Phishing-Mail gelesen ohne Link zu folgen

elico · 27.12.2012, 18:32

Hallo zusammen,

ich habe vor einigen Tagen dummerweise eine angeblich von Paypal stammende Mail geöffnet, dh gelesen. In dieser wurde ich aufgefordert auf einen Link zu klicken und meine Daten zu bestätigen. Dies habe ich nicht gemacht, die Mail auch umgehend gelöscht. Allerdings habe ich jetzt dennoch die Befürchtung, dass sich eine Malware allein über das Öffnen der Mail im System eingeschlichen haben könnte....

Habe jetzt mal das ein oder andere Programm drüber laufen lassen und unterschiedliche Ergebnisse erhalten (kein Fund, Warnung, Fund):

Anbei mal das Log von Malware:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.25.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: Admin [Administrator]

12/25/2012 10:43:23 PM
mbam-log-2012-12-25 (22-43-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351238
Laufzeit: 1 Stunde(n), 39 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Sowie das von Avira Antivir:

Code:

ATTFilter

 
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Wednesday, December 26, 2012  01:27

Es wird nach 4617707 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Microsoft Windows XP
Windowsversion : (Service Pack 3)  [5.1.2600]
Boot Modus     : Normal gebootet
Benutzername   : Admin
Computername   : Admin

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236    40872 Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 22:10:45
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 21:13:45
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 21:13:46
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 21:13:48
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 21:37:24
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 22:48:55
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 17:38:37
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 21:20:47
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 09:07:57
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 07:25:29
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 10:33:02
VBASE008.VDF   : 7.11.50.231     2048 Bytes  22.11.2012 10:33:02
VBASE009.VDF   : 7.11.50.232     2048 Bytes  22.11.2012 10:33:02
VBASE010.VDF   : 7.11.50.233     2048 Bytes  22.11.2012 10:33:02
VBASE011.VDF   : 7.11.50.234     2048 Bytes  22.11.2012 10:33:02
VBASE012.VDF   : 7.11.50.235     2048 Bytes  22.11.2012 10:33:02
VBASE013.VDF   : 7.11.50.236     2048 Bytes  22.11.2012 10:33:02
VBASE014.VDF   : 7.11.51.27    133632 Bytes  23.11.2012 16:27:56
VBASE015.VDF   : 7.11.51.95    140288 Bytes  26.11.2012 22:00:14
VBASE016.VDF   : 7.11.51.221   164352 Bytes  29.11.2012 22:13:32
VBASE017.VDF   : 7.11.52.29    158208 Bytes  01.12.2012 20:45:32
VBASE018.VDF   : 7.11.52.91    116736 Bytes  03.12.2012 20:45:33
VBASE019.VDF   : 7.11.52.151   137728 Bytes  05.12.2012 22:33:34
VBASE020.VDF   : 7.11.52.225   157696 Bytes  06.12.2012 09:33:34
VBASE021.VDF   : 7.11.53.35    126976 Bytes  08.12.2012 15:38:33
VBASE022.VDF   : 7.11.53.55    225792 Bytes  09.12.2012 15:38:34
VBASE023.VDF   : 7.11.53.93    157184 Bytes  10.12.2012 20:23:14
VBASE024.VDF   : 7.11.53.169   153088 Bytes  12.12.2012 09:35:09
VBASE025.VDF   : 7.11.53.237   152064 Bytes  14.12.2012 17:17:03
VBASE026.VDF   : 7.11.54.23    149504 Bytes  17.12.2012 17:17:03
VBASE027.VDF   : 7.11.54.67    130048 Bytes  18.12.2012 17:17:04
VBASE028.VDF   : 7.11.54.153   292352 Bytes  21.12.2012 17:17:05
VBASE029.VDF   : 7.11.54.154     2048 Bytes  21.12.2012 17:17:06
VBASE030.VDF   : 7.11.54.155     2048 Bytes  21.12.2012 17:17:06
VBASE031.VDF   : 7.11.54.208   157696 Bytes  25.12.2012 16:52:07
Engineversion  : 8.2.10.224
AEVDF.DLL      : 8.1.2.10      102772 Bytes  10.07.2012 21:08:25
AESCRIPT.DLL   : 8.1.4.78      467323 Bytes  22.12.2012 17:17:20
AESCN.DLL      : 8.1.10.0      131445 Bytes  14.12.2012 09:35:14
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 21:35:36
AERDL.DLL      : 8.2.0.74      643445 Bytes  07.11.2012 22:58:04
AEPACK.DLL     : 8.3.1.2       819574 Bytes  22.12.2012 17:17:18
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 22:07:24
AEHEUR.DLL     : 8.1.4.168    5628280 Bytes  22.12.2012 17:17:16
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 07:07:44
AEGEN.DLL      : 8.1.6.12      434549 Bytes  14.12.2012 09:35:11
AEEXP.DLL      : 8.3.0.4       184692 Bytes  22.12.2012 17:17:20
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 21:08:23
AECORE.DLL     : 8.1.30.0      201079 Bytes  14.12.2012 09:35:10
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 22:07:12
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 21:13:44
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 22:10:44
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 21:13:48
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 22:10:42
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 21:13:44
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 21:13:48
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  08.08.2012 08:55:41
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 21:13:46
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  08.08.2012 08:55:21
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 22:10:40

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\programme\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Wednesday, December 26, 2012  01:27

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\APN\Updater\homepageurl_lmd
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\APN\Updater\sa-enable_lmd
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\APN\Updater\sa-enable_lmd

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'rsmsink.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wscntfy.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'msdtc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'dllhost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Eee Docking.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SnoopFreeUI.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTHDCPL.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveUpdate.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsTray.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsEPCMon.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsAcpiSvr.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'alg.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiapsrv.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SnoopFreeSvc.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jqs.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50RP7.EXE' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50ST7.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'eEBSVC.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2533' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\temp\{C9DDF39F-D650-4ABD-B62A-ED54E53D2740}-23.0.1271.64_22.0.1229.94_chrome_updater.exe
  [WARNUNG]   Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\'


Ende des Suchlaufs: Wednesday, December 26, 2012  05:38
Benötigte Zeit:  4:10:53 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  10132 Verzeichnisse wurden überprüft
 459201 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 459201 Dateien ohne Befall
  10998 Archive wurden durchsucht
      1 Warnungen
      2 Hinweise
 498390 Objekte wurden beim Rootkitscan durchsucht
      3 Versteckte Objekte wurden gefunden

Und SuperAntiSpyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/27/2012 at 00:17 AM

Application Version : 5.6.1014

Core Rules Database Version : 9525
Trace Rules Database Version: 7337

Scan type       : Complete Scan
Total Scan Time : 02:47:03

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 590
Memory threats detected   : 0
Registry items scanned    : 38454
Registry threats detected : 0
File items scanned        : 157177
File threats detected     : 11

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\Admin\Cookies\H2LAY7G9.txt [ /counter-strike-2d.sd.softonic.de ]
	C:\Dokumente und Einstellungen\Admin\Cookies\7TOOKJYW.txt [ /apmebf.com ]
	C:\Dokumente und Einstellungen\Admin\Cookies\DTXSTZ6T.txt [ /fastclick.net ]
	C:\Dokumente und Einstellungen\Admin\Cookies\ZMF2L1KP.txt [ /2o7.net ]
	C:\Dokumente und Einstellungen\Admin\Cookies\RLPWIEUN.txt [ /accounts.google.com ]
	C:\Dokumente und Einstellungen\Admin\Cookies\OWO11E2V.txt [ /oracle.112.2o7.net ]
	C:\Dokumente und Einstellungen\Admin\Cookies\HEC46XJC.txt [ /mediaplex.com ]
	C:\Dokumente und Einstellungen\Admin\Cookies\26VFXUKN.txt [ /tracker.vinsight.de ]
	C:\DOKUMENTE UND EINSTELLUNGEN\Admin2\Cookies\JNU55TQJ.txt [ Cookie:Admin2@atdmt.com/ ]

Trojan.Agent/Gen-Sefnit
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{31977D89-4CE6-4C66-8D8E-4A9FA1DDE700}\RP354\A0127546.DLL

Trojan.Agent/Gen-DunDun
	C:\WINDOWS\$NTUNINSTALLKB939683$\UNREGMP2.EXE

Vielen Dank für Hilfe!

VG

markusg · 27.12.2012, 18:41

Hi
hatten noch andere Programme Funde, die benötige ich nämlich.
Wenn du mal wieder was an Spam reinbekommst, bitte zu uns für eine Analyse weiterleiten, wie das geht, steht in meiner Signatur.

elico · 27.12.2012, 19:50

Hallo Markus,

vielen Dank für deine schnelle Antwort.

Also ich habe noch drüber laufen lassen:

Hijack This und OTL. Allerdings bin ich mir hier nicht so richtig sicher, was das Ergebnis ist, da zumindest für mich als Laien kein Fazit ersichtlich ist....

Anbei mal die beiden Logs:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:05 AM, on 12/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\SUPERAntiSpyware\SASCORE.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Programme\Java\jre7\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
C:\Programme\EeePC\ACPI\AsEPCMon.exe
C:\Programme\EeePC\ACPI\AsTray.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\programme\real\realplayer\update\realsched.exe
C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\ASUS\Eee Docking\Eee Docking.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\programme\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe (User '?')
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Java\jre7\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender10\vsserv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13401 bytes

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12/26/2012 11:13:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
1015.17 Mb Total Physical Memory | 445.87 Mb Available Physical Memory | 43.92% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72.06 Gb Total Space | 20.38 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
 
Computer Name: Admin | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/10/04 15:10:08 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\programme\real\realplayer\update\realsched.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012/08/08 09:55:39 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012/06/21 17:18:03 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012/05/08 22:13:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 22:13:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 22:13:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/03 21:32:07 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/08/03 21:31:27 | 000,468,432 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/08/13 19:42:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\MsDtc
PRC - [2009/07/27 15:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/06/25 10:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/04/16 18:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 17:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 09:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 15:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/04/14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/21 17:18:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
MOD - [2012/05/08 22:13:48 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/27 15:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe
MOD - [2009/06/25 10:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
MOD - [2009/06/25 09:15:22 | 000,135,168 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Enumeration.dll
MOD - [2009/03/23 16:55:50 | 000,176,128 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Parser.dll
MOD - [2009/03/23 16:53:46 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\ClientSocket.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Running] --  -- (MSDTC)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/11 23:27:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 12:58:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2012/05/08 22:13:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 22:13:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/03 21:31:27 | 000,468,432 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AmUStor.SYS -- (AmUStor)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/21 17:18:02 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2012/05/08 22:13:48 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2012/05/08 22:13:48 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2011/08/03 21:22:47 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2011/08/03 21:22:22 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\acsmux.sys -- (acsmux)
DRV - [2011/08/03 21:22:22 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\acsint.sys -- (acsint)
DRV - [2010/10/31 22:42:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/10 20:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - [2009/04/27 12:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/03/13 22:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416)
DRV - [2009/03/13 15:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/02 06:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\l1c51x86.sys -- (L1c)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 09:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\uvclf.sys -- (uvclf)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys -- (AsusACPI)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes\{D6A1AF17-900D-4377-8B26-C201208135AB}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb&q={searchTerms}&r=46
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes\{DEF6B0B2-D41A-4996-9A71-219046C835B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B4E17EA4-26D5-4462-B3AF-E5281260BED8&apn_sauid=24584BE5-BCE7-466F-805E-706A3FBF4532
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=B4E17EA4-26D5-4462-B3AF-E5281260BED8&apn_ptnrs=&apn_sauid=24584BE5-BCE7-466F-805E-706A3FBF4532&apn_dtid=OSJ000&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/04 15:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/12/06 12:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/12/06 12:58:32 | 000,000,000 | ---D | M]
 
[2009/12/28 22:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2012/11/29 23:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions
[2012/11/29 23:26:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/14 19:27:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com
[2012/09/01 18:09:21 | 000,002,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mozilla\firefox\profiles\tzjvj5sr.default\searchplugins\askcom.xml
[2012/07/21 13:35:38 | 000,001,498 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mozilla\firefox\profiles\tzjvj5sr.default\searchplugins\zonealarm.xml
[2012/12/06 12:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/10/04 15:11:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/12/06 12:58:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/07/17 19:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/10/04 15:10:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2012/08/13 18:47:07 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 07:54:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/08/13 18:47:07 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/13 18:47:07 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/13 18:47:07 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/13 18:47:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/07/03 09:11:28 | 000,601,803 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 16149 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/26 10:57:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Spyware
[2012/12/13 12:07:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/06 12:58:19 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/26 11:26:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/26 11:04:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/12/26 10:33:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/25 22:38:32 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
[2012/12/25 22:38:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/25 22:38:13 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
[2012/12/25 22:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/25 22:36:52 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/25 17:46:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/13 16:13:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
[2012/12/13 12:23:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 21:37:21 | 000,003,772 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[44].pdf
[2012/12/08 22:14:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
[2012/12/03 23:43:57 | 000,025,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Download_AGB_15_08_2012.pdf
[2012/11/29 09:31:47 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[43].pdf
[2012/11/29 09:30:46 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[42].pdf
[2012/11/29 09:27:42 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[41].pdf
[2012/11/29 09:24:13 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[40].pdf
 
========== Files Created - No Company Name ==========
 
[2012/12/10 21:37:16 | 000,003,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[44].pdf
[2012/12/03 23:43:57 | 000,025,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Download_AGB_15_08_2012.pdf
[2012/11/29 09:31:45 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[43].pdf
[2012/11/29 09:30:45 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[42].pdf
[2012/11/29 09:27:39 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[41].pdf
[2012/11/29 09:24:07 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[40].pdf
[2012/08/04 17:15:56 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012/06/21 17:18:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2012/06/21 17:18:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2012/06/21 17:18:02 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2012/02/14 21:13:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/17 13:25:52 | 000,000,045 | RH-- | C] () -- C:\WINDOWS\gsc_user.dat
[2011/06/05 11:36:03 | 000,001,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\wklnhst.dat
[2010/03/26 17:15:43 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/28 21:29:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/08/14 10:46:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/09/01 17:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2012/07/21 13:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012/10/18 11:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2010/10/31 22:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010/02/03 00:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverCure
[2011/05/29 14:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/10/28 20:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/04/17 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eurowin
[2010/02/03 00:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ParetoLogic
[2009/08/14 10:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010/05/15 11:38:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012/11/01 16:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2011/11/07 22:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WD_SmartWareCommon
[2011/11/07 22:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Western Digital
[2011/06/28 20:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BitZipper
[2012/07/21 15:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CheckPoint
[2011/06/28 16:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2010/02/03 00:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DriverCure
[2012/07/28 09:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox
[2012/07/28 18:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\e-academy Inc
[2012/05/24 22:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2010/04/17 18:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\eurowin
[2010/10/09 20:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GARMIN
[2012/08/05 23:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gretl
[2012/08/04 12:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2010/10/17 17:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2012/08/04 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
[2012/12/06 11:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Publish or Perish
[2011/11/17 14:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Quantitative Micro Software
[2012/09/28 14:34:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SurveyStudio
[2011/06/05 11:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Template
[2011/11/07 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Western Digital
[2012/10/12 08:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YCanPDF
[2012/09/23 16:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Opera
[2012/03/31 17:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Western Digital
[2012/09/22 21:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Opera
[2011/11/14 19:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Western Digital
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010/05/15 11:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\SPSS
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/12/28 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
[2011/10/18 21:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2011/06/28 20:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BitZipper
[2012/07/21 15:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CheckPoint
[2011/06/28 16:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2010/03/14 19:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX
[2010/02/03 00:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DriverCure
[2012/07/28 09:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox
[2012/07/28 18:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\e-academy Inc
[2012/05/24 22:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2010/04/17 18:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\eurowin
[2010/10/09 20:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GARMIN
[2012/08/05 23:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gretl
[2012/08/04 12:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2011/09/24 22:16:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help
[2009/08/13 19:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities
[2009/08/14 10:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InstallShield
[2009/12/28 18:59:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia
[2012/06/22 14:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2012/10/05 11:57:36 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
[2009/12/28 22:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
[2010/10/17 17:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2012/08/04 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
[2012/12/06 11:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Publish or Perish
[2011/11/17 14:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Quantitative Micro Software
[2012/10/04 15:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real
[2012/10/02 22:02:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
[2011/08/24 23:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM
[2010/05/26 18:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun
[2012/09/28 14:34:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SurveyStudio
[2011/06/05 11:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Template
[2012/06/30 23:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc
[2011/11/07 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Western Digital
[2012/07/28 17:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinRAR
[2012/10/12 08:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YCanPDF
 
< %APPDATA%\*.exe /s >
[2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012/05/24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2010/05/26 17:31:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\setup3.10\setup.exe
[2011/01/29 14:54:23 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\setup3.13\setup.exe
[2012/09/30 11:39:50 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012/10/03 14:46:34 | 028,133,344 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_data\RealPlayer_de.exe
[2012/10/03 14:40:12 | 000,761,152 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/04/14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008/04/14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012/06/21 17:18:02 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys
[2010/10/31 22:42:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009/08/13 21:38:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/08/13 21:38:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/08/13 21:38:22 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

elico · 27.12.2012, 19:50

Hallo Markus,

vielen Dank für deine schnelle Antwort.

Also ich habe noch drüber laufen lassen:

Hijack This und OTL. Allerdings bin ich mir hier nicht so richtig sicher, was das Ergebnis ist, da zumindest für mich als Laien kein Fazit ersichtlich ist....

