8xx - ok 00:20:20.0750 6004 sym_hi - ok 00:20:20.0750 6004 sym_u3 - ok 00:20:20.0796 6004 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 00:20:20.0796 6004 SynTP - ok 00:20:20.0828 6004 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 00:20:20.0828 6004 sysaudio - ok 00:20:20.0859 6004 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 00:20:20.0875 6004 SysmonLog - ok 00:20:20.0921 6004 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 00:20:20.0921 6004 TapiSrv - ok 00:20:20.0968 6004 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 00:20:20.0984 6004 Tcpip - ok 00:20:21.0015 6004 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 00:20:21.0015 6004 TDPIPE - ok 00:20:21.0031 6004 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 00:20:21.0046 6004 TDTCP - ok 00:20:21.0078 6004 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 00:20:21.0078 6004 TermDD - ok 00:20:21.0109 6004 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 00:20:21.0109 6004 TermService - ok 00:20:21.0140 6004 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 00:20:21.0156 6004 Themes - ok 00:20:21.0187 6004 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe 00:20:21.0187 6004 TlntSvr - ok 00:20:21.0203 6004 TosIde - ok 00:20:21.0234 6004 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 00:20:21.0234 6004 TrkWks - ok 00:20:21.0281 6004 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 00:20:21.0281 6004 Udfs - ok 00:20:21.0281 6004 ultra - ok 00:20:21.0343 6004 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 00:20:21.0343 6004 Update - ok 00:20:21.0390 6004 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 00:20:21.0406 6004 upnphost - ok 00:20:21.0453 6004 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 00:20:21.0453 6004 upperdev - ok 00:20:21.0484 6004 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 00:20:21.0484 6004 UPS - ok 00:20:21.0500 6004 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 00:20:21.0500 6004 USBAAPL - ok 00:20:21.0546 6004 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 00:20:21.0546 6004 usbaudio - ok 00:20:21.0593 6004 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 00:20:21.0593 6004 usbccgp - ok 00:20:21.0609 6004 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 00:20:21.0609 6004 usbehci - ok 00:20:21.0656 6004 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 00:20:21.0656 6004 usbhub - ok 00:20:21.0687 6004 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 00:20:21.0687 6004 usbohci - ok 00:20:21.0718 6004 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 00:20:21.0718 6004 usbprint - ok 00:20:21.0734 6004 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 00:20:21.0734 6004 usbscan - ok 00:20:21.0765 6004 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys 00:20:21.0765 6004 usbser - ok 00:20:21.0781 6004 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 00:20:21.0781 6004 UsbserFilt - ok 00:20:21.0796 6004 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 00:20:21.0812 6004 USBSTOR - ok 00:20:21.0828 6004 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 00:20:21.0828 6004 usbuhci - ok 00:20:21.0875 6004 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 00:20:21.0875 6004 usbvideo - ok 00:20:21.0890 6004 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 00:20:21.0890 6004 VgaSave - ok 00:20:21.0890 6004 ViaIde - ok 00:20:21.0937 6004 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 00:20:21.0953 6004 VolSnap - ok 00:20:22.0000 6004 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 00:20:22.0000 6004 VSS - ok 00:20:22.0125 6004 [ 9EE38FFCB4CBE5BEE6C305700DDC4725 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys 00:20:22.0156 6004 w29n51 - ok 00:20:22.0187 6004 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll 00:20:22.0187 6004 W32Time - ok 00:20:22.0218 6004 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 00:20:22.0218 6004 Wanarp - ok 00:20:22.0281 6004 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 00:20:22.0281 6004 wceusbsh - ok 00:20:22.0328 6004 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 00:20:22.0343 6004 Wdf01000 - ok 00:20:22.0343 6004 