Anbei mal die beiden Logs:

Code:

ATTFilter

HiJackthis Logfile:

	Code: 

 ATTFilter

  
	Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:05 AM, on 12/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\SUPERAntiSpyware\SASCORE.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Programme\Java\jre7\bin\jqs.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
C:\Programme\EeePC\ACPI\AsEPCMon.exe
C:\Programme\EeePC\ACPI\AsTray.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Ask.com\Updater\Updater.exe
C:\programme\real\realplayer\update\realsched.exe
C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Programme\Softwin\BitDefender10\bdmcon.exe
C:\Programme\Softwin\BitDefender10\bdagent.exe
C:\Programme\ASUS\Eee Docking\Eee Docking.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Programme\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programme\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\programme\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe (User '?')
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup:  SuperHybridEngine.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Java\jre7\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender10\vsserv.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 13401 bytes
         
 --- --- ---


OTL Logfile:
 Code: 

 ATTFilter
 
 OTL logfile created on: 12/26/2012 11:13:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
1015.17 Mb Total Physical Memory | 445.87 Mb Available Physical Memory | 43.92% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72.06 Gb Total Space | 20.38 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
 
Computer Name: Admin | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/10/04 15:10:08 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\programme\real\realplayer\update\realsched.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012/08/08 09:55:39 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012/06/21 17:18:03 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012/05/08 22:13:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 22:13:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/05/08 22:13:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/03 21:32:07 | 000,523,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2011/08/03 21:31:27 | 000,468,432 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/08/13 19:42:54 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\MsDtc
PRC - [2009/07/27 15:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/06/25 10:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2009/04/16 18:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/04/16 17:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2009/03/25 09:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009/03/13 15:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2008/04/14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/21 17:18:03 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
MOD - [2012/05/08 22:13:48 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/07/27 15:58:38 | 000,397,312 | ---- | M] () -- C:\Programme\ASUS\Eee Docking\Eee Docking.exe
MOD - [2009/06/25 10:25:40 | 000,712,704 | ---- | M] () -- C:\Programme\Asus\LiveUpdate\LiveUpdate.exe
MOD - [2009/06/25 09:15:22 | 000,135,168 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Enumeration.dll
MOD - [2009/03/23 16:55:50 | 000,176,128 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\Parser.dll
MOD - [2009/03/23 16:53:46 | 000,106,496 | ---- | M] () -- C:\Programme\ASUS\LiveUpdate\ClientSocket.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Running] --  -- (MSDTC)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/11 23:27:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 12:58:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/21 17:18:02 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2012/05/08 22:13:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 22:13:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/03 21:31:27 | 000,468,432 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/08/17 10:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AmUStor.SYS -- (AmUStor)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/21 17:18:02 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2012/05/08 22:13:48 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2012/05/08 22:13:48 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/10/11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2011/08/03 21:22:47 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2011/08/03 21:22:22 | 000,046,480 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\acsmux.sys -- (acsmux)
DRV - [2011/08/03 21:22:22 | 000,036,624 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\acsint.sys -- (acsint)
DRV - [2010/10/31 22:42:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/10 20:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\RT2860.sys -- (RT80x86)
DRV - [2009/04/27 12:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/03/13 22:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\athw.sys -- (AR5416)
DRV - [2009/03/13 15:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/02 06:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\l1c51x86.sys -- (L1c)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2009/02/06 17:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/19 09:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\uvclf.sys -- (uvclf)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ASUSACPI.sys -- (AsusACPI)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes\{D6A1AF17-900D-4377-8B26-C201208135AB}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb&q={searchTerms}&r=46
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\SearchScopes\{DEF6B0B2-D41A-4996-9A71-219046C835B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B4E17EA4-26D5-4462-B3AF-E5281260BED8&apn_sauid=24584BE5-BCE7-466F-805E-706A3FBF4532
IE - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=B4E17EA4-26D5-4462-B3AF-E5281260BED8&apn_ptnrs=&apn_sauid=24584BE5-BCE7-466F-805E-706A3FBF4532&apn_dtid=OSJ000&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\programme\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/04 15:11:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/12/06 12:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/12/06 12:58:32 | 000,000,000 | ---D | M]
 
[2009/12/28 22:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2012/11/29 23:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions
[2012/11/29 23:26:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/14 19:27:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com
[2012/09/01 18:09:21 | 000,002,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mozilla\firefox\profiles\tzjvj5sr.default\searchplugins\askcom.xml
[2012/07/21 13:35:38 | 000,001,498 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\mozilla\firefox\profiles\tzjvj5sr.default\searchplugins\zonealarm.xml
[2012/12/06 12:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/10/04 15:11:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/12/06 12:58:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/07/17 19:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/10/04 15:10:23 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
[2012/08/13 18:47:07 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 07:54:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/08/13 18:47:07 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/13 18:47:07 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/13 18:47:07 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/13 18:47:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/07/03 09:11:28 | 000,601,803 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  csh.actiondesk.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 16149 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006..\Run: [Eee Docking] C:\Programme\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDDMStatus.lnk = C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WDSmartWare.lnk = C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/26 10:57:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Spyware
[2012/12/13 12:07:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/06 12:58:19 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/26 11:26:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/26 11:04:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/12/26 10:33:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/25 22:38:32 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
[2012/12/25 22:38:31 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/25 22:38:13 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
[2012/12/25 22:36:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/25 22:36:52 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/25 17:46:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/13 16:13:02 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
[2012/12/13 12:23:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/10 21:37:21 | 000,003,772 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[44].pdf
[2012/12/08 22:14:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
[2012/12/03 23:43:57 | 000,025,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Download_AGB_15_08_2012.pdf
[2012/11/29 09:31:47 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[43].pdf
[2012/11/29 09:30:46 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[42].pdf
[2012/11/29 09:27:42 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[41].pdf
[2012/11/29 09:24:13 | 000,003,532 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[40].pdf
 
========== Files Created - No Company Name ==========
 
[2012/12/10 21:37:16 | 000,003,772 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[44].pdf
[2012/12/03 23:43:57 | 000,025,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Download_AGB_15_08_2012.pdf
[2012/11/29 09:31:45 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[43].pdf
[2012/11/29 09:30:45 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[42].pdf
[2012/11/29 09:27:39 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[41].pdf
[2012/11/29 09:24:07 | 000,003,532 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Untitled[40].pdf
[2012/08/04 17:15:56 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2012/06/21 17:18:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2012/06/21 17:18:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SnoopFreeSvc.exe
[2012/06/21 17:18:02 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2012/02/14 21:13:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/17 13:25:52 | 000,000,045 | RH-- | C] () -- C:\WINDOWS\gsc_user.dat
[2011/06/05 11:36:03 | 000,001,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\wklnhst.dat
[2010/03/26 17:15:43 | 000,013,824 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/28 21:29:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2009/08/14 10:46:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/09/01 17:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
[2012/07/21 13:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012/10/18 11:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2010/10/31 22:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010/02/03 00:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DriverCure
[2011/05/29 14:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2011/10/28 20:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010/04/17 17:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eurowin
[2010/02/03 00:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ParetoLogic
[2009/08/14 10:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010/05/15 11:38:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012/11/01 16:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2011/11/07 22:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WD_SmartWareCommon
[2011/11/07 22:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Western Digital
[2011/06/28 20:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BitZipper
[2012/07/21 15:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CheckPoint
[2011/06/28 16:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2010/02/03 00:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DriverCure
[2012/07/28 09:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox
[2012/07/28 18:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\e-academy Inc
[2012/05/24 22:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2010/04/17 18:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\eurowin
[2010/10/09 20:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GARMIN
[2012/08/05 23:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gretl
[2012/08/04 12:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2010/10/17 17:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2012/08/04 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
[2012/12/06 11:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Publish or Perish
[2011/11/17 14:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Quantitative Micro Software
[2012/09/28 14:34:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SurveyStudio
[2011/06/05 11:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Template
[2011/11/07 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Western Digital
[2012/10/12 08:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YCanPDF
[2012/09/23 16:45:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Opera
[2012/03/31 17:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Western Digital
[2012/09/22 21:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Opera
[2011/11/14 19:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Western Digital
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010/05/15 11:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\SPSS
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/12/28 21:54:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
[2011/10/18 21:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2011/06/28 20:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\BitZipper
[2012/07/21 15:57:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CheckPoint
[2011/06/28 16:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2010/03/14 19:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX
[2010/02/03 00:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DriverCure
[2012/07/28 09:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox
[2012/07/28 18:05:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\e-academy Inc
[2012/05/24 22:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\elsterformular
[2010/04/17 18:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\eurowin
[2010/10/09 20:21:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\GARMIN
[2012/08/05 23:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gretl
[2012/08/04 12:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2011/09/24 22:16:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help
[2009/08/13 19:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities
[2009/08/14 10:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InstallShield
[2009/12/28 18:59:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia
[2012/06/22 14:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2012/10/05 11:57:36 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
[2009/12/28 22:33:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
[2010/10/17 17:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2012/08/04 15:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera
[2012/12/06 11:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Publish or Perish
[2011/11/17 14:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Quantitative Micro Software
[2012/10/04 15:12:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real
[2012/10/02 22:02:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
[2011/08/24 23:02:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM
[2010/05/26 18:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun
[2012/09/28 14:34:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SurveyStudio
[2011/06/05 11:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Template
[2012/06/30 23:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc
[2011/11/07 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Western Digital
[2012/07/28 17:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinRAR
[2012/10/12 08:41:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YCanPDF
 
< %APPDATA%\*.exe /s >
[2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012/05/24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_112D608FD02CD87FDC7735.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_30C8F0A9D59F1A9A11FFC4.exe
[2012/07/28 18:05:22 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}\_853F67D554F05449430E7E.exe
[2010/05/26 17:31:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\setup3.10\setup.exe
[2011/01/29 14:54:23 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\setup3.13\setup.exe
[2012/09/30 11:39:50 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012/10/03 14:46:34 | 028,133,344 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_data\RealPlayer_de.exe
[2012/10/03 14:40:12 | 000,761,152 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\I386\$OEM$\TEXTMODE\IASTOR.SYS
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\OemDir\iaStor.sys
[2008/09/12 06:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008/04/14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008/04/14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012/06/21 17:18:02 | 000,009,472 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SnopFree.sys
[2010/10/31 22:42:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009/08/13 21:38:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/08/13 21:38:22 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/08/13 21:38:22 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
 --- --- ---

markusg · 27.12.2012, 20:12

Hi
bitte HijackThis löschen, wird nicht mehr weiterentwickelt und sollte nicht mehr genutzt werden.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

elico · 27.12.2012, 20:17

Darüber hinaus habe ich noch eine 2. Datei vom OTL-Scan erhalten:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12/26/2012 11:13:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
1015.17 Mb Total Physical Memory | 445.87 Mb Available Physical Memory | 43.92% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72.06 Gb Total Space | 20.38 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
 
Computer Name: Admin | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Eurowin\MaxTax Standard\MAXTAX.exe" = C:\Programme\Eurowin\MaxTax Standard\MAXTAX.exe:*:Enabled:Maxtax -- (eurowin, Inc.)
"C:\Programme\Eurowin\MaxTax Standard\STMAXTAX.exe" = C:\Programme\Eurowin\MaxTax Standard\STMAXTAX.exe:*:Enabled:Stmaxtax -- (eurowin, Inc.)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SweetImSetup.exe" = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies Ltd.)
"C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE1F7BF-9B4B-44AB-9788-A9EBF9453F13}" = Harzing's Publish or Perish 3.8.2.4688
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69BD802-57A2-428F-9CA6-9C006E5F8DFA}" = Cisco AnyConnect Secure Mobility Client
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ElsterFormular 11.3.0.4235" = ElsterFormular
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"EPSON BX525WD Series" = Druckerdeinstallation für EPSON BX525WD Series
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Exavo SurveyStudio_is1" = Exavo SurveyStudio 5.0.0.379
"Google Chrome" = Google Chrome
"gretl_is1" = gretl version 1.9.6
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTStandard" = eurowin maxtax
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.02.1578" = Opera 12.02
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"RealPlayer 15.0" = RealPlayer
"R-Word Demo_is1" = R-Word Demo 1.2
"Simplyzip" = Simplyzip (remove only)
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tramo/seats_is1" = TRAMO/SEATS
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wooldridge data_is1" = Wooldridge data (4e)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x12a_is1" = X-12-ARIMA version 0.3 build 192
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/25/2012 12:47:05 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 12:47:09 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12/25/2012 12:48:13 PM | Computer Name = Admin | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 12/25/2012 1:03:11 PM | Computer Name = Admin | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 12/25/2012 1:03:11 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 1:03:14 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12/25/2012 1:05:48 PM | Computer Name = Admin | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung snoopfreeui.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001168b.
 
Error - 12/25/2012 5:37:47 PM | Computer Name = Admin | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 12/25/2012 5:37:47 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 5:37:53 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 997 (0x000003E5) Description:
 Überlappender E/A-Vorgang wird verarbeitet.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
 Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine 
weiteren Dateien vorhanden.   
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
[ System Events ]
Error - 12/6/2012 5:13:55 AM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.38 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 12/6/2012 12:17:45 PM | Computer Name = Admin | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Überlegungen weitere Einbeziehung Wissenschaftliche
 Projektmitarbeiter, im Besitz von Admin, konnte nicht auf dem Drucker Dell MFP
 Laser 3115cn PS gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
 in Bytes: 131072. Anzahl der gedruckten Bytes: 47200. Gesamtanzahl der Seiten des
 Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer: \\Admin. Vom Druckprozessor
 zurückgelieferter Win32-Fehlercode: 87 (0x57). 
 
Error - 12/6/2012 12:36:00 PM | Computer Name = Admin | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Überlegungen weitere Einbeziehung Wissenschaftliche
 Projektmitarbeiter, im Besitz von Admin, konnte nicht auf dem Drucker Dell MFP
 Laser 3115cn PS gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
 in Bytes: 131072. Anzahl der gedruckten Bytes: 47200. Gesamtanzahl der Seiten des
 Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer: \\Admin. Vom Druckprozessor
 zurückgelieferter Win32-Fehlercode: 87 (0x57). 
 
Error - 12/9/2012 7:37:34 PM | Computer Name = Admin | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0025D3900AA6 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 12/18/2012 11:48:33 AM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.33 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 192.1.0.1 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 12/18/2012 3:39:37 PM | Computer Name = Admin | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.1.0.185 über die 
  Netzwerkkarte mit der Netzwerkadresse 0025D3900AA6 ist verloren gegangen.
 
Error - 12/20/2012 11:53:59 AM | Computer Name = Admin | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 12/25/2012 12:46:44 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.33 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 12/25/2012 4:23:57 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 12/25/2012 5:37:18 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

Des Weiteren habe ich noch AdCleaner probiert auch scheinbar ohne Ergebnisse:

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 26/12/2012 um 21:25:53 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Admin - Admin
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\Spyware\Programme\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
Ordner Gefunden : C:\Programme\Ask.com
Ordner Gefunden : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4540 octets] - [16/07/2012 20:39:25]
AdwCleaner[R2].txt - [5622 octets] - [26/12/2012 21:25:53]
AdwCleaner[S1].txt - [4698 octets] - [18/07/2012 21:32:29]

########## EOF - C:\AdwCleaner[R2].txt - [5742 octets] ##########

Allerdings hat Spybot - Search & Destroy was gefunden:

Code:

ATTFilter

Search results from Spybot - Search & Destroy

12/27/2012 11:47:38 AM
Scan took 01:00:45.
193 items found.

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $4F6D874C]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\chrome.manifest
  Properties.size=300
  Properties.md5=C3B76F90E8B326ABC8671AD7D5F63781
  Properties.filedate=1313497526
  Properties.filedatetext=2011-08-16 13:25:26

Babylon.Toolbar: [SBI $A7584477]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\install.rdf
  Properties.size=885
  Properties.md5=E692D3A12058D4CBDD4A47A995FCA8F2
  Properties.filedate=1323621240
  Properties.filedatetext=2011-12-11 17:34:00

Babylon.Toolbar: [SBI $6362D76D]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\babylon.css
  Properties.size=2740
  Properties.md5=8473A23281D302880A9E6508321201BE
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $2DAD75DF]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\babylon.xul
  Properties.size=10941
  Properties.md5=97BF7CBF63DFFEEC117A1A7F788D71DA
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $71E86D4B]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\tmplt.js
  Properties.size=7698
  Properties.md5=AE6B7BB925F76C14E06CCE500EBBC8CA
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif
  Properties.size=52
  Properties.md5=2AA11FA4DCF0F03A0C8FB08170272566
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif
  Properties.size=1068
  Properties.md5=2A2DC1F7306AE44A3311FFF7A6FB2A7F
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif
  Properties.size=1060
  Properties.md5=D755D9075BC4E174ADC0277569B9FF0F
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif
  Properties.size=1048
  Properties.md5=88CF50E9F311DA3B28823F47EB8C556B
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif
  Properties.size=1068
  Properties.md5=42742D7E90C946ECF4F127F6E7C1ECCE
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $3756C165]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png
  Properties.size=4147
  Properties.md5=77E56C6C9C9FF61740A81CFBAFA4E3F9
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $3756C165]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG
  Properties.size=4129
  Properties.md5=B10371443E31CCF85E942F506DF66053
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $44E1AB05]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc
  Properties.size=608
  Properties.md5=9E8BDE304C8463C2EB5D90648C3B024A
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png
  Properties.size=1144
  Properties.md5=6EAF2387EBB3D038F6684457FC16BC44
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png
  Properties.size=462
  Properties.md5=77B2183AB10CD26EE4E79FDFC12B8621
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png
  Properties.size=472
  Properties.md5=A82FF00F39EFF54062328B4474C33DBC
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png
  Properties.size=472
  Properties.md5=A82FF00F39EFF54062328B4474C33DBC
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png
  Properties.size=476
  Properties.md5=815B6D2BF60A3179C0652F0B6895BCBB
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png
  Properties.size=545
  Properties.md5=DDABAE687ECAE5EDAAEB808D440543E6
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png
  Properties.size=465
  Properties.md5=09C48D3562F0DC51E2F9507704F6437F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png
  Properties.size=609
  Properties.md5=968591E0050981BE9FA94BD2597AFB48
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png
  Properties.size=469
  Properties.md5=D6693CE2A6346B2DA89CEDA335554E0A
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png
  Properties.size=545
  Properties.md5=C1CF1874C3305E5663547A48F6AD2D8C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png
  Properties.size=487
  Properties.md5=FD9B321B80BE31C027585C8992F1799F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png
  Properties.size=431
  Properties.md5=A135FCDEFE8A391B416BDB102476E12B
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png
  Properties.size=431
  Properties.md5=A135FCDEFE8A391B416BDB102476E12B
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png
  Properties.size=420
  Properties.md5=784F7EB333F0591558BCCE9616A3C105
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png
  Properties.size=420
  Properties.md5=10958397BC7C25C746E6E122365C003C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png
  Properties.size=420
  Properties.md5=10958397BC7C25C746E6E122365C003C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png
  Properties.size=453
  Properties.md5=6186550EBC77B1C51CD3AE37E78C33C1
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png
  Properties.size=512
  Properties.md5=559CE5BAAEE373DB8DA150A5066C1062
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png
  Properties.size=374
  Properties.md5=FAD0E96C20F20BE196499D26A6C74CD1
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png
  Properties.size=554
  Properties.md5=5B8AB69AC52129BD32A3927F1B94D170
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png
  Properties.size=495
  Properties.md5=D038C9C152C5E14F875C7B13AFCD4711
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png
  Properties.size=420
  Properties.md5=0D31EF75ADEF220E73F0CB93A84A7422
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png
  Properties.size=551
  Properties.md5=605884CEC6F446D418A092C0941ACAD5
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png
  Properties.size=542
  Properties.md5=4C01F06DB23324267E2802DCADE3572F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png
  Properties.size=501
  Properties.md5=C6C853766DFBAB2DDD225980D3012F5C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png
  Properties.size=492
  Properties.md5=31EA1F705854AD57C432845068BD05D3
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png
  Properties.size=446
  Properties.md5=7EF7A6F5DEF3A4117D5C2F08E37008FF
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png
  Properties.size=609
  Properties.md5=968591E0050981BE9FA94BD2597AFB48
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $0431BEB5]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db
  Properties.size=8192
  Properties.md5=E0F16B4A8A17BD79A17AB3F19BDF889A
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $140F37E8]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js
  Properties.size=4
  Properties.md5=CB492B7DF9B5C170D7C87527940EFF3B
  Properties.filedate=1313497522
  Properties.filedatetext=2011-08-16 13:25:22

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\admin.brightcove.com\analytics.sol
  Properties.size=441
  Properties.md5=ECF60037FB4C4DB297FCB5543A17D90F
  Properties.filedate=1349042676
  Properties.filedatetext=2012-09-30 23:04:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\admin.brightcove.com\brightcove-universal-volume.sol
  Properties.size=59
  Properties.md5=2FFA314CACB7DB2CA23266AAD81BC79D
  Properties.filedate=1347180873
  Properties.filedatetext=2012-09-09 09:54:33

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\effectivemeasure.net\EM_APP.sol
  Properties.size=100
  Properties.md5=0E5861386EC533A6F2FB9CE19E6A1B20
  Properties.filedate=1349042687
  Properties.filedatetext=2012-09-30 23:04:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\images-na.ssl-images-amazon.com\mercury.sol
  Properties.size=69
  Properties.md5=2C5E44D88F4CD580DFB1728F51B32B09
  Properties.filedate=1345150635
  Properties.filedatetext=2012-08-16 21:57:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\opf.ooyala.com\com.conviva.livePass.sol
  Properties.size=223
  Properties.md5=67C7F670E47DB8F6473F1B8A59E2ACA6
  Properties.filedate=1346425918
  Properties.filedatetext=2012-08-31 16:11:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\adsets.sol
  Properties.size=53
  Properties.md5=10DE7E235AC491F4F095C47FB2D400D7
  Properties.filedate=1346426207
  Properties.filedatetext=2012-08-31 16:16:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\auth.sol
  Properties.size=70
  Properties.md5=6544E59138525077585DB3CD9A6963E7
  Properties.filedate=1344176615
  Properties.filedatetext=2012-08-05 15:23:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\auth2.sol
  Properties.size=354
  Properties.md5=FCDC5AF92E83C43CEFAD5F072F4760E1
  Properties.filedate=1346426381
  Properties.filedatetext=2012-08-31 16:19:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\perf.sol
  Properties.size=125
  Properties.md5=9DEA47D1136C48DD9F6CD1E3FC2CBEED
  Properties.filedate=1346426376
  Properties.filedatetext=2012-08-31 16:19:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\s.ytimg.com\soundData.sol
  Properties.size=49
  Properties.md5=3C3E0C70DEC1FD4A7976FCEEC895355F
  Properties.filedate=1349516226
  Properties.filedatetext=2012-10-06 10:37:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\s.ytimg.com\videostats.sol
  Properties.size=275
  Properties.md5=A54814F2451DB0E082AEA8281186AE4D
  Properties.filedate=1350069230
  Properties.filedatetext=2012-10-12 20:13:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\siylvi.de\analytics.sol
  Properties.size=503
  Properties.md5=FB6DCB8546860AD143BA862D28EC1D9F
  Properties.filedate=1346606457
  Properties.filedatetext=2012-09-02 18:20:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.dws.de\sliderCookie.sol
  Properties.size=76
  Properties.md5=544D146C4794242E518BDF2C07A6FE79
  Properties.filedate=1344501204
  Properties.filedatetext=2012-08-09 09:33:24

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.hyundai.de\hyundai_home_v1.sol
  Properties.size=118
  Properties.md5=65737878AD9A80AF5E3CC5C1EC561F74
  Properties.filedate=1345368888
  Properties.filedatetext=2012-08-19 10:34:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.tagesschau.de\com.jeroenwijering.sol
  Properties.size=50
  Properties.md5=AAA05E22855582C18887B13C4F1B0C89
  Properties.filedate=1348516581
  Properties.filedatetext=2012-09-24 20:56:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.zdf.de\com.conviva.livePass.sol
  Properties.size=225
  Properties.md5=CEB6DCED1A26E691B6D6EB9CDE5C3864
  Properties.filedate=1350069362
  Properties.filedatetext=2012-10-12 20:16:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\AYLGMMF3\airberlin.com\newsletter-reg.sol
  Properties.size=99
  Properties.md5=CA48FD886BA995CE9E929D4280A9DCD7
  Properties.filedate=1348346170
  Properties.filedatetext=2012-09-22 21:36:10

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\bree.com\slideshow.swf\bree_sl_2.sol
  Properties.size=48
  Properties.md5=9B555873A670DE4FE792A7CA44C9431E
  Properties.filedate=1345145079
  Properties.filedatetext=2012-08-16 20:24:38

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\maps-4-u.com\lso.swf\e.sol
  Properties.size=45
  Properties.md5=97365BE18D2A63F0330DE83C5CE02FEB
  Properties.filedate=1346449232
  Properties.filedatetext=2012-08-31 22:40:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\skype.com\#ui\preferences.sol
  Properties.size=234
  Properties.md5=B664D85B8558F09DB3FA15ECB9B348A5
  Properties.filedate=1349206113
  Properties.filedatetext=2012-10-02 20:28:33

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.avira.com\#kernelteam\preferences.sol
  Properties.size=91
  Properties.md5=FE7A4158F7F2AF9EA0ACE77731BFB8A3
  Properties.filedate=1349130364
  Properties.filedatetext=2012-10-01 23:26:04

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\olympia.ard.de\flash\OSMFPlayer.swf\HDCore.sol
  Properties.size=42
  Properties.md5=A321738F8BED2B4B6E40531701E93065
  Properties.filedate=1344373366
  Properties.filedatetext=2012-08-07 22:02:45

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\opf.ooyala.com\3rdparty\bloomberg_ui_module_005.swf\bloomberg-player.sol
  Properties.size=66
  Properties.md5=8A0F9C8955FE05598EEFD5185613E07A
  Properties.filedate=1344176618
  Properties.filedatetext=2012-08-05 15:23:38

Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: PE_C_ALL USERS (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: PE_C_ALL USERS (default)) (Browser: Cookie, nothing done)
  

Common Dialogs: [SBI $8E73A7FB] History  (195 files) (Registry Key, nothing done)
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: [SBI $8E73A7FB]  Activity: COM+.log (File, nothing done)
  C:\WINDOWS\COM+.log
  Properties.size=1450
  Properties.md5=E9C0E93A9EB8064E10D6445FA1125171
  Properties.filedate=1250245272
  Properties.filedatetext=2009-08-14 11:21:11

Log: [SBI $8E73A7FB]  Activity: SchedLgU.Txt (File, nothing done)
  C:\WINDOWS\SchedLgU.Txt
  Properties.size=32412
  Properties.md5=90AA19D37F37BBB30439A8948A83979E
  Properties.filedate=1356599544
  Properties.filedatetext=2012-12-27 10:12:23

Log: [SBI $8E73A7FB]  Activity: imsins.log (File, nothing done)
  C:\WINDOWS\imsins.log
  Properties.size=1393
  Properties.md5=361964AC9A1E17AD46AD663700B9C616
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:12

Log: [SBI $8E73A7FB]  Activity: OEWABLog.txt (File, nothing done)
  C:\WINDOWS\OEWABLog.txt
  Properties.size=1519
  Properties.md5=4B43CD5BC3B35CB57702BC5A179C931A
  Properties.filedate=1262032160
  Properties.filedatetext=2009-12-28 21:29:19

Log: [SBI $8E73A7FB]  Install: comsetup.log (File, nothing done)
  C:\WINDOWS\comsetup.log
  Properties.size=602552
  Properties.md5=5CEEB082CECCB7CF0F22CCD6C1D0BB66
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:12

Log: [SBI $8E73A7FB]  Install: Directx.log (File, nothing done)
  C:\WINDOWS\Directx.log
  Properties.size=30080
  Properties.md5=FC07309D739D83FA83434ADEA50DD68E
  Properties.filedate=1250244444
  Properties.filedatetext=2009-08-14 11:07:23

Log: [SBI $8E73A7FB]  Install: ocgen.log (File, nothing done)
  C:\WINDOWS\ocgen.log
  Properties.size=854229
  Properties.md5=6BFE24E0DD4A186365C48E470C0F09A7
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:11

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\WINDOWS\setupact.log
  Properties.size=222614
  Properties.md5=F7E6DDD235262382AA906BC3450D4300
  Properties.filedate=1352967705
  Properties.filedatetext=2012-11-15 09:21:45

Log: [SBI $8E73A7FB]  Install: setupapi.log (File, nothing done)
  C:\WINDOWS\setupapi.log
  Properties.size=449571
  Properties.md5=6220238B0EA4AC07B7D8757BF637B960
  Properties.filedate=1356455351
  Properties.filedatetext=2012-12-25 18:09:10

Log: [SBI $8E73A7FB]  Install: setuplog.txt (File, nothing done)
  C:\WINDOWS\setuplog.txt
  Properties.size=925889
  Properties.md5=2F1CBE4BACD21773A82F52A98D822F09
  Properties.filedate=1262032114
  Properties.filedatetext=2009-12-28 21:28:34

Log: [SBI $8E73A7FB]  Install: wmsetup.log (File, nothing done)
  C:\WINDOWS\wmsetup.log
  Properties.size=39858
  Properties.md5=17FD2367C0E8F7000BF4122819119975
  Properties.filedate=1304771600
  Properties.filedatetext=2011-05-07 13:33:19

Log: [SBI $8E73A7FB]  Install: DtcInstall.log (File, nothing done)
  C:\WINDOWS\DtcInstall.log
  Properties.size=646
  Properties.md5=95AF8FF991A1DF4461016664022141E3
  Properties.filedate=1262031867
  Properties.filedatetext=2009-12-28 21:24:26

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\mofcomp.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\mofcomp.log
  Properties.size=32068
  Properties.md5=9CAA04BBAFF5148764D3ED338496DB76
  Properties.filedate=1353085913
  Properties.filedatetext=2012-11-16 18:11:52

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\setup.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\setup.log
  Properties.size=4889
  Properties.md5=38B9CAFC870B833096F52AB18932E035
  Properties.filedate=1250188972
  Properties.filedatetext=2009-08-13 19:42:52

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemcore.log
  Properties.size=57285
  Properties.md5=835B7379247820D353689F06D34B3DFB
  Properties.filedate=1356599636
  Properties.filedatetext=2012-12-27 10:13:55

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemess.lo_ (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemess.lo_
  Properties.size=65567
  Properties.md5=DD91236A463B5A571685299275C5D8F9
  Properties.filedate=1316635147
  Properties.filedatetext=2011-09-21 20:59:07

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemess.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemess.log
  Properties.size=20786
  Properties.md5=FE325C0FA4CA62E95796F088DA96C57B
  Properties.filedate=1316700741
  Properties.filedatetext=2011-09-22 15:12:21

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemprox.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemprox.log
  Properties.size=32028
  Properties.md5=C0330D46F66F7BA361837BEFBED6426E
  Properties.filedate=1356605159
  Properties.filedatetext=2012-12-27 11:45:58

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\winmgmt.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\winmgmt.log
  Properties.size=279
  Properties.md5=C7CB50E952692ECED93C938C21E3EF7F
  Properties.filedate=1281779597
  Properties.filedatetext=2010-08-14 10:53:16

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wmiadap.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wmiadap.log
  Properties.size=4018
  Properties.md5=3F4CAE0CF7051D625FC793D3E731F0B8
  Properties.filedate=1353085971
  Properties.filedatetext=2012-11-16 18:12:51

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wmiprov.log
  Properties.size=61903
  Properties.md5=38F0C0BDDB8D78DA72657773700EC1E8
  Properties.filedate=1319878968
  Properties.filedatetext=2011-10-29 10:02:47

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\PowerPoint\Recent File List

MS Office 11.0 (PowerPoint): [SBI $81078145] Recent animation list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\PowerPoint\RecentAnimationList

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\PowerPoint\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Word\File MRU

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $8390E60B] Network map history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\ArcHistory

WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (59) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (323) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (294) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (82) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (33) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (51) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (16) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (39) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1525) (Browser: Cookie, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (123) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-27 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2012-12-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-18 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-19 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2012-12-11 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-18 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)

So mehr habe ich noch nicht laufen lassen.

Was soll ich denn noch durchlaufen lassen?

Danke für den Hinweis mit den Mails, bei der nächsten leite ich sie weiter....

Vielen Dank!

VG

elico · 27.12.2012, 20:18

Darüber hinaus habe ich noch eine 2. Datei vom OTL-Scan erhalten:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12/26/2012 11:13:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
1015.17 Mb Total Physical Memory | 445.87 Mb Available Physical Memory | 43.92% Memory free
2.38 Gb Paging File | 1.81 Gb Available in Paging File | 75.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72.06 Gb Total Space | 20.38 Gb Free Space | 28.28% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.98 Gb Free Space | 99.89% Space Free | Partition Type: NTFS
 
Computer Name: Admin | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Eurowin\MaxTax Standard\MAXTAX.exe" = C:\Programme\Eurowin\MaxTax Standard\MAXTAX.exe:*:Enabled:Maxtax -- (eurowin, Inc.)
"C:\Programme\Eurowin\MaxTax Standard\STMAXTAX.exe" = C:\Programme\Eurowin\MaxTax Standard\STMAXTAX.exe:*:Enabled:Stmaxtax -- (eurowin, Inc.)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SweetImSetup.exe" = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies Ltd.)
"C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE1F7BF-9B4B-44AB-9788-A9EBF9453F13}" = Harzing's Publish or Perish 3.8.2.4688
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69BD802-57A2-428F-9CA6-9C006E5F8DFA}" = Cisco AnyConnect Secure Mobility Client
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Eee Docking_is1" = Eee Docking 1.3.6.0
"ElsterFormular 11.3.0.4235" = ElsterFormular
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"EPSON BX525WD Series" = Druckerdeinstallation für EPSON BX525WD Series
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Exavo SurveyStudio_is1" = Exavo SurveyStudio 5.0.0.379
"Google Chrome" = Google Chrome
"gretl_is1" = gretl version 1.9.6
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTStandard" = eurowin maxtax
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.02.1578" = Opera 12.02
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"RealPlayer 15.0" = RealPlayer
"R-Word Demo_is1" = R-Word Demo 1.2
"Simplyzip" = Simplyzip (remove only)
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"SopCast" = SopCast 3.2.9
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"tramo/seats_is1" = TRAMO/SEATS
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wooldridge data_is1" = Wooldridge data (4e)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x12a_is1" = X-12-ARIMA version 0.3 build 192
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/25/2012 12:47:05 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 12:47:09 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12/25/2012 12:48:13 PM | Computer Name = Admin | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 12/25/2012 1:03:11 PM | Computer Name = Admin | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 12/25/2012 1:03:11 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 1:03:14 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 12/25/2012 1:05:48 PM | Computer Name = Admin | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung snoopfreeui.exe, Version 1.0.0.0, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x0001168b.
 
Error - 12/25/2012 5:37:47 PM | Computer Name = Admin | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
 hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
 oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
 
Error - 12/25/2012 5:37:47 PM | Computer Name = Admin | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
 
Error - 12/25/2012 5:37:53 PM | Computer Name = Admin | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 997 (0x000003E5) Description:
 Überlappender E/A-Vorgang wird verarbeitet.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 11/17/2012 8:00:28 PM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
 Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine 
weiteren Dateien vorhanden.   
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 11/18/2012 9:10:18 AM | Computer Name = Admin | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR30.459670239829\DaVinci_MR3\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
[ System Events ]
Error - 12/6/2012 5:13:55 AM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.38 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 12/6/2012 12:17:45 PM | Computer Name = Admin | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Überlegungen weitere Einbeziehung Wissenschaftliche
 Projektmitarbeiter, im Besitz von Admin, konnte nicht auf dem Drucker Dell MFP
 Laser 3115cn PS gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
 in Bytes: 131072. Anzahl der gedruckten Bytes: 47200. Gesamtanzahl der Seiten des
 Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer: \\Admin. Vom Druckprozessor
 zurückgelieferter Win32-Fehlercode: 87 (0x57). 
 
Error - 12/6/2012 12:36:00 PM | Computer Name = Admin | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Überlegungen weitere Einbeziehung Wissenschaftliche
 Projektmitarbeiter, im Besitz von Admin, konnte nicht auf dem Drucker Dell MFP
 Laser 3115cn PS gedruckt werden. Datentyp: NT EMF 1.008. Größe der Warteschlangendatei
 in Bytes: 131072. Anzahl der gedruckten Bytes: 47200. Gesamtanzahl der Seiten des
 Dokuments: 1. Anzahl der gedruckten Seiten: 1. Clientcomputer: \\Admin. Vom Druckprozessor
 zurückgelieferter Win32-Fehlercode: 87 (0x57). 
 
Error - 12/9/2012 7:37:34 PM | Computer Name = Admin | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0025D3900AA6 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:   %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 12/18/2012 11:48:33 AM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.33 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 192.1.0.1 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 12/18/2012 3:39:37 PM | Computer Name = Admin | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.1.0.185 über die 
  Netzwerkkarte mit der Netzwerkadresse 0025D3900AA6 ist verloren gegangen.
 
Error - 12/20/2012 11:53:59 AM | Computer Name = Admin | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 12/25/2012 12:46:44 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.33 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 12/25/2012 4:23:57 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 12/25/2012 5:37:18 PM | Computer Name = Admin | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 0025D3900AA6 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

[/code]

Des Weiteren habe ich noch AdCleaner probiert auch scheinbar ohne Ergebnisse:

Code:

ATTFilter

# AdwCleaner v2.103 - Datei am 26/12/2012 um 21:25:53 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Admin - Admin
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\Spyware\Programme\adwcleaner(1).exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
Ordner Gefunden : C:\Programme\Ask.com
Ordner Gefunden : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{62369F2F77534556AEF4C58152E3BDE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Opera v12.2.1578.0

Datei : C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4540 octets] - [16/07/2012 20:39:25]
AdwCleaner[R2].txt - [5622 octets] - [26/12/2012 21:25:53]
AdwCleaner[S1].txt - [4698 octets] - [18/07/2012 21:32:29]

########## EOF - C:\AdwCleaner[R2].txt - [5742 octets] ##########

Allerdings hat Spybot - Search & Destroy was gefunden:

Code:

ATTFilter

Search results from Spybot - Search & Destroy

12/27/2012 11:47:38 AM
Scan took 01:00:45.
193 items found.