WDICA - ok 00:20:22.0375 6004 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 00:20:22.0390 6004 wdmaud - ok 00:20:22.0437 6004 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 00:20:22.0437 6004 WebClient - ok 00:20:22.0484 6004 [ 5134064DBD9156F2AE4A2090344BB418 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 00:20:22.0484 6004 winachsf - ok 00:20:22.0562 6004 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 00:20:22.0578 6004 winmgmt - ok 00:20:22.0625 6004 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 00:20:22.0625 6004 WmdmPmSN - ok 00:20:22.0703 6004 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 00:20:22.0718 6004 Wmi - ok 00:20:22.0750 6004 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe 00:20:22.0750 6004 WmiApSrv - ok 00:20:22.0859 6004 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 00:20:22.0875 6004 WMPNetworkSvc - ok 00:20:22.0906 6004 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys 00:20:22.0906 6004 WpdUsb - ok 00:20:22.0953 6004 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 00:20:22.0953 6004 WS2IFSL - ok 00:20:22.0984 6004 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 00:20:22.0984 6004 wscsvc - ok 00:20:23.0015 6004 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 00:20:23.0015 6004 WSTCODEC - ok 00:20:23.0062 6004 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 00:20:23.0062 6004 wuauserv - ok 00:20:23.0109 6004 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 00:20:23.0109 6004 WudfPf - ok 00:20:23.0140 6004 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 00:20:23.0140 6004 WudfRd - ok 00:20:23.0171 6004 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 00:20:23.0171 6004 WudfSvc - ok 00:20:23.0218 6004 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 00:20:23.0234 6004 WZCSVC - ok 00:20:23.0281 6004 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 00:20:23.0281 6004 xmlprov - ok 00:20:23.0296 6004 ================ Scan global =============================== 00:20:23.0343 6004 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 00:20:23.0406 6004 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 00:20:23.0421 6004 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 00:20:23.0437 6004 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 00:20:23.0453 6004 [Global] - ok 00:20:23.0453 6004 ================ Scan MBR ================================== 00:20:23.0468 6004 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 00:20:23.0671 6004 \Device\Harddisk0\DR0 - ok 00:20:23.0671 6004 ================ Scan VBR ================================== 00:20:23.0687 6004 [ E2400B20D491A94D9CBE5FBE0193838D ] \Device\Harddisk0\DR0\Partition1 00:20:23.0687 6004 \Device\Harddisk0\DR0\Partition1 - ok 00:20:23.0718 6004 [ A12D1121C522B1BD1E8332F14E5892CE ] \Device\Harddisk0\DR0\Partition2 00:20:23.0718 6004 \Device\Harddisk0\DR0\Partition2 - ok 00:20:23.0718 6004 ============================================================ 00:20:23.0718 6004 Scan finished 00:20:23.0718 6004 ============================================================ 00:20:23.0734 1548 Detected object count: 0 00:20:23.0734 1548 Actual detected object count: 0 00:20:54.0859 2556 Deinitialize success ______________________________ Gruss Ortwin |
|
28.11.2012, 10:38
| #6 | |
| /// TB-Ausbilder | Google redirectvirus entfernen Servus, tut mir Leid, aber so wird das nichts: Aus deinem Logfile: Zitat:
Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
28.11.2012, 11:04
| #7 |
| | Google redirectvirus entfernen Sorry Matthias, soweit ich weiss gibt es keine illegale Software auf meinem Laptop, ich jedenfalls habe keine draufgespielt...(allerdings wurde das Gerät vor ca.4 Jahren gebraucht gekauft...) Könntest du mir sagen, welche Software "illegal" ist ? Die originale XP-CD ist ja vorhanden, und sonst wüsste ich nichts.... Gruss Ortwin |
|
| Themen zu Google redirectvirus entfernen |
| blaue, ebenfalls, entferne, entfernen, ergebnisse, erschein, erscheint, forum, frage, google, hoffe, ihavent, irgendetwas, laufe, laufen, lösung, neues, nichts, problem, suchanfrage, suche, tagen, umgeleitet, virus, virus entfernen, win |
Textbox.
Linear-Darstellung