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $4F6D874C]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\chrome.manifest
  Properties.size=300
  Properties.md5=C3B76F90E8B326ABC8671AD7D5F63781
  Properties.filedate=1313497526
  Properties.filedatetext=2011-08-16 13:25:26

Babylon.Toolbar: [SBI $A7584477]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\install.rdf
  Properties.size=885
  Properties.md5=E692D3A12058D4CBDD4A47A995FCA8F2
  Properties.filedate=1323621240
  Properties.filedatetext=2011-12-11 17:34:00

Babylon.Toolbar: [SBI $6362D76D]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\babylon.css
  Properties.size=2740
  Properties.md5=8473A23281D302880A9E6508321201BE
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $2DAD75DF]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\babylon.xul
  Properties.size=10941
  Properties.md5=97BF7CBF63DFFEEC117A1A7F788D71DA
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $71E86D4B]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\tmplt.js
  Properties.size=7698
  Properties.md5=AE6B7BB925F76C14E06CCE500EBBC8CA
  Properties.filedate=1313502912
  Properties.filedatetext=2011-08-16 14:55:12

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif
  Properties.size=52
  Properties.md5=2AA11FA4DCF0F03A0C8FB08170272566
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif
  Properties.size=1068
  Properties.md5=2A2DC1F7306AE44A3311FFF7A6FB2A7F
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif
  Properties.size=1060
  Properties.md5=D755D9075BC4E174ADC0277569B9FF0F
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif
  Properties.size=1048
  Properties.md5=88CF50E9F311DA3B28823F47EB8C556B
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $C53C6D80]  Picture (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif
  Properties.size=1068
  Properties.md5=42742D7E90C946ECF4F127F6E7C1ECCE
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $3756C165]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png
  Properties.size=4147
  Properties.md5=77E56C6C9C9FF61740A81CFBAFA4E3F9
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $3756C165]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG
  Properties.size=4129
  Properties.md5=B10371443E31CCF85E942F506DF66053
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $44E1AB05]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc
  Properties.size=608
  Properties.md5=9E8BDE304C8463C2EB5D90648C3B024A
  Properties.filedate=1317115594
  Properties.filedatetext=2011-09-27 10:26:34

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png
  Properties.size=1144
  Properties.md5=6EAF2387EBB3D038F6684457FC16BC44
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png
  Properties.size=462
  Properties.md5=77B2183AB10CD26EE4E79FDFC12B8621
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png
  Properties.size=472
  Properties.md5=A82FF00F39EFF54062328B4474C33DBC
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png
  Properties.size=472
  Properties.md5=A82FF00F39EFF54062328B4474C33DBC
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png
  Properties.size=476
  Properties.md5=815B6D2BF60A3179C0652F0B6895BCBB
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png
  Properties.size=545
  Properties.md5=DDABAE687ECAE5EDAAEB808D440543E6
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png
  Properties.size=465
  Properties.md5=09C48D3562F0DC51E2F9507704F6437F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png
  Properties.size=609
  Properties.md5=968591E0050981BE9FA94BD2597AFB48
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png
  Properties.size=469
  Properties.md5=D6693CE2A6346B2DA89CEDA335554E0A
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png
  Properties.size=545
  Properties.md5=C1CF1874C3305E5663547A48F6AD2D8C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png
  Properties.size=487
  Properties.md5=FD9B321B80BE31C027585C8992F1799F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png
  Properties.size=431
  Properties.md5=A135FCDEFE8A391B416BDB102476E12B
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png
  Properties.size=431
  Properties.md5=A135FCDEFE8A391B416BDB102476E12B
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png
  Properties.size=420
  Properties.md5=784F7EB333F0591558BCCE9616A3C105
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png
  Properties.size=420
  Properties.md5=10958397BC7C25C746E6E122365C003C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png
  Properties.size=420
  Properties.md5=10958397BC7C25C746E6E122365C003C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png
  Properties.size=453
  Properties.md5=6186550EBC77B1C51CD3AE37E78C33C1
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png
  Properties.size=512
  Properties.md5=559CE5BAAEE373DB8DA150A5066C1062
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png
  Properties.size=374
  Properties.md5=FAD0E96C20F20BE196499D26A6C74CD1
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png
  Properties.size=554
  Properties.md5=5B8AB69AC52129BD32A3927F1B94D170
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png
  Properties.size=495
  Properties.md5=D038C9C152C5E14F875C7B13AFCD4711
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png
  Properties.size=420
  Properties.md5=0D31EF75ADEF220E73F0CB93A84A7422
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png
  Properties.size=551
  Properties.md5=605884CEC6F446D418A092C0941ACAD5
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png
  Properties.size=542
  Properties.md5=4C01F06DB23324267E2802DCADE3572F
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png
  Properties.size=501
  Properties.md5=C6C853766DFBAB2DDD225980D3012F5C
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png
  Properties.size=492
  Properties.md5=31EA1F705854AD57C432845068BD05D3
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png
  Properties.size=446
  Properties.md5=7EF7A6F5DEF3A4117D5C2F08E37008FF
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $26593B10]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png
  Properties.size=609
  Properties.md5=968591E0050981BE9FA94BD2597AFB48
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $0431BEB5]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db
  Properties.size=8192
  Properties.md5=E0F16B4A8A17BD79A17AB3F19BDF889A
  Properties.filedate=1313497524
  Properties.filedatetext=2011-08-16 13:25:24

Babylon.Toolbar: [SBI $140F37E8]  Data (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js
  Properties.size=4
  Properties.md5=CB492B7DF9B5C170D7C87527940EFF3B
  Properties.filedate=1313497522
  Properties.filedatetext=2011-08-16 13:25:22

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Settings (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\admin.brightcove.com\analytics.sol
  Properties.size=441
  Properties.md5=ECF60037FB4C4DB297FCB5543A17D90F
  Properties.filedate=1349042676
  Properties.filedatetext=2012-09-30 23:04:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\admin.brightcove.com\brightcove-universal-volume.sol
  Properties.size=59
  Properties.md5=2FFA314CACB7DB2CA23266AAD81BC79D
  Properties.filedate=1347180873
  Properties.filedatetext=2012-09-09 09:54:33

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\effectivemeasure.net\EM_APP.sol
  Properties.size=100
  Properties.md5=0E5861386EC533A6F2FB9CE19E6A1B20
  Properties.filedate=1349042687
  Properties.filedatetext=2012-09-30 23:04:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\images-na.ssl-images-amazon.com\mercury.sol
  Properties.size=69
  Properties.md5=2C5E44D88F4CD580DFB1728F51B32B09
  Properties.filedate=1345150635
  Properties.filedatetext=2012-08-16 21:57:14

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\opf.ooyala.com\com.conviva.livePass.sol
  Properties.size=223
  Properties.md5=67C7F670E47DB8F6473F1B8A59E2ACA6
  Properties.filedate=1346425918
  Properties.filedatetext=2012-08-31 16:11:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\adsets.sol
  Properties.size=53
  Properties.md5=10DE7E235AC491F4F095C47FB2D400D7
  Properties.filedate=1346426207
  Properties.filedatetext=2012-08-31 16:16:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\auth.sol
  Properties.size=70
  Properties.md5=6544E59138525077585DB3CD9A6963E7
  Properties.filedate=1344176615
  Properties.filedatetext=2012-08-05 15:23:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\auth2.sol
  Properties.size=354
  Properties.md5=FCDC5AF92E83C43CEFAD5F072F4760E1
  Properties.filedate=1346426381
  Properties.filedatetext=2012-08-31 16:19:41

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\player.ooyala.com\perf.sol
  Properties.size=125
  Properties.md5=9DEA47D1136C48DD9F6CD1E3FC2CBEED
  Properties.filedate=1346426376
  Properties.filedatetext=2012-08-31 16:19:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\s.ytimg.com\soundData.sol
  Properties.size=49
  Properties.md5=3C3E0C70DEC1FD4A7976FCEEC895355F
  Properties.filedate=1349516226
  Properties.filedatetext=2012-10-06 10:37:05

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\s.ytimg.com\videostats.sol
  Properties.size=275
  Properties.md5=A54814F2451DB0E082AEA8281186AE4D
  Properties.filedate=1350069230
  Properties.filedatetext=2012-10-12 20:13:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\siylvi.de\analytics.sol
  Properties.size=503
  Properties.md5=FB6DCB8546860AD143BA862D28EC1D9F
  Properties.filedate=1346606457
  Properties.filedatetext=2012-09-02 18:20:57

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.dws.de\sliderCookie.sol
  Properties.size=76
  Properties.md5=544D146C4794242E518BDF2C07A6FE79
  Properties.filedate=1344501204
  Properties.filedatetext=2012-08-09 09:33:24

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.hyundai.de\hyundai_home_v1.sol
  Properties.size=118
  Properties.md5=65737878AD9A80AF5E3CC5C1EC561F74
  Properties.filedate=1345368888
  Properties.filedatetext=2012-08-19 10:34:47

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.tagesschau.de\com.jeroenwijering.sol
  Properties.size=50
  Properties.md5=AAA05E22855582C18887B13C4F1B0C89
  Properties.filedate=1348516581
  Properties.filedatetext=2012-09-24 20:56:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.zdf.de\com.conviva.livePass.sol
  Properties.size=225
  Properties.md5=CEB6DCED1A26E691B6D6EB9CDE5C3864
  Properties.filedate=1350069362
  Properties.filedatetext=2012-10-12 20:16:01

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin2\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\AYLGMMF3\airberlin.com\newsletter-reg.sol
  Properties.size=99
  Properties.md5=CA48FD886BA995CE9E929D4280A9DCD7
  Properties.filedate=1348346170
  Properties.filedatetext=2012-09-22 21:36:10

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\bree.com\slideshow.swf\bree_sl_2.sol
  Properties.size=48
  Properties.md5=9B555873A670DE4FE792A7CA44C9431E
  Properties.filedate=1345145079
  Properties.filedatetext=2012-08-16 20:24:38

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\maps-4-u.com\lso.swf\e.sol
  Properties.size=45
  Properties.md5=97365BE18D2A63F0330DE83C5CE02FEB
  Properties.filedate=1346449232
  Properties.filedatetext=2012-08-31 22:40:32

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\skype.com\#ui\preferences.sol
  Properties.size=234
  Properties.md5=B664D85B8558F09DB3FA15ECB9B348A5
  Properties.filedate=1349206113
  Properties.filedatetext=2012-10-02 20:28:33

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\www.avira.com\#kernelteam\preferences.sol
  Properties.size=91
  Properties.md5=FE7A4158F7F2AF9EA0ACE77731BFB8A3
  Properties.filedate=1349130364
  Properties.filedatetext=2012-10-01 23:26:04

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\olympia.ard.de\flash\OSMFPlayer.swf\HDCore.sol
  Properties.size=42
  Properties.md5=A321738F8BED2B4B6E40531701E93065
  Properties.filedate=1344373366
  Properties.filedatetext=2012-08-07 22:02:45

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7]  Text file (File, nothing done)
  C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\RCGR4SFW\opf.ooyala.com\3rdparty\bloomberg_ui_module_005.swf\bloomberg-player.sol
  Properties.size=66
  Properties.md5=8A0F9C8955FE05598EEFD5185613E07A
  Properties.filedate=1344176618
  Properties.filedatetext=2012-08-05 15:23:38

Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Inactive Users): Admin2) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: PE_C_ALL USERS (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Firefox: PE_C_ALL USERS (default)) (Browser: Cookie, nothing done)
  

Common Dialogs: [SBI $8E73A7FB] History  (195 files) (Registry Key, nothing done)
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: [SBI $8E73A7FB]  Activity: COM+.log (File, nothing done)
  C:\WINDOWS\COM+.log
  Properties.size=1450
  Properties.md5=E9C0E93A9EB8064E10D6445FA1125171
  Properties.filedate=1250245272
  Properties.filedatetext=2009-08-14 11:21:11

Log: [SBI $8E73A7FB]  Activity: SchedLgU.Txt (File, nothing done)
  C:\WINDOWS\SchedLgU.Txt
  Properties.size=32412
  Properties.md5=90AA19D37F37BBB30439A8948A83979E
  Properties.filedate=1356599544
  Properties.filedatetext=2012-12-27 10:12:23

Log: [SBI $8E73A7FB]  Activity: imsins.log (File, nothing done)
  C:\WINDOWS\imsins.log
  Properties.size=1393
  Properties.md5=361964AC9A1E17AD46AD663700B9C616
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:12

Log: [SBI $8E73A7FB]  Activity: OEWABLog.txt (File, nothing done)
  C:\WINDOWS\OEWABLog.txt
  Properties.size=1519
  Properties.md5=4B43CD5BC3B35CB57702BC5A179C931A
  Properties.filedate=1262032160
  Properties.filedatetext=2009-12-28 21:29:19

Log: [SBI $8E73A7FB]  Install: comsetup.log (File, nothing done)
  C:\WINDOWS\comsetup.log
  Properties.size=602552
  Properties.md5=5CEEB082CECCB7CF0F22CCD6C1D0BB66
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:12

Log: [SBI $8E73A7FB]  Install: Directx.log (File, nothing done)
  C:\WINDOWS\Directx.log
  Properties.size=30080
  Properties.md5=FC07309D739D83FA83434ADEA50DD68E
  Properties.filedate=1250244444
  Properties.filedatetext=2009-08-14 11:07:23

Log: [SBI $8E73A7FB]  Install: ocgen.log (File, nothing done)
  C:\WINDOWS\ocgen.log
  Properties.size=854229
  Properties.md5=6BFE24E0DD4A186365C48E470C0F09A7
  Properties.filedate=1356455352
  Properties.filedatetext=2012-12-25 18:09:11

Log: [SBI $8E73A7FB]  Install: setupact.log (File, nothing done)
  C:\WINDOWS\setupact.log
  Properties.size=222614
  Properties.md5=F7E6DDD235262382AA906BC3450D4300
  Properties.filedate=1352967705
  Properties.filedatetext=2012-11-15 09:21:45

Log: [SBI $8E73A7FB]  Install: setupapi.log (File, nothing done)
  C:\WINDOWS\setupapi.log
  Properties.size=449571
  Properties.md5=6220238B0EA4AC07B7D8757BF637B960
  Properties.filedate=1356455351
  Properties.filedatetext=2012-12-25 18:09:10

Log: [SBI $8E73A7FB]  Install: setuplog.txt (File, nothing done)
  C:\WINDOWS\setuplog.txt
  Properties.size=925889
  Properties.md5=2F1CBE4BACD21773A82F52A98D822F09
  Properties.filedate=1262032114
  Properties.filedatetext=2009-12-28 21:28:34

Log: [SBI $8E73A7FB]  Install: wmsetup.log (File, nothing done)
  C:\WINDOWS\wmsetup.log
  Properties.size=39858
  Properties.md5=17FD2367C0E8F7000BF4122819119975
  Properties.filedate=1304771600
  Properties.filedatetext=2011-05-07 13:33:19

Log: [SBI $8E73A7FB]  Install: DtcInstall.log (File, nothing done)
  C:\WINDOWS\DtcInstall.log
  Properties.size=646
  Properties.md5=95AF8FF991A1DF4461016664022141E3
  Properties.filedate=1262031867
  Properties.filedatetext=2009-12-28 21:24:26

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\mofcomp.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\mofcomp.log
  Properties.size=32068
  Properties.md5=9CAA04BBAFF5148764D3ED338496DB76
  Properties.filedate=1353085913
  Properties.filedatetext=2012-11-16 18:11:52

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\setup.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\setup.log
  Properties.size=4889
  Properties.md5=38B9CAFC870B833096F52AB18932E035
  Properties.filedate=1250188972
  Properties.filedatetext=2009-08-13 19:42:52

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemcore.log
  Properties.size=57285
  Properties.md5=835B7379247820D353689F06D34B3DFB
  Properties.filedate=1356599636
  Properties.filedatetext=2012-12-27 10:13:55

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemess.lo_ (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemess.lo_
  Properties.size=65567
  Properties.md5=DD91236A463B5A571685299275C5D8F9
  Properties.filedate=1316635147
  Properties.filedatetext=2011-09-21 20:59:07

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemess.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemess.log
  Properties.size=20786
  Properties.md5=FE325C0FA4CA62E95796F088DA96C57B
  Properties.filedate=1316700741
  Properties.filedatetext=2011-09-22 15:12:21

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wbemprox.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wbemprox.log
  Properties.size=32028
  Properties.md5=C0330D46F66F7BA361837BEFBED6426E
  Properties.filedate=1356605159
  Properties.filedatetext=2012-12-27 11:45:58

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\winmgmt.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\winmgmt.log
  Properties.size=279
  Properties.md5=C7CB50E952692ECED93C938C21E3EF7F
  Properties.filedate=1281779597
  Properties.filedatetext=2010-08-14 10:53:16

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wmiadap.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wmiadap.log
  Properties.size=4018
  Properties.md5=3F4CAE0CF7051D625FC793D3E731F0B8
  Properties.filedate=1353085971
  Properties.filedatetext=2012-11-16 18:12:51

Log: [SBI $8E73A7FB]  Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
  C:\WINDOWS\System32\wbem\logs\wmiprov.log
  Properties.size=61903
  Properties.md5=38F0C0BDDB8D78DA72657773700EC1E8
  Properties.filedate=1319878968
  Properties.filedatetext=2011-10-29 10:02:47

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (PowerPoint): [SBI $C10CED61] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\PowerPoint\Recent File List

MS Office 11.0 (PowerPoint): [SBI $81078145] Recent animation list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\PowerPoint\RecentAnimationList

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\PowerPoint\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Office\12.0\Word\File MRU

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $8390E60B] Network map history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-501\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\ArcHistory

WinRAR: [SBI $A59A1C0A] Recent exe file list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-3127665704-1242981442-2255728428-1006\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Browser: Cookie (59) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (323) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (294) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (82) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (12) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (33) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (51) (Browser: Cache, nothing done)
  

History: [SBI $49804B54] Browser: History (16) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (39) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1525) (Browser: Cookie, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (123) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.0.12.131  DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-27 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2012-12-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-18 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-19 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2012-12-11 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-18 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)

So mehr habe ich noch nicht laufen lassen.

Was soll ich denn noch durchlaufen lassen?

Danke für den Hinweis mit den Mails, bei der nächsten leite ich sie weiter....

Vielen Dank!

VG

markusg · 27.12.2012, 20:23

Bitte weiter mit tdss killer.

elico · 27.12.2012, 20:58

Hi,
vielen Dank für die abermals schnelle Antwort:
Anbei TDSSKiller Log:

Code:

ATTFilter

20:36:40.0625 3348  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:36:41.0062 3348  ============================================================
20:36:41.0062 3348  Current date / time: 2012/12/27 20:36:41.0062
20:36:41.0062 3348  SystemInfo:
20:36:41.0062 3348  
20:36:41.0062 3348  OS Version: 5.1.2600 ServicePack: 3.0
20:36:41.0062 3348  Product type: Workstation
20:36:41.0062 3348  ComputerName: Admin
20:36:41.0062 3348  UserName: Admin
20:36:41.0062 3348  Windows directory: C:\WINDOWS
20:36:41.0062 3348  System windows directory: C:\WINDOWS
20:36:41.0062 3348  Processor architecture: Intel x86
20:36:41.0062 3348  Number of processors: 2
20:36:41.0062 3348  Page size: 0x1000
20:36:41.0062 3348  Boot type: Normal boot
20:36:41.0062 3348  ============================================================
20:36:43.0312 3348  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:43.0343 3348  ============================================================
20:36:43.0343 3348  \Device\Harddisk0\DR0:
20:36:43.0343 3348  MBR partitions:
20:36:43.0343 3348  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
20:36:43.0343 3348  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
20:36:43.0343 3348  ============================================================
20:36:43.0531 3348  C: <-> \Device\Harddisk0\DR0\Partition1
20:36:43.0593 3348  D: <-> \Device\Harddisk0\DR0\Partition2
20:36:43.0625 3348  ============================================================
20:36:43.0625 3348  Initialize success
20:36:43.0625 3348  ============================================================
20:37:09.0953 2244  ============================================================
20:37:09.0953 2244  Scan started
20:37:09.0953 2244  Mode: Manual; 
20:37:09.0953 2244  ============================================================
20:37:11.0093 2244  ================ Scan system memory ========================
20:37:11.0109 2244  System memory - ok
20:37:11.0109 2244  ================ Scan services =============================
20:37:11.0218 2244  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
20:37:11.0218 2244  !SASCORE - ok
20:37:11.0390 2244  Abiosdsk - ok
20:37:11.0406 2244  abp480n5 - ok
20:37:11.0515 2244  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:37:11.0531 2244  ACPI - ok
20:37:11.0546 2244  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:37:11.0546 2244  ACPIEC - ok
20:37:11.0609 2244  [ D2C5C56DD26386EFA289EA0B92EADFD2 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
20:37:11.0671 2244  acsint - ok
20:37:11.0703 2244  [ 45D6057452EAFE7AC27CAB55A0FED296 ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
20:37:11.0812 2244  acsmux - ok
20:37:11.0968 2244  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:11.0984 2244  AdobeFlashPlayerUpdateSvc - ok
20:37:12.0000 2244  adpu160m - ok
20:37:12.0078 2244  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:37:12.0140 2244  aec - ok
20:37:12.0250 2244  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:37:12.0250 2244  AFD - ok
20:37:12.0265 2244  Aha154x - ok
20:37:12.0296 2244  aic78u2 - ok
20:37:12.0312 2244  aic78xx - ok
20:37:12.0359 2244  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:37:12.0406 2244  Alerter - ok
20:37:12.0484 2244  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
20:37:12.0484 2244  ALG - ok
20:37:12.0500 2244  AliIde - ok
20:37:12.0625 2244  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
20:37:12.0921 2244  Ambfilt - ok
20:37:12.0937 2244  amsint - ok
20:37:12.0953 2244  AmUStor - ok
20:37:13.0125 2244  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:37:13.0125 2244  AntiVirSchedulerService - ok
20:37:13.0187 2244  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:37:13.0187 2244  AntiVirService - ok
20:37:13.0203 2244  AppMgmt - ok
20:37:13.0343 2244  [ E0EE769D14128014965E03B433F5F46E ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
20:37:13.0531 2244  AR5416 - ok
20:37:13.0546 2244  asc - ok
20:37:13.0546 2244  asc3350p - ok
20:37:13.0562 2244  asc3550 - ok
20:37:13.0750 2244  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:37:13.0859 2244  aspnet_state - ok
20:37:13.0937 2244  [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI        C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
20:37:13.0968 2244  AsusACPI - ok
20:37:14.0031 2244  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:37:14.0031 2244  AsyncMac - ok
20:37:14.0093 2244  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
20:37:14.0156 2244  atapi - ok
20:37:14.0171 2244  Atdisk - ok
20:37:14.0234 2244  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:37:14.0312 2244  Atmarpc - ok
20:37:14.0375 2244  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:37:14.0390 2244  AudioSrv - ok
20:37:14.0453 2244  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:37:14.0500 2244  audstub - ok
20:37:14.0531 2244  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:37:14.0531 2244  avgntflt - ok
20:37:14.0578 2244  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:37:14.0578 2244  avipbb - ok
20:37:14.0609 2244  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:37:14.0609 2244  avkmgr - ok
20:37:14.0750 2244  [ 4B8C4B37A298305AF83676679329522B ] bdfdll          C:\Programme\Softwin\BitDefender10\bdfdll.sys
20:37:14.0750 2244  bdfdll - ok
20:37:14.0750 2244  BDFsDrv - ok
20:37:14.0765 2244  BDRsDrv - ok
20:37:14.0890 2244  [ A20EB9A2772C8D2130FF10783E9B42EA ] bdss            C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
20:37:14.0890 2244  bdss - ok
20:37:14.0953 2244  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:37:15.0046 2244  Beep - ok
20:37:15.0125 2244  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:37:15.0156 2244  BITS - ok
20:37:15.0218 2244  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
20:37:15.0218 2244  Browser - ok
20:37:15.0234 2244  btaudio - ok
20:37:15.0250 2244  BTDriver - ok
20:37:15.0265 2244  BTWDNDIS - ok
20:37:15.0281 2244  btwhid - ok
20:37:15.0296 2244  BTWUSB - ok
20:37:15.0359 2244  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:37:15.0406 2244  cbidf2k - ok
20:37:15.0468 2244  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:37:15.0515 2244  CCDECODE - ok
20:37:15.0531 2244  cd20xrnt - ok
20:37:15.0593 2244  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:37:15.0625 2244  Cdaudio - ok
20:37:15.0671 2244  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:37:15.0718 2244  Cdfs - ok
20:37:15.0765 2244  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:37:15.0812 2244  Cdrom - ok
20:37:15.0828 2244  Changer - ok
20:37:15.0875 2244  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:37:15.0937 2244  CiSvc - ok
20:37:15.0984 2244  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:37:16.0015 2244  ClipSrv - ok
20:37:16.0078 2244  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:16.0234 2244  clr_optimization_v2.0.50727_32 - ok
20:37:16.0296 2244  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:37:16.0328 2244  CmBatt - ok
20:37:16.0328 2244  CmdIde - ok
20:37:16.0359 2244  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:37:16.0359 2244  Compbatt - ok
20:37:16.0359 2244  COMSysApp - ok
20:37:16.0390 2244  Cpqarray - ok
20:37:16.0453 2244  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:37:16.0453 2244  CryptSvc - ok
20:37:16.0468 2244  dac2w2k - ok
20:37:16.0468 2244  dac960nt - ok
20:37:16.0546 2244  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:37:16.0562 2244  DcomLaunch - ok
20:37:16.0640 2244  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:37:16.0640 2244  Dhcp - ok
20:37:16.0656 2244  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:37:16.0656 2244  Disk - ok
20:37:16.0671 2244  dmadmin - ok
20:37:16.0750 2244  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:37:16.0859 2244  dmboot - ok
20:37:16.0890 2244  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:37:16.0968 2244  dmio - ok
20:37:17.0015 2244  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:37:17.0062 2244  dmload - ok
20:37:17.0109 2244  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:37:17.0156 2244  dmserver - ok
20:37:17.0218 2244  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:37:17.0265 2244  DMusic - ok
20:37:17.0328 2244  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:37:17.0328 2244  Dnscache - ok
20:37:17.0390 2244  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:37:17.0515 2244  Dot3svc - ok
20:37:17.0531 2244  dpti2o - ok
20:37:17.0546 2244  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:37:17.0578 2244  drmkaud - ok
20:37:17.0640 2244  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:37:17.0687 2244  EapHost - ok
20:37:17.0796 2244  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
20:37:17.0796 2244  EpsonBidirectionalService - ok
20:37:17.0828 2244  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
20:37:17.0828 2244  EPSON_EB_RPCV4_04 - ok
20:37:17.0843 2244  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
20:37:17.0843 2244  EPSON_PM_RPCV4_04 - ok
20:37:17.0921 2244  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:37:17.0921 2244  ERSvc - ok
20:37:18.0000 2244  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
20:37:18.0015 2244  Eventlog - ok
20:37:18.0078 2244  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
20:37:18.0093 2244  EventSystem - ok
20:37:18.0171 2244  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:37:18.0234 2244  Fastfat - ok
20:37:18.0343 2244  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:37:18.0343 2244  FastUserSwitchingCompatibility - ok
20:37:18.0421 2244  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
20:37:18.0500 2244  Fdc - ok
20:37:18.0515 2244  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:37:18.0562 2244  Fips - ok
20:37:18.0609 2244  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
20:37:18.0656 2244  Flpydisk - ok
20:37:18.0718 2244  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:37:18.0734 2244  FltMgr - ok
20:37:18.0812 2244  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:37:18.0890 2244  FontCache3.0.0.0 - ok
20:37:18.0968 2244  [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:37:19.0015 2244  fssfltr - ok
20:37:19.0156 2244  [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc          C:\Programme\Windows Live\Family Safety\fsssvc.exe
20:37:19.0265 2244  fsssvc - ok
20:37:19.0328 2244  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:37:19.0359 2244  Fs_Rec - ok
20:37:19.0437 2244  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:37:19.0437 2244  Ftdisk - ok
20:37:19.0515 2244  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:37:19.0609 2244  Gpc - ok
20:37:19.0750 2244  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
20:37:19.0750 2244  gupdate - ok
20:37:19.0765 2244  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
20:37:19.0765 2244  gupdatem - ok
20:37:19.0859 2244  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:37:19.0890 2244  HDAudBus - ok
20:37:20.0015 2244  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:37:20.0031 2244  helpsvc - ok
20:37:20.0109 2244  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
20:37:20.0125 2244  HidServ - ok
20:37:20.0140 2244  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:37:20.0140 2244  hidusb - ok
20:37:20.0187 2244  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:37:20.0265 2244  hkmsvc - ok
20:37:20.0281 2244  hpn - ok
20:37:20.0359 2244  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:37:20.0375 2244  HTTP - ok
20:37:20.0437 2244  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:37:20.0515 2244  HTTPFilter - ok
20:37:20.0531 2244  i2omgmt - ok
20:37:20.0546 2244  i2omp - ok
20:37:20.0609 2244  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:37:20.0640 2244  i8042prt - ok
20:37:20.0953 2244  [ 0F68E2EC713F132FFB19E45415B09679 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:37:21.0296 2244  ialm - ok
20:37:21.0390 2244  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
20:37:21.0406 2244  iaStor - ok
20:37:21.0546 2244  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:37:21.0937 2244  idsvc - ok
20:37:22.0000 2244  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:37:22.0078 2244  Imapi - ok
20:37:22.0156 2244  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:37:22.0234 2244  ImapiService - ok
20:37:22.0265 2244  ini910u - ok
20:37:22.0468 2244  [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:37:22.0656 2244  IntcAzAudAddService - ok
20:37:22.0671 2244  IntelIde - ok
20:37:22.0734 2244  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:37:22.0765 2244  intelppm - ok
20:37:22.0812 2244  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:37:22.0843 2244  Ip6Fw - ok
20:37:22.0859 2244  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:37:22.0890 2244  IpFilterDriver - ok
20:37:22.0937 2244  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:37:22.0984 2244  IpInIp - ok
20:37:23.0031 2244  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:37:23.0078 2244  IpNat - ok
20:37:23.0140 2244  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:37:23.0187 2244  IPSec - ok
20:37:23.0250 2244  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:37:23.0281 2244  IRENUM - ok
20:37:23.0359 2244  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:37:23.0375 2244  isapnp - ok
20:37:23.0578 2244  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
20:37:23.0593 2244  JavaQuickStarterService - ok
20:37:23.0671 2244  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:37:23.0750 2244  Kbdclass - ok
20:37:23.0828 2244  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:37:23.0828 2244  kmixer - ok
20:37:23.0906 2244  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:37:23.0921 2244  KSecDD - ok
20:37:23.0984 2244  [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
20:37:24.0062 2244  L1c - ok
20:37:24.0156 2244  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
20:37:24.0156 2244  LanmanServer - ok
20:37:24.0218 2244  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:37:24.0250 2244  lanmanworkstation - ok
20:37:24.0265 2244  lbrtfdc - ok
20:37:24.0421 2244  [ DA46DE196C3CF33B176E38CF8E30D149 ] LIVESRV         C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
20:37:24.0421 2244  LIVESRV - ok
20:37:24.0468 2244  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:37:24.0484 2244  LmHosts - ok
20:37:24.0546 2244  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
20:37:24.0546 2244  MBAMProtector - ok
20:37:24.0687 2244  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:37:24.0703 2244  MBAMScheduler - ok
20:37:24.0796 2244  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:24.0843 2244  MBAMService - ok
20:37:24.0890 2244  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:37:24.0937 2244  Messenger - ok
20:37:25.0109 2244  Microsoft SharePoint Workspace Audit Service - ok
20:37:25.0187 2244  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:37:25.0265 2244  mnmdd - ok
20:37:25.0328 2244  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:37:25.0375 2244  mnmsrvc - ok
20:37:25.0421 2244  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:37:25.0500 2244  Modem - ok
20:37:25.0625 2244  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
20:37:25.0937 2244  Monfilt - ok
20:37:26.0015 2244  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:37:26.0031 2244  Mouclass - ok
20:37:26.0109 2244  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:37:26.0109 2244  mouhid - ok
20:37:26.0140 2244  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:37:26.0140 2244  MountMgr - ok
20:37:26.0218 2244  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:37:26.0234 2244  MozillaMaintenance - ok
20:37:26.0250 2244  mraid35x - ok
20:37:26.0312 2244  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:37:26.0328 2244  MRxDAV - ok
20:37:26.0421 2244  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:37:26.0453 2244  MRxSmb - ok
20:37:26.0531 2244  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:37:26.0593 2244  MSDTC - ok
20:37:26.0640 2244  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:37:26.0640 2244  Msfs - ok
20:37:26.0656 2244  MSIServer - ok
20:37:26.0687 2244  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:37:26.0734 2244  MSKSSRV - ok
20:37:26.0781 2244  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:37:26.0812 2244  MSPCLOCK - ok
20:37:26.0859 2244  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:37:26.0906 2244  MSPQM - ok
20:37:26.0984 2244  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:37:27.0015 2244  mssmbios - ok
20:37:27.0078 2244  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:37:27.0125 2244  MSTEE - ok
20:37:27.0187 2244  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:37:27.0187 2244  Mup - ok
20:37:27.0250 2244  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:37:27.0312 2244  NABTSFEC - ok
20:37:27.0375 2244  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:37:27.0468 2244  napagent - ok
20:37:27.0546 2244  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:37:27.0562 2244  NDIS - ok
20:37:27.0625 2244  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:37:27.0671 2244  NdisIP - ok
20:37:27.0750 2244  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:37:27.0750 2244  NdisTapi - ok
20:37:27.0828 2244  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:37:27.0859 2244  Ndisuio - ok
20:37:27.0906 2244  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:37:27.0968 2244  NdisWan - ok
20:37:28.0046 2244  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:37:28.0046 2244  NDProxy - ok
20:37:28.0109 2244  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:37:28.0109 2244  NetBIOS - ok
20:37:28.0203 2244  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:37:28.0281 2244  NetBT - ok
20:37:28.0328 2244  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:37:28.0390 2244  NetDDE - ok
20:37:28.0406 2244  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:37:28.0421 2244  NetDDEdsdm - ok
20:37:28.0484 2244  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:37:28.0500 2244  Netlogon - ok
20:37:28.0578 2244  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
20:37:28.0593 2244  Netman - ok
20:37:28.0671 2244  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:28.0828 2244  NetTcpPortSharing - ok
20:37:28.0906 2244  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:37:28.0921 2244  Nla - ok
20:37:28.0984 2244  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:37:28.0984 2244  Npfs - ok
20:37:29.0062 2244  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:37:29.0093 2244  Ntfs - ok
20:37:29.0125 2244  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:37:29.0125 2244  NtLmSsp - ok
20:37:29.0187 2244  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:37:29.0281 2244  NtmsSvc - ok
20:37:29.0343 2244  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:37:29.0375 2244  Null - ok
20:37:29.0421 2244  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:37:29.0468 2244  NwlnkFlt - ok
20:37:29.0531 2244  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:37:29.0562 2244  NwlnkFwd - ok
20:37:29.0718 2244  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:37:29.0718 2244  ose - ok
20:37:30.0031 2244  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:37:30.0265 2244  osppsvc - ok
20:37:30.0312 2244  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
20:37:30.0359 2244  Parport - ok
20:37:30.0421 2244  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:37:30.0421 2244  PartMgr - ok
20:37:30.0468 2244  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:37:30.0531 2244  ParVdm - ok
20:37:30.0578 2244  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:37:30.0578 2244  PCI - ok
20:37:30.0593 2244  PCIDump - ok
20:37:30.0609 2244  PCIIde - ok
20:37:30.0640 2244  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:37:30.0687 2244  Pcmcia - ok
20:37:30.0703 2244  PDCOMP - ok
20:37:30.0703 2244  PDFRAME - ok
20:37:30.0718 2244  PDRELI - ok
20:37:30.0734 2244  PDRFRAME - ok
20:37:30.0734 2244  perc2 - ok
20:37:30.0750 2244  perc2hib - ok
20:37:30.0781 2244  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
20:37:30.0796 2244  PlugPlay - ok
20:37:30.0796 2244  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:37:30.0812 2244  PolicyAgent - ok
20:37:30.0828 2244  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:37:30.0843 2244  PptpMiniport - ok
20:37:30.0875 2244  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:37:30.0875 2244  ProtectedStorage - ok
20:37:30.0890 2244  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:37:30.0921 2244  PSched - ok
20:37:30.0937 2244  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:37:30.0953 2244  Ptilink - ok
20:37:31.0031 2244  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:37:31.0031 2244  PxHelp20 - ok
20:37:31.0046 2244  ql1080 - ok
20:37:31.0062 2244  Ql10wnt - ok
20:37:31.0062 2244  ql12160 - ok
20:37:31.0078 2244  ql1240 - ok
20:37:31.0093 2244  ql1280 - ok
20:37:31.0109 2244  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:37:31.0125 2244  RasAcd - ok
20:37:31.0203 2244  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:37:31.0265 2244  RasAuto - ok
20:37:31.0296 2244  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:37:31.0328 2244  Rasl2tp - ok
20:37:31.0359 2244  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:37:31.0359 2244  RasMan - ok
20:37:31.0375 2244  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:37:31.0406 2244  RasPppoe - ok
20:37:31.0437 2244  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:37:31.0453 2244  Raspti - ok
20:37:31.0546 2244  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:37:31.0562 2244  Rdbss - ok
20:37:31.0656 2244  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:37:31.0734 2244  RDPCDD - ok
20:37:31.0812 2244  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:37:31.0812 2244  RDPWD - ok
20:37:31.0890 2244  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:37:31.0968 2244  RDSessMgr - ok
20:37:32.0046 2244  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:37:32.0078 2244  redbook - ok
20:37:32.0156 2244  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:37:32.0234 2244  RemoteAccess - ok
20:37:32.0296 2244  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:37:32.0359 2244  RpcLocator - ok
20:37:32.0390 2244  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
20:37:32.0406 2244  RpcSs - ok
20:37:32.0484 2244  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:37:32.0546 2244  RSVP - ok
20:37:32.0656 2244  [ 97B59CE2CFBB0884A16DDD8F1781812B ] RT80x86         C:\WINDOWS\system32\DRIVERS\RT2860.sys
20:37:32.0859 2244  RT80x86 - ok
20:37:32.0921 2244  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:37:32.0921 2244  SamSs - ok
20:37:32.0984 2244  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
20:37:32.0984 2244  SASDIFSV - ok
20:37:33.0015 2244  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
20:37:33.0015 2244  SASKUTIL - ok
20:37:33.0109 2244  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:37:33.0171 2244  SCardSvr - ok
20:37:33.0250 2244  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:37:33.0265 2244  Schedule - ok
20:37:33.0437 2244  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
20:37:33.0484 2244  SDScannerService - ok
20:37:33.0593 2244  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:37:33.0640 2244  SDUpdateService - ok
20:37:33.0687 2244  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:37:33.0687 2244  SDWSCService - ok
20:37:33.0734 2244  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:37:33.0796 2244  Secdrv - ok
20:37:33.0812 2244  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:37:33.0828 2244  seclogon - ok
20:37:33.0906 2244  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
20:37:33.0906 2244  SENS - ok
20:37:33.0937 2244  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
20:37:33.0968 2244  Serial - ok
20:37:34.0031 2244  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:37:34.0046 2244  Sfloppy - ok
20:37:34.0140 2244  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
20:37:34.0156 2244  SharedAccess - ok
20:37:34.0171 2244  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:37:34.0187 2244  ShellHWDetection - ok
20:37:34.0203 2244  Simbad - ok
20:37:34.0281 2244  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
20:37:34.0500 2244  SkypeUpdate - ok
20:37:34.0546 2244  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:37:34.0578 2244  SLIP - ok
20:37:34.0656 2244  [ 21EA9DC8FBE1236051832ABB5254226F ] SnoopFree       C:\WINDOWS\system32\Drivers\SnopFree.sys
20:37:34.0656 2244  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\SnopFree.sys. md5: 21EA9DC8FBE1236051832ABB5254226F
20:37:34.0671 2244  SnoopFree ( LockedFile.Multi.Generic ) - warning
20:37:34.0671 2244  SnoopFree - detected LockedFile.Multi.Generic (1)
20:37:34.0734 2244  [ ADBF2FFB193DD067254BF9090FD8A669 ] SnoopFreeSvc    C:\WINDOWS\system32\SnoopFreeSvc.exe
20:37:34.0734 2244  SnoopFreeSvc - ok
20:37:34.0890 2244  [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC         C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
20:37:35.0125 2244  SNP2UVC - ok
20:37:35.0140 2244  Sparrow - ok
20:37:35.0203 2244  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:37:35.0234 2244  splitter - ok
20:37:35.0296 2244  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:37:35.0312 2244  Spooler - ok
20:37:35.0406 2244  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
20:37:35.0421 2244  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
20:37:35.0421 2244  sptd ( LockedFile.Multi.Generic ) - warning
20:37:35.0421 2244  sptd - detected LockedFile.Multi.Generic (1)
20:37:35.0468 2244  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:37:35.0468 2244  sr - ok
20:37:35.0546 2244  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:37:35.0546 2244  srservice - ok
20:37:35.0625 2244  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:37:35.0640 2244  Srv - ok
20:37:35.0703 2244  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:37:35.0718 2244  SSDPSRV - ok
20:37:35.0765 2244  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:37:35.0765 2244  ssmdrv - ok
20:37:35.0843 2244  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:37:35.0875 2244  stisvc - ok
20:37:35.0921 2244  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:37:35.0968 2244  streamip - ok
20:37:36.0046 2244  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:37:36.0078 2244  swenum - ok
20:37:36.0093 2244  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:37:36.0140 2244  swmidi - ok
20:37:36.0156 2244  SwPrv - ok
20:37:36.0156 2244  symc810 - ok
20:37:36.0171 2244  symc8xx - ok
20:37:36.0203 2244  sym_hi - ok
20:37:36.0218 2244  sym_u3 - ok
20:37:36.0296 2244  [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:37:36.0343 2244  SynTP - ok
20:37:36.0375 2244  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:37:36.0406 2244  sysaudio - ok
20:37:36.0468 2244  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:37:36.0546 2244  SysmonLog - ok
20:37:36.0625 2244  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:37:36.0640 2244  TapiSrv - ok
20:37:36.0718 2244  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:37:36.0734 2244  Tcpip - ok
20:37:36.0796 2244  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:37:36.0843 2244  TDPIPE - ok
20:37:36.0875 2244  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:37:36.0906 2244  TDTCP - ok
20:37:36.0968 2244  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:37:37.0015 2244  TermDD - ok
20:37:37.0046 2244  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:37:37.0078 2244  TermService - ok
20:37:37.0109 2244  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:37:37.0109 2244  Themes - ok
20:37:37.0125 2244  TosIde - ok
20:37:37.0203 2244  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:37:37.0203 2244  TrkWks - ok
20:37:37.0281 2244  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:37:37.0328 2244  Udfs - ok
20:37:37.0343 2244  ultra - ok
20:37:37.0421 2244  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:37:37.0500 2244  Update - ok
20:37:37.0531 2244  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:37:37.0625 2244  upnphost - ok
20:37:37.0671 2244  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
20:37:37.0718 2244  UPS - ok
20:37:37.0781 2244  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:37:37.0843 2244  usbccgp - ok
20:37:37.0906 2244  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:37:37.0953 2244  usbehci - ok
20:37:37.0968 2244  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:37:38.0031 2244  usbhub - ok
20:37:38.0093 2244  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:37:38.0125 2244  usbprint - ok
20:37:38.0187 2244  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:37:38.0234 2244  usbscan - ok
20:37:38.0281 2244  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:37:38.0328 2244  usbstor - ok
20:37:38.0390 2244  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:37:38.0421 2244  usbuhci - ok
20:37:38.0515 2244  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
20:37:38.0625 2244  usbvideo - ok
20:37:38.0687 2244  [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf           C:\WINDOWS\system32\DRIVERS\uvclf.sys
20:37:38.0734 2244  uvclf - ok
20:37:38.0765 2244  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:37:38.0796 2244  VgaSave - ok
20:37:38.0812 2244  ViaIde - ok
20:37:38.0890 2244  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:37:38.0890 2244  VolSnap - ok
20:37:38.0984 2244  [ 67E65C5108818AD08CC45835D494A4FB ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:37:39.0015 2244  vpnagent - ok
20:37:39.0078 2244  [ 0D8DF4058901616A4E716AB67D472581 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
20:37:39.0125 2244  vpnva - ok
20:37:39.0187 2244  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:37:39.0328 2244  VSS - ok
20:37:39.0437 2244  [ 29829B4B6F9DF2494D135722E6C7D375 ] VSSERV          C:\Programme\Softwin\BitDefender10\vsserv.exe
20:37:39.0437 2244  VSSERV - ok
20:37:39.0531 2244  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
20:37:39.0531 2244  W32Time - ok
20:37:39.0625 2244  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:37:39.0656 2244  Wanarp - ok
20:37:39.0703 2244  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:37:39.0750 2244  WDC_SAM - ok
20:37:39.0890 2244  [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService     C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:37:39.0890 2244  WDDMService - ok
20:37:39.0984 2244  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
20:37:40.0078 2244  Wdf01000 - ok
20:37:40.0093 2244  WDICA - ok
20:37:40.0187 2244  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:37:40.0234 2244  wdmaud - ok
20:37:40.0359 2244  [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
20:37:40.0375 2244  WDSmartWareBackgroundService - ok
20:37:40.0453 2244  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:37:40.0453 2244  WebClient - ok
20:37:40.0593 2244  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:37:40.0609 2244  winmgmt - ok
20:37:40.0687 2244  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:37:40.0750 2244  WmdmPmSN - ok
20:37:40.0781 2244  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:37:40.0796 2244  WmiApSrv - ok
20:37:40.0921 2244  [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
20:37:41.0140 2244  WMPNetworkSvc - ok
20:37:41.0187 2244  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:37:41.0234 2244  WS2IFSL - ok
20:37:41.0250 2244  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
20:37:41.0265 2244  wscsvc - ok
20:37:41.0312 2244  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:37:41.0359 2244  WSTCODEC - ok
20:37:41.0421 2244  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:37:41.0437 2244  wuauserv - ok
20:37:41.0531 2244  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:37:41.0609 2244  WudfPf - ok
20:37:41.0625 2244  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:37:41.0703 2244  WudfRd - ok
20:37:41.0750 2244  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:37:41.0828 2244  WudfSvc - ok
20:37:41.0921 2244  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:37:41.0953 2244  WZCSVC - ok
20:37:42.0031 2244  [ 5DC7B7F1DD7B9ED4066A6B065F0CE329 ] XCOMM           C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
20:37:42.0031 2244  XCOMM - ok
20:37:42.0109 2244  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:37:42.0171 2244  xmlprov - ok
20:37:42.0218 2244  ================ Scan global ===============================
20:37:42.0296 2244  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:37:42.0375 2244  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:37:42.0406 2244  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:37:42.0437 2244  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:37:42.0437 2244  [Global] - ok
20:37:42.0437 2244  ================ Scan MBR ==================================
20:37:42.0500 2244  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:37:42.0765 2244  \Device\Harddisk0\DR0 - ok
20:37:42.0765 2244  ================ Scan VBR ==================================
20:37:42.0781 2244  [ 1ADC3489D52F3C97647A577C6803EB19 ] \Device\Harddisk0\DR0\Partition1
20:37:42.0781 2244  \Device\Harddisk0\DR0\Partition1 - ok
20:37:42.0843 2244  [ D56A3B990EAA43C9BF7798A85CB5E097 ] \Device\Harddisk0\DR0\Partition2
20:37:42.0859 2244  \Device\Harddisk0\DR0\Partition2 - ok
20:37:42.0859 2244  ============================================================
20:37:42.0859 2244  Scan finished
20:37:42.0859 2244  ============================================================
20:37:42.0890 3236  Detected object count: 2
20:37:42.0890 3236  Actual detected object count: 2
20:38:43.0187 3236  C:\WINDOWS\system32\Drivers\SnopFree.sys - copied to quarantine
20:38:43.0187 3236  SnoopFree ( LockedFile.Multi.Generic ) - User select action: Quarantine 
20:38:43.0265 3236  C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
20:38:43.0265 3236  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

VG

elico · 28.12.2012, 10:42

Hallo Markus,
anbei noch einmal ein neuer Log von TDSS aber diesmal mit der richtigen Einsteillung (hatte deine Nachricht übersehen, sorry):

Code:

ATTFilter

10:18:44.0312 2512  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:18:44.0781 2512  ============================================================
10:18:44.0781 2512  Current date / time: 2012/12/28 10:18:44.0781
10:18:44.0781 2512  SystemInfo:
10:18:44.0781 2512  
10:18:44.0781 2512  OS Version: 5.1.2600 ServicePack: 3.0
10:18:44.0781 2512  Product type: Workstation
10:18:44.0781 2512  ComputerName: Admin
10:18:44.0781 2512  UserName: Admin
10:18:44.0781 2512  Windows directory: C:\WINDOWS
10:18:44.0781 2512  System windows directory: C:\WINDOWS
10:18:44.0781 2512  Processor architecture: Intel x86
10:18:44.0781 2512  Number of processors: 2
10:18:44.0781 2512  Page size: 0x1000
10:18:44.0781 2512  Boot type: Normal boot
10:18:44.0781 2512  ============================================================
10:18:47.0906 2512  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:18:47.0937 2512  ============================================================
10:18:47.0937 2512  \Device\Harddisk0\DR0:
10:18:47.0937 2512  MBR partitions:
10:18:47.0937 2512  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x901F5C0
10:18:47.0937 2512  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x901F5FF, BlocksNum 0x901B73E
10:18:47.0937 2512  ============================================================
10:18:48.0015 2512  C: <-> \Device\Harddisk0\DR0\Partition1
10:18:48.0062 2512  D: <-> \Device\Harddisk0\DR0\Partition2
10:18:48.0109 2512  ============================================================
10:18:48.0109 2512  Initialize success
10:18:48.0109 2512  ============================================================
10:22:44.0031 0896  ============================================================
10:22:44.0031 0896  Scan started
10:22:44.0031 0896  Mode: Manual; SigCheck; TDLFS; 
10:22:44.0031 0896  ============================================================
10:22:45.0281 0896  ================ Scan system memory ========================
10:22:45.0296 0896  System memory - ok
10:22:45.0296 0896  ================ Scan services =============================
10:22:45.0468 0896  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
10:22:45.0828 0896  !SASCORE - ok
10:22:45.0953 0896  Abiosdsk - ok
10:22:45.0968 0896  abp480n5 - ok
10:22:45.0984 0896  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:22:46.0953 0896  ACPI - ok
10:22:46.0984 0896  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:22:47.0234 0896  ACPIEC - ok
10:22:47.0296 0896  [ D2C5C56DD26386EFA289EA0B92EADFD2 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
10:22:47.0328 0896  acsint - ok
10:22:47.0359 0896  [ 45D6057452EAFE7AC27CAB55A0FED296 ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
10:22:47.0375 0896  acsmux - ok
10:22:47.0546 0896  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:22:47.0593 0896  AdobeFlashPlayerUpdateSvc - ok
10:22:47.0609 0896  adpu160m - ok
10:22:47.0687 0896  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:22:48.0031 0896  aec - ok
10:22:48.0093 0896  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:22:48.0234 0896  AFD - ok
10:22:48.0250 0896  Aha154x - ok
10:22:48.0250 0896  aic78u2 - ok
10:22:48.0265 0896  aic78xx - ok
10:22:48.0312 0896  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:22:48.0531 0896  Alerter - ok
10:22:48.0593 0896  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
10:22:48.0734 0896  ALG - ok
10:22:48.0734 0896  AliIde - ok
10:22:48.0859 0896  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
10:22:49.0125 0896  Ambfilt - ok
10:22:49.0140 0896  amsint - ok
10:22:49.0156 0896  AmUStor - ok
10:22:49.0296 0896  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:22:49.0359 0896  AntiVirSchedulerService - ok
10:22:49.0406 0896  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:22:49.0453 0896  AntiVirService - ok
10:22:49.0468 0896  AppMgmt - ok
10:22:49.0625 0896  [ E0EE769D14128014965E03B433F5F46E ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
10:22:49.0859 0896  AR5416 - ok
10:22:49.0875 0896  asc - ok
10:22:49.0890 0896  asc3350p - ok
10:22:49.0906 0896  asc3550 - ok
10:22:50.0078 0896  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:22:50.0203 0896  aspnet_state - ok
10:22:50.0281 0896  [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI        C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
10:22:50.0406 0896  AsusACPI - ok
10:22:50.0500 0896  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:22:50.0828 0896  AsyncMac - ok
10:22:50.0875 0896  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
10:22:51.0203 0896  atapi - ok
10:22:51.0218 0896  Atdisk - ok
10:22:51.0281 0896  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:22:51.0515 0896  Atmarpc - ok
10:22:51.0593 0896  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:22:51.0843 0896  AudioSrv - ok
10:22:51.0906 0896  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:22:52.0156 0896  audstub - ok
10:22:52.0171 0896  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:22:52.0203 0896  avgntflt - ok
10:22:52.0265 0896  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:22:52.0296 0896  avipbb - ok
10:22:52.0328 0896  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:22:52.0359 0896  avkmgr - ok
10:22:52.0500 0896  [ 4B8C4B37A298305AF83676679329522B ] bdfdll          C:\Programme\Softwin\BitDefender10\bdfdll.sys
10:22:52.0515 0896  bdfdll ( UnsignedFile.Multi.Generic ) - warning
10:22:52.0515 0896  bdfdll - detected UnsignedFile.Multi.Generic (1)
10:22:52.0531 0896  BDFsDrv - ok
10:22:52.0531 0896  BDRsDrv - ok
10:22:52.0750 0896  [ A20EB9A2772C8D2130FF10783E9B42EA ] bdss            C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
10:22:52.0765 0896  bdss ( UnsignedFile.Multi.Generic ) - warning
10:22:52.0765 0896  bdss - detected UnsignedFile.Multi.Generic (1)
10:22:52.0812 0896  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:22:53.0078 0896  Beep - ok
10:22:53.0156 0896  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:22:53.0390 0896  BITS - ok
10:22:53.0500 0896  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
10:22:53.0671 0896  Browser - ok
10:22:53.0687 0896  btaudio - ok
10:22:53.0687 0896  BTDriver - ok
10:22:53.0703 0896  BTWDNDIS - ok
10:22:53.0718 0896  btwhid - ok
10:22:53.0734 0896  BTWUSB - ok
10:22:53.0796 0896  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:22:54.0015 0896  cbidf2k - ok
10:22:54.0062 0896  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:22:54.0359 0896  CCDECODE - ok
10:22:54.0375 0896  cd20xrnt - ok
10:22:54.0453 0896  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:22:54.0640 0896  Cdaudio - ok
10:22:54.0687 0896  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:22:54.0968 0896  Cdfs - ok
10:22:55.0000 0896  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:22:55.0203 0896  Cdrom - ok
10:22:55.0218 0896  Changer - ok
10:22:55.0234 0896  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:22:55.0453 0896  CiSvc - ok
10:22:55.0484 0896  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:22:55.0671 0896  ClipSrv - ok
10:22:55.0703 0896  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:22:55.0781 0896  clr_optimization_v2.0.50727_32 - ok
10:22:55.0828 0896  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:22:56.0015 0896  CmBatt - ok
10:22:56.0031 0896  CmdIde - ok
10:22:56.0046 0896  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:22:56.0250 0896  Compbatt - ok
10:22:56.0265 0896  COMSysApp - ok
10:22:56.0281 0896  Cpqarray - ok
10:22:56.0359 0896  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:22:56.0562 0896  CryptSvc - ok
10:22:56.0578 0896  dac2w2k - ok
10:22:56.0593 0896  dac960nt - ok
10:22:56.0656 0896  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:22:56.0750 0896  DcomLaunch - ok
10:22:56.0828 0896  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:22:57.0078 0896  Dhcp - ok
10:22:57.0093 0896  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:22:57.0296 0896  Disk - ok
10:22:57.0296 0896  dmadmin - ok
10:22:57.0375 0896  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:22:57.0625 0896  dmboot - ok
10:22:57.0671 0896  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:22:57.0890 0896  dmio - ok
10:22:57.0937 0896  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:22:58.0140 0896  dmload - ok
10:22:58.0156 0896  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:22:58.0359 0896  dmserver - ok
10:22:58.0390 0896  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:22:58.0593 0896  DMusic - ok
10:22:58.0640 0896  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:22:58.0750 0896  Dnscache - ok
10:22:58.0796 0896  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:22:59.0031 0896  Dot3svc - ok
10:22:59.0031 0896  dpti2o - ok
10:22:59.0109 0896  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:22:59.0359 0896  drmkaud - ok
10:22:59.0406 0896  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:22:59.0625 0896  EapHost - ok
10:22:59.0703 0896  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
10:22:59.0718 0896  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
10:22:59.0718 0896  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
10:22:59.0734 0896  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
10:22:59.0750 0896  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning
10:22:59.0750 0896  EPSON_EB_RPCV4_04 - detected UnsignedFile.Multi.Generic (1)
10:22:59.0781 0896  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
10:22:59.0796 0896  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning
10:22:59.0796 0896  EPSON_PM_RPCV4_04 - detected UnsignedFile.Multi.Generic (1)
10:22:59.0859 0896  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:23:00.0062 0896  ERSvc - ok
10:23:00.0140 0896  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
10:23:00.0187 0896  Eventlog - ok
10:23:00.0250 0896  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
10:23:00.0359 0896  EventSystem - ok
10:23:00.0437 0896  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:23:00.0750 0896  Fastfat - ok
10:23:00.0812 0896  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:23:00.0921 0896  FastUserSwitchingCompatibility - ok
10:23:00.0968 0896  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
10:23:01.0156 0896  Fdc - ok
10:23:01.0171 0896  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:23:01.0421 0896  Fips - ok
10:23:01.0468 0896  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:23:01.0656 0896  Flpydisk - ok
10:23:01.0703 0896  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:23:01.0921 0896  FltMgr - ok
10:23:02.0000 0896  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:23:02.0031 0896  FontCache3.0.0.0 - ok
10:23:02.0093 0896  [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:23:02.0125 0896  fssfltr - ok
10:23:02.0250 0896  [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc          C:\Programme\Windows Live\Family Safety\fsssvc.exe
10:23:02.0312 0896  fsssvc - ok
10:23:02.0375 0896  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:23:02.0656 0896  Fs_Rec - ok
10:23:02.0703 0896  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:23:02.0890 0896  Ftdisk - ok
10:23:02.0968 0896  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:23:03.0171 0896  Gpc - ok
10:23:03.0312 0896  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
10:23:03.0343 0896  gupdate - ok
10:23:03.0359 0896  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
10:23:03.0375 0896  gupdatem - ok
10:23:03.0453 0896  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:23:03.0656 0896  HDAudBus - ok
10:23:03.0765 0896  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:23:04.0062 0896  helpsvc - ok
10:23:04.0109 0896  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:23:04.0359 0896  HidServ - ok
10:23:04.0390 0896  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:23:04.0578 0896  hidusb - ok
10:23:04.0625 0896  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:23:04.0812 0896  hkmsvc - ok
10:23:04.0828 0896  hpn - ok
10:23:04.0890 0896  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:23:04.0984 0896  HTTP - ok
10:23:05.0031 0896  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:23:05.0250 0896  HTTPFilter - ok
10:23:05.0265 0896  i2omgmt - ok
10:23:05.0281 0896  i2omp - ok
10:23:05.0312 0896  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:23:05.0546 0896  i8042prt - ok
10:23:05.0781 0896  [ 0F68E2EC713F132FFB19E45415B09679 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:23:06.0218 0896  ialm - ok
10:23:06.0296 0896  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
10:23:06.0343 0896  iaStor - ok
10:23:06.0453 0896  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:23:06.0625 0896  idsvc - ok
10:23:06.0703 0896  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:23:07.0078 0896  Imapi - ok
10:23:07.0140 0896  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:23:07.0343 0896  ImapiService - ok
10:23:07.0359 0896  ini910u - ok
10:23:07.0546 0896  [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:23:08.0312 0896  IntcAzAudAddService - ok
10:23:08.0328 0896  IntelIde - ok
10:23:08.0437 0896  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:23:08.0640 0896  intelppm - ok
10:23:08.0671 0896  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:23:08.0859 0896  Ip6Fw - ok
10:23:08.0906 0896  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:23:09.0109 0896  IpFilterDriver - ok
10:23:09.0140 0896  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:23:09.0328 0896  IpInIp - ok
10:23:09.0375 0896  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:23:09.0578 0896  IpNat - ok
10:23:09.0687 0896  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:23:09.0875 0896  IPSec - ok
10:23:09.0921 0896  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:23:10.0046 0896  IRENUM - ok
10:23:10.0125 0896  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:23:10.0343 0896  isapnp - ok
10:23:10.0531 0896  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
10:23:10.0562 0896  JavaQuickStarterService - ok
10:23:10.0640 0896  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:23:10.0843 0896  Kbdclass - ok
10:23:10.0890 0896  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:23:11.0187 0896  kmixer - ok
10:23:11.0250 0896  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:23:11.0406 0896  KSecDD - ok
10:23:11.0453 0896  [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
10:23:11.0500 0896  L1c - ok
10:23:11.0578 0896  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
10:23:11.0640 0896  LanmanServer - ok
10:23:11.0703 0896  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:23:11.0812 0896  lanmanworkstation - ok
10:23:11.0828 0896  lbrtfdc - ok
10:23:11.0953 0896  [ DA46DE196C3CF33B176E38CF8E30D149 ] LIVESRV         C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
10:23:12.0000 0896  LIVESRV ( UnsignedFile.Multi.Generic ) - warning
10:23:12.0000 0896  LIVESRV - detected UnsignedFile.Multi.Generic (1)
10:23:12.0062 0896  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:23:12.0375 0896  LmHosts - ok
10:23:12.0453 0896  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
10:23:12.0484 0896  MBAMProtector - ok
10:23:12.0578 0896  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:23:12.0656 0896  MBAMScheduler - ok
10:23:12.0750 0896  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
10:23:12.0828 0896  MBAMService - ok
10:23:12.0875 0896  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:23:13.0203 0896  Messenger - ok
10:23:13.0343 0896  Microsoft SharePoint Workspace Audit Service - ok
10:23:13.0390 0896  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:23:13.0593 0896  mnmdd - ok
10:23:13.0640 0896  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:23:13.0859 0896  mnmsrvc - ok
10:23:13.0890 0896  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:23:14.0109 0896  Modem - ok
10:23:14.0203 0896  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
10:23:14.0343 0896  Monfilt - ok
10:23:14.0437 0896  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:23:14.0640 0896  Mouclass - ok
10:23:14.0703 0896  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:23:14.0921 0896  mouhid - ok
10:23:14.0937 0896  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:23:15.0187 0896  MountMgr - ok
10:23:15.0250 0896  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:23:15.0312 0896  MozillaMaintenance - ok
10:23:15.0328 0896  mraid35x - ok
10:23:15.0406 0896  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:23:15.0593 0896  MRxDAV - ok
10:23:15.0671 0896  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:23:15.0843 0896  MRxSmb - ok
10:23:15.0890 0896  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:23:16.0109 0896  MSDTC - ok
10:23:16.0140 0896  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:23:16.0375 0896  Msfs - ok
10:23:16.0390 0896  MSIServer - ok
10:23:16.0406 0896  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:23:16.0640 0896  MSKSSRV - ok
10:23:16.0656 0896  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:23:16.0843 0896  MSPCLOCK - ok
10:23:16.0875 0896  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:23:17.0093 0896  MSPQM - ok
10:23:17.0156 0896  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:23:17.0375 0896  mssmbios - ok
10:23:17.0421 0896  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:23:17.0609 0896  MSTEE - ok
10:23:17.0656 0896  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:23:17.0703 0896  Mup - ok
10:23:17.0734 0896  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:23:17.0921 0896  NABTSFEC - ok
10:23:17.0984 0896  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:23:18.0250 0896  napagent - ok
10:23:18.0343 0896  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:23:18.0562 0896  NDIS - ok
10:23:18.0625 0896  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:23:18.0828 0896  NdisIP - ok
10:23:18.0906 0896  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:23:19.0093 0896  NdisTapi - ok
10:23:19.0171 0896  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:23:19.0437 0896  Ndisuio - ok
10:23:19.0531 0896  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:23:19.0859 0896  NdisWan - ok
10:23:19.0921 0896  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:23:19.0984 0896  NDProxy - ok
10:23:20.0000 0896  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:23:20.0203 0896  NetBIOS - ok
10:23:20.0265 0896  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:23:20.0468 0896  NetBT - ok
10:23:20.0515 0896  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:23:20.0703 0896  NetDDE - ok
10:23:20.0718 0896  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:23:20.0906 0896  NetDDEdsdm - ok
10:23:20.0937 0896  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:23:21.0140 0896  Netlogon - ok
10:23:21.0171 0896  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
10:23:21.0375 0896  Netman - ok
10:23:21.0453 0896  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:23:21.0484 0896  NetTcpPortSharing - ok
10:23:21.0531 0896  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:23:21.0562 0896  Nla - ok
10:23:21.0671 0896  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:23:21.0859 0896  Npfs - ok
10:23:21.0953 0896  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:23:22.0250 0896  Ntfs - ok
10:23:22.0265 0896  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:23:22.0468 0896  NtLmSsp - ok
10:23:22.0515 0896  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:23:22.0796 0896  NtmsSvc - ok
10:23:22.0843 0896  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:23:23.0031 0896  Null - ok
10:23:23.0078 0896  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:23:23.0265 0896  NwlnkFlt - ok
10:23:23.0281 0896  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:23:23.0484 0896  NwlnkFwd - ok
10:23:23.0609 0896  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:23:23.0640 0896  ose - ok
10:23:23.0953 0896  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:23:24.0453 0896  osppsvc - ok
10:23:24.0500 0896  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
10:23:24.0734 0896  Parport - ok
10:23:24.0796 0896  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:23:25.0015 0896  PartMgr - ok
10:23:25.0046 0896  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:23:25.0265 0896  ParVdm - ok
10:23:25.0296 0896  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:23:25.0546 0896  PCI - ok
10:23:25.0546 0896  PCIDump - ok
10:23:25.0562 0896  PCIIde - ok
10:23:25.0609 0896  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:23:25.0812 0896  Pcmcia - ok
10:23:25.0828 0896  PDCOMP - ok
10:23:25.0843 0896  PDFRAME - ok
10:23:25.0859 0896  PDRELI - ok
10:23:25.0859 0896  PDRFRAME - ok
10:23:25.0875 0896  perc2 - ok
10:23:25.0890 0896  perc2hib - ok
10:23:25.0953 0896  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
10:23:25.0984 0896  PlugPlay - ok
10:23:26.0000 0896  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:23:26.0187 0896  PolicyAgent - ok
10:23:26.0218 0896  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:23:26.0406 0896  PptpMiniport - ok
10:23:26.0421 0896  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:23:26.0640 0896  ProtectedStorage - ok
10:23:26.0656 0896  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:23:26.0890 0896  PSched - ok
10:23:26.0921 0896  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:23:27.0109 0896  Ptilink - ok
10:23:27.0171 0896  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:23:27.0203 0896  PxHelp20 - ok
10:23:27.0218 0896  ql1080 - ok
10:23:27.0218 0896  Ql10wnt - ok
10:23:27.0234 0896  ql12160 - ok
10:23:27.0250 0896  ql1240 - ok
10:23:27.0265 0896  ql1280 - ok
10:23:27.0281 0896  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:23:27.0484 0896  RasAcd - ok
10:23:27.0562 0896  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:23:27.0765 0896  RasAuto - ok
10:23:27.0796 0896  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:23:28.0000 0896  Rasl2tp - ok
10:23:28.0031 0896  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:23:28.0234 0896  RasMan - ok
10:23:28.0265 0896  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:23:28.0453 0896  RasPppoe - ok
10:23:28.0468 0896  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:23:28.0687 0896  Raspti - ok
10:23:28.0750 0896  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:23:28.0953 0896  Rdbss - ok
10:23:29.0000 0896  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:23:29.0187 0896  RDPCDD - ok
10:23:29.0250 0896  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:23:29.0390 0896  RDPWD - ok
10:23:29.0468 0896  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:23:29.0656 0896  RDSessMgr - ok
10:23:29.0703 0896  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:23:29.0937 0896  redbook - ok
10:23:30.0000 0896  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:23:30.0187 0896  RemoteAccess - ok
10:23:30.0234 0896  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:23:30.0437 0896  RpcLocator - ok
10:23:30.0484 0896  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:23:30.0562 0896  RpcSs - ok
10:23:30.0625 0896  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:23:30.0828 0896  RSVP - ok
10:23:30.0906 0896  [ 97B59CE2CFBB0884A16DDD8F1781812B ] RT80x86         C:\WINDOWS\system32\DRIVERS\RT2860.sys
10:23:31.0062 0896  RT80x86 - ok
10:23:31.0093 0896  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:23:31.0343 0896  SamSs - ok
10:23:31.0375 0896  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
10:23:31.0406 0896  SASDIFSV - ok
10:23:31.0437 0896  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
10:23:31.0453 0896  SASKUTIL - ok
10:23:31.0500 0896  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:23:31.0718 0896  SCardSvr - ok
10:23:31.0781 0896  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:23:31.0968 0896  Schedule - ok
10:23:32.0125 0896  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
10:23:32.0234 0896  SDScannerService - ok
10:23:32.0312 0896  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:23:32.0437 0896  SDUpdateService - ok
10:23:32.0484 0896  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:23:32.0546 0896  SDWSCService - ok
10:23:32.0609 0896  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:23:32.0765 0896  Secdrv - ok
10:23:32.0781 0896  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:23:33.0000 0896  seclogon - ok
10:23:33.0062 0896  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
10:23:33.0265 0896  SENS - ok
10:23:33.0296 0896  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
10:23:33.0500 0896  Serial - ok
10:23:33.0578 0896  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:23:33.0812 0896  Sfloppy - ok
10:23:33.0875 0896  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:23:34.0093 0896  SharedAccess - ok
10:23:34.0140 0896  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:23:34.0171 0896  ShellHWDetection - ok
10:23:34.0171 0896  Simbad - ok
10:23:34.0250 0896  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
10:23:34.0296 0896  SkypeUpdate - ok
10:23:34.0312 0896  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:23:34.0562 0896  SLIP - ok
10:23:34.0625 0896  [ 21EA9DC8FBE1236051832ABB5254226F ] SnoopFree       C:\WINDOWS\system32\Drivers\SnopFree.sys
10:23:34.0625 0896  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\SnopFree.sys. md5: 21EA9DC8FBE1236051832ABB5254226F
10:23:34.0625 0896  SnoopFree ( LockedFile.Multi.Generic ) - warning
10:23:34.0625 0896  SnoopFree - detected LockedFile.Multi.Generic (1)
10:23:34.0656 0896  [ ADBF2FFB193DD067254BF9090FD8A669 ] SnoopFreeSvc    C:\WINDOWS\system32\SnoopFreeSvc.exe
10:23:34.0656 0896  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - warning
10:23:34.0656 0896  SnoopFreeSvc - detected UnsignedFile.Multi.Generic (1)
10:23:34.0765 0896  [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC         C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:23:34.0937 0896  SNP2UVC - ok
10:23:34.0953 0896  Sparrow - ok
10:23:35.0000 0896  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:23:35.0234 0896  splitter - ok
10:23:35.0312 0896  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:23:35.0406 0896  Spooler - ok
10:23:35.0500 0896  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
10:23:35.0500 0896  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:23:35.0500 0896  sptd ( LockedFile.Multi.Generic ) - warning
10:23:35.0500 0896  sptd - detected LockedFile.Multi.Generic (1)
10:23:35.0546 0896  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:23:35.0703 0896  sr - ok
10:23:35.0750 0896  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:23:35.0906 0896  srservice - ok
10:23:35.0953 0896  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:23:36.0125 0896  Srv - ok
10:23:36.0203 0896  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:23:36.0390 0896  SSDPSRV - ok
10:23:36.0437 0896  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:23:36.0468 0896  ssmdrv - ok
10:23:36.0531 0896  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:23:36.0750 0896  stisvc - ok
10:23:36.0781 0896  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:23:36.0984 0896  streamip - ok
10:23:37.0031 0896  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:23:37.0265 0896  swenum - ok
10:23:37.0296 0896  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:23:37.0500 0896  swmidi - ok
10:23:37.0500 0896  SwPrv - ok
10:23:37.0515 0896  symc810 - ok
10:23:37.0531 0896  symc8xx - ok
10:23:37.0546 0896  sym_hi - ok
10:23:37.0546 0896  sym_u3 - ok
10:23:37.0593 0896  [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:23:37.0625 0896  SynTP - ok
10:23:37.0640 0896  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:23:37.0843 0896  sysaudio - ok
10:23:37.0906 0896  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:23:38.0125 0896  SysmonLog - ok
10:23:38.0203 0896  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:23:38.0406 0896  TapiSrv - ok
10:23:38.0484 0896  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:23:38.0578 0896  Tcpip - ok
10:23:38.0609 0896  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:23:38.0828 0896  TDPIPE - ok
10:23:38.0843 0896  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:23:39.0046 0896  TDTCP - ok
10:23:39.0125 0896  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:23:39.0359 0896  TermDD - ok
10:23:39.0390 0896  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:23:39.0640 0896  TermService - ok
10:23:39.0687 0896  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:23:39.0703 0896  Themes - ok
10:23:39.0718 0896  TosIde - ok
10:23:39.0781 0896  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:23:40.0000 0896  TrkWks - ok
10:23:40.0062 0896  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:23:40.0250 0896  Udfs - ok
10:23:40.0265 0896  ultra - ok
10:23:40.0343 0896  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:23:40.0546 0896  Update - ok
10:23:40.0578 0896  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:23:40.0703 0896  upnphost - ok
10:23:40.0734 0896  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
10:23:40.0937 0896  UPS - ok
10:23:40.0968 0896  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:23:41.0156 0896  usbccgp - ok
10:23:41.0234 0896  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:23:41.0421 0896  usbehci - ok
10:23:41.0437 0896  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:23:41.0625 0896  usbhub - ok
10:23:41.0687 0896  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:23:41.0875 0896  usbprint - ok
10:23:41.0937 0896  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:23:42.0125 0896  usbscan - ok
10:23:42.0171 0896  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:23:42.0375 0896  usbstor - ok
10:23:42.0375 0896  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:23:42.0578 0896  usbuhci - ok
10:23:42.0625 0896  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:23:42.0828 0896  usbvideo - ok
10:23:42.0875 0896  [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf           C:\WINDOWS\system32\DRIVERS\uvclf.sys
10:23:42.0906 0896  uvclf - ok
10:23:42.0937 0896  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:23:43.0140 0896  VgaSave - ok
10:23:43.0140 0896  ViaIde - ok
10:23:43.0218 0896  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:23:43.0421 0896  VolSnap - ok
10:23:43.0515 0896  [ 67E65C5108818AD08CC45835D494A4FB ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:23:43.0562 0896  vpnagent - ok
10:23:43.0625 0896  [ 0D8DF4058901616A4E716AB67D472581 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
10:23:43.0656 0896  vpnva - ok
10:23:43.0734 0896  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:23:43.0843 0896  VSS - ok
10:23:43.0937 0896  [ 29829B4B6F9DF2494D135722E6C7D375 ] VSSERV          C:\Programme\Softwin\BitDefender10\vsserv.exe
10:23:44.0015 0896  VSSERV ( UnsignedFile.Multi.Generic ) - warning
10:23:44.0015 0896  VSSERV - detected UnsignedFile.Multi.Generic (1)
10:23:44.0093 0896  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:23:44.0390 0896  W32Time - ok
10:23:44.0421 0896  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:23:44.0625 0896  Wanarp - ok
10:23:44.0671 0896  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
10:23:44.0750 0896  WDC_SAM - ok
10:23:44.0875 0896  [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService     C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:23:44.0906 0896  WDDMService ( UnsignedFile.Multi.Generic ) - warning
10:23:44.0906 0896  WDDMService - detected UnsignedFile.Multi.Generic (1)
10:23:44.0984 0896  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
10:23:45.0031 0896  Wdf01000 - ok
10:23:45.0046 0896  WDICA - ok
10:23:45.0109 0896  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:23:45.0343 0896  wdmaud - ok
10:23:45.0437 0896  [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
10:23:45.0468 0896  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
10:23:45.0468 0896  WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
10:23:45.0531 0896  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:23:45.0796 0896  WebClient - ok
10:23:45.0906 0896  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:23:46.0140 0896  winmgmt - ok
10:23:46.0218 0896  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:23:46.0312 0896  WmdmPmSN - ok
10:23:46.0375 0896  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:23:46.0593 0896  WmiApSrv - ok
10:23:46.0687 0896  [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
10:23:46.0828 0896  WMPNetworkSvc - ok
10:23:46.0890 0896  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:23:47.0187 0896  WS2IFSL - ok
10:23:47.0203 0896  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:23:47.0390 0896  wscsvc - ok
10:23:47.0421 0896  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:23:47.0625 0896  WSTCODEC - ok
10:23:47.0687 0896  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:23:47.0875 0896  wuauserv - ok
10:23:47.0953 0896  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:23:48.0015 0896  WudfPf - ok
10:23:48.0031 0896  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:23:48.0093 0896  WudfRd - ok
10:23:48.0125 0896  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:23:48.0156 0896  WudfSvc - ok
10:23:48.0234 0896  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:23:48.0484 0896  WZCSVC - ok
10:23:48.0578 0896  [ 5DC7B7F1DD7B9ED4066A6B065F0CE329 ] XCOMM           C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
10:23:48.0593 0896  XCOMM ( UnsignedFile.Multi.Generic ) - warning
10:23:48.0593 0896  XCOMM - detected UnsignedFile.Multi.Generic (1)
10:23:48.0640 0896  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:23:48.0875 0896  xmlprov - ok
10:23:48.0890 0896  ================ Scan global ===============================
10:23:48.0968 0896  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:23:49.0062 0896  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:23:49.0093 0896  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:23:49.0156 0896  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:23:49.0156 0896  [Global] - ok
10:23:49.0156 0896  ================ Scan MBR ==================================
10:23:49.0203 0896  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:23:49.0734 0896  \Device\Harddisk0\DR0 - ok
10:23:49.0734 0896  ================ Scan VBR ==================================
10:23:49.0734 0896  [ 1ADC3489D52F3C97647A577C6803EB19 ] \Device\Harddisk0\DR0\Partition1
10:23:49.0750 0896  \Device\Harddisk0\DR0\Partition1 - ok
10:23:49.0812 0896  [ D56A3B990EAA43C9BF7798A85CB5E097 ] \Device\Harddisk0\DR0\Partition2
10:23:49.0828 0896  \Device\Harddisk0\DR0\Partition2 - ok
10:23:49.0828 0896  ============================================================
10:23:49.0828 0896  Scan finished
10:23:49.0828 0896  ============================================================
10:23:49.0953 3792  Detected object count: 13
10:23:49.0953 3792  Actual detected object count: 13
10:24:46.0796 3792  bdfdll ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0796 3792  bdfdll ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0796 3792  bdss ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0796 3792  bdss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0812 3792  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0812 3792  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0812 3792  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0812 3792  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0812 3792  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0812 3792  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0828 3792  LIVESRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0828 3792  LIVESRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0828 3792  SnoopFree ( LockedFile.Multi.Generic ) - skipped by user
10:24:46.0828 3792  SnoopFree ( LockedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0828 3792  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0828 3792  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0843 3792  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:24:46.0843 3792  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0843 3792  VSSERV ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0843 3792  VSSERV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0843 3792  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0843 3792  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0859 3792  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0859 3792  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:24:46.0859 3792  XCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
10:24:46.0859 3792  XCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:25:12.0796 3628  ============================================================
10:25:12.0796 3628  Scan started
10:25:12.0796 3628  Mode: Manual; SigCheck; TDLFS; 
10:25:12.0796 3628  ============================================================
10:25:13.0140 3628  ================ Scan system memory ========================
10:25:13.0156 3628  System memory - ok
10:25:13.0156 3628  ================ Scan services =============================
10:25:13.0250 3628  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Programme\SUPERAntiSpyware\SASCORE.EXE
10:25:13.0328 3628  !SASCORE - ok
10:25:13.0468 3628  Abiosdsk - ok
10:25:13.0484 3628  abp480n5 - ok
10:25:13.0515 3628  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:25:13.0718 3628  ACPI - ok
10:25:13.0765 3628  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:25:13.0984 3628  ACPIEC - ok
10:25:14.0046 3628  [ D2C5C56DD26386EFA289EA0B92EADFD2 ] acsint          C:\WINDOWS\system32\DRIVERS\acsint.sys
10:25:14.0078 3628  acsint - ok
10:25:14.0109 3628  [ 45D6057452EAFE7AC27CAB55A0FED296 ] acsmux          C:\WINDOWS\system32\DRIVERS\acsmux.sys
10:25:14.0125 3628  acsmux - ok
10:25:14.0234 3628  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:25:14.0265 3628  AdobeFlashPlayerUpdateSvc - ok
10:25:14.0281 3628  adpu160m - ok
10:25:14.0421 3628  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:25:14.0656 3628  aec - ok
10:25:14.0718 3628  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:25:14.0781 3628  AFD - ok
10:25:14.0796 3628  Aha154x - ok
10:25:14.0796 3628  aic78u2 - ok
10:25:14.0812 3628  aic78xx - ok
10:25:14.0859 3628  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:25:15.0062 3628  Alerter - ok
10:25:15.0109 3628  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
10:25:15.0203 3628  ALG - ok
10:25:15.0218 3628  AliIde - ok
10:25:15.0312 3628  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
10:25:15.0531 3628  Ambfilt - ok
10:25:15.0546 3628  amsint - ok
10:25:15.0562 3628  AmUStor - ok
10:25:15.0703 3628  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
10:25:15.0734 3628  AntiVirSchedulerService - ok
10:25:15.0765 3628  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:25:15.0796 3628  AntiVirService - ok
10:25:15.0812 3628  AppMgmt - ok
10:25:15.0921 3628  [ E0EE769D14128014965E03B433F5F46E ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
10:25:16.0078 3628  AR5416 - ok
10:25:16.0078 3628  asc - ok
10:25:16.0093 3628  asc3350p - ok
10:25:16.0109 3628  asc3550 - ok
10:25:16.0218 3628  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:25:16.0265 3628  aspnet_state - ok
10:25:16.0312 3628  [ 12415A4B61DED200FE9932B47A35FA42 ] AsusACPI        C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
10:25:16.0359 3628  AsusACPI - ok
10:25:16.0421 3628  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:25:16.0640 3628  AsyncMac - ok
10:25:16.0703 3628  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
10:25:16.0968 3628  atapi - ok
10:25:16.0968 3628  Atdisk - ok
10:25:17.0031 3628  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:25:17.0250 3628  Atmarpc - ok
10:25:17.0296 3628  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:25:17.0531 3628  AudioSrv - ok
10:25:17.0578 3628  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:25:17.0781 3628  audstub - ok
10:25:17.0796 3628  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:25:17.0843 3628  avgntflt - ok
10:25:17.0890 3628  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:25:17.0921 3628  avipbb - ok
10:25:17.0968 3628  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:25:18.0000 3628  avkmgr - ok
10:25:18.0140 3628  [ 4B8C4B37A298305AF83676679329522B ] bdfdll          C:\Programme\Softwin\BitDefender10\bdfdll.sys
10:25:18.0171 3628  bdfdll ( UnsignedFile.Multi.Generic ) - warning
10:25:18.0171 3628  bdfdll - detected UnsignedFile.Multi.Generic (1)
10:25:18.0171 3628  BDFsDrv - ok
10:25:18.0187 3628  BDRsDrv - ok
10:25:18.0312 3628  [ A20EB9A2772C8D2130FF10783E9B42EA ] bdss            C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
10:25:18.0328 3628  bdss ( UnsignedFile.Multi.Generic ) - warning
10:25:18.0328 3628  bdss - detected UnsignedFile.Multi.Generic (1)
10:25:18.0375 3628  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:25:18.0562 3628  Beep - ok
10:25:18.0625 3628  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:25:18.0828 3628  BITS - ok
10:25:18.0890 3628  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
10:25:18.0953 3628  Browser - ok
10:25:18.0953 3628  btaudio - ok
10:25:18.0984 3628  BTDriver - ok
10:25:19.0000 3628  BTWDNDIS - ok
10:25:19.0015 3628  btwhid - ok
10:25:19.0031 3628  BTWUSB - ok
10:25:19.0093 3628  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:25:19.0328 3628  cbidf2k - ok
10:25:19.0390 3628  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:25:19.0609 3628  CCDECODE - ok
10:25:19.0625 3628  cd20xrnt - ok
10:25:19.0687 3628  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:25:19.0875 3628  Cdaudio - ok
10:25:19.0906 3628  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:25:20.0093 3628  Cdfs - ok
10:25:20.0156 3628  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:25:20.0343 3628  Cdrom - ok
10:25:20.0359 3628  Changer - ok
10:25:20.0421 3628  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:25:20.0640 3628  CiSvc - ok
10:25:20.0671 3628  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:25:20.0875 3628  ClipSrv - ok
10:25:20.0906 3628  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:25:20.0937 3628  clr_optimization_v2.0.50727_32 - ok
10:25:20.0984 3628  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:25:21.0187 3628  CmBatt - ok
10:25:21.0187 3628  CmdIde - ok
10:25:21.0218 3628  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:25:21.0421 3628  Compbatt - ok
10:25:21.0421 3628  COMSysApp - ok
10:25:21.0453 3628  Cpqarray - ok
10:25:21.0500 3628  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:25:21.0687 3628  CryptSvc - ok
10:25:21.0703 3628  dac2w2k - ok
10:25:21.0703 3628  dac960nt - ok
10:25:21.0796 3628  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:25:21.0828 3628  DcomLaunch - ok
10:25:21.0890 3628  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:25:22.0078 3628  Dhcp - ok
10:25:22.0093 3628  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:25:22.0296 3628  Disk - ok
10:25:22.0296 3628  dmadmin - ok
10:25:22.0390 3628  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:25:22.0609 3628  dmboot - ok
10:25:22.0687 3628  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:25:22.0875 3628  dmio - ok
10:25:22.0906 3628  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:25:23.0109 3628  dmload - ok
10:25:23.0156 3628  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:25:23.0343 3628  dmserver - ok
10:25:23.0406 3628  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:25:23.0593 3628  DMusic - ok
10:25:23.0656 3628  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:25:23.0703 3628  Dnscache - ok
10:25:23.0750 3628  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:25:23.0953 3628  Dot3svc - ok
10:25:23.0968 3628  dpti2o - ok
10:25:24.0062 3628  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:25:24.0250 3628  drmkaud - ok
10:25:24.0296 3628  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:25:24.0500 3628  EapHost - ok
10:25:24.0593 3628  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
10:25:24.0640 3628  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
10:25:24.0640 3628  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
10:25:24.0718 3628  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE
10:25:24.0734 3628  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning
10:25:24.0734 3628  EPSON_EB_RPCV4_04 - detected UnsignedFile.Multi.Generic (1)
10:25:24.0781 3628  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE
10:25:24.0812 3628  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning
10:25:24.0812 3628  EPSON_PM_RPCV4_04 - detected UnsignedFile.Multi.Generic (1)
10:25:24.0921 3628  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:25:25.0218 3628  ERSvc - ok
10:25:25.0296 3628  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
10:25:25.0328 3628  Eventlog - ok
10:25:25.0406 3628  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
10:25:25.0453 3628  EventSystem - ok
10:25:25.0531 3628  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:25:25.0718 3628  Fastfat - ok
10:25:25.0796 3628  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:25:25.0828 3628  FastUserSwitchingCompatibility - ok
10:25:25.0890 3628  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
10:25:26.0078 3628  Fdc - ok
10:25:26.0093 3628  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:25:26.0312 3628  Fips - ok
10:25:26.0343 3628  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
10:25:26.0531 3628  Flpydisk - ok
10:25:26.0593 3628  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:25:26.0796 3628  FltMgr - ok
10:25:26.0875 3628  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:25:26.0890 3628  FontCache3.0.0.0 - ok
10:25:26.0953 3628  [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
10:25:26.0984 3628  fssfltr - ok
10:25:27.0125 3628  [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc          C:\Programme\Windows Live\Family Safety\fsssvc.exe
10:25:27.0187 3628  fsssvc - ok
10:25:27.0250 3628  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:25:27.0500 3628  Fs_Rec - ok
10:25:27.0546 3628  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:25:27.0734 3628  Ftdisk - ok
10:25:27.0812 3628  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:25:27.0984 3628  Gpc - ok
10:25:28.0093 3628  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
10:25:28.0125 3628  gupdate - ok
10:25:28.0140 3628  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
10:25:28.0171 3628  gupdatem - ok
10:25:28.0250 3628  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:25:28.0453 3628  HDAudBus - ok
10:25:28.0562 3628  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:25:28.0843 3628  helpsvc - ok
10:25:28.0906 3628  [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:25:29.0093 3628  HidServ - ok
10:25:29.0109 3628  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:25:29.0296 3628  hidusb - ok
10:25:29.0359 3628  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:25:29.0531 3628  hkmsvc - ok
10:25:29.0546 3628  hpn - ok
10:25:29.0609 3628  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:25:29.0656 3628  HTTP - ok
10:25:29.0718 3628  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:25:29.0937 3628  HTTPFilter - ok
10:25:29.0953 3628  i2omgmt - ok
10:25:29.0953 3628  i2omp - ok
10:25:29.0984 3628  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:25:30.0187 3628  i8042prt - ok
10:25:30.0437 3628  [ 0F68E2EC713F132FFB19E45415B09679 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:25:30.0718 3628  ialm - ok
10:25:30.0812 3628  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
10:25:30.0859 3628  iaStor - ok
10:25:30.0968 3628  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:25:31.0093 3628  idsvc - ok
10:25:31.0156 3628  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:25:31.0437 3628  Imapi - ok
10:25:31.0484 3628  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:25:31.0671 3628  ImapiService - ok
10:25:31.0687 3628  ini910u - ok
10:25:31.0859 3628  [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:25:32.0171 3628  IntcAzAudAddService - ok
10:25:32.0187 3628  IntelIde - ok
10:25:32.0250 3628  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:25:32.0515 3628  intelppm - ok
10:25:32.0531 3628  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:25:32.0703 3628  Ip6Fw - ok
10:25:32.0750 3628  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:25:32.0921 3628  IpFilterDriver - ok
10:25:32.0953 3628  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:25:33.0140 3628  IpInIp - ok
10:25:33.0187 3628  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:25:33.0390 3628  IpNat - ok
10:25:33.0453 3628  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:25:33.0640 3628  IPSec - ok
10:25:33.0671 3628  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:25:33.0796 3628  IRENUM - ok
10:25:33.0875 3628  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:25:34.0062 3628  isapnp - ok
10:25:34.0265 3628  [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
10:25:34.0296 3628  JavaQuickStarterService - ok
10:25:34.0359 3628  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:25:34.0625 3628  Kbdclass - ok
10:25:34.0703 3628  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:25:34.0953 3628  kmixer - ok
10:25:35.0031 3628  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:25:35.0062 3628  KSecDD - ok
10:25:35.0140 3628  [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
10:25:35.0171 3628  L1c - ok
10:25:35.0234 3628  [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
10:25:35.0265 3628  LanmanServer - ok
10:25:35.0328 3628  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:25:35.0375 3628  lanmanworkstation - ok
10:25:35.0390 3628  lbrtfdc - ok
10:25:35.0515 3628  [ DA46DE196C3CF33B176E38CF8E30D149 ] LIVESRV         C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
10:25:35.0531 3628  LIVESRV ( UnsignedFile.Multi.Generic ) - warning
10:25:35.0531 3628  LIVESRV - detected UnsignedFile.Multi.Generic (1)
10:25:35.0578 3628  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:25:35.0843 3628  LmHosts - ok
10:25:35.0906 3628  [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
10:25:35.0937 3628  MBAMProtector - ok
10:25:36.0078 3628  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:25:36.0125 3628  MBAMScheduler - ok
10:25:36.0171 3628  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
10:25:36.0234 3628  MBAMService - ok
10:25:36.0281 3628  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:25:36.0500 3628  Messenger - ok
10:25:36.0625 3628  Microsoft SharePoint Workspace Audit Service - ok
10:25:36.0671 3628  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:25:36.0859 3628  mnmdd - ok
10:25:36.0906 3628  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
10:25:37.0125 3628  mnmsrvc - ok
10:25:37.0156 3628  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:25:37.0375 3628  Modem - ok
10:25:37.0468 3628  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
10:25:37.0609 3628  Monfilt - ok
10:25:37.0656 3628  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:25:37.0843 3628  Mouclass - ok
10:25:37.0921 3628  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:25:38.0125 3628  mouhid - ok
10:25:38.0171 3628  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:25:38.0359 3628  MountMgr - ok
10:25:38.0437 3628  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:25:38.0468 3628  MozillaMaintenance - ok
10:25:38.0468 3628  mraid35x - ok
10:25:38.0500 3628  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:25:38.0687 3628  MRxDAV - ok
10:25:38.0765 3628  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:25:38.0796 3628  MRxSmb - ok
10:25:38.0843 3628  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
10:25:39.0015 3628  MSDTC - ok
10:25:39.0031 3628  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:25:39.0218 3628  Msfs - ok
10:25:39.0218 3628  MSIServer - ok
10:25:39.0265 3628  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:25:39.0468 3628  MSKSSRV - ok
10:25:39.0500 3628  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:25:39.0671 3628  MSPCLOCK - ok
10:25:39.0703 3628  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:25:39.0906 3628  MSPQM - ok
10:25:39.0984 3628  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:25:40.0171 3628  mssmbios - ok
10:25:40.0218 3628  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:25:40.0421 3628  MSTEE - ok
10:25:40.0484 3628  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:25:40.0515 3628  Mup - ok
10:25:40.0562 3628  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:25:40.0796 3628  NABTSFEC - ok
10:25:40.0859 3628  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:25:41.0093 3628  napagent - ok
10:25:41.0156 3628  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:25:41.0328 3628  NDIS - ok
10:25:41.0375 3628  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:25:41.0562 3628  NdisIP - ok
10:25:41.0609 3628  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:25:41.0625 3628  NdisTapi - ok
10:25:41.0687 3628  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:25:41.0875 3628  Ndisuio - ok
10:25:41.0890 3628  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:25:42.0078 3628  NdisWan - ok
10:25:42.0109 3628  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:25:42.0156 3628  NDProxy - ok
10:25:42.0187 3628  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:25:42.0375 3628  NetBIOS - ok
10:25:42.0437 3628  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:25:42.0609 3628  NetBT - ok
10:25:42.0656 3628  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:25:42.0859 3628  NetDDE - ok
10:25:42.0859 3628  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:25:43.0046 3628  NetDDEdsdm - ok
10:25:43.0093 3628  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:25:43.0296 3628  Netlogon - ok
10:25:43.0328 3628  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
10:25:43.0500 3628  Netman - ok
10:25:43.0562 3628  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:25:43.0593 3628  NetTcpPortSharing - ok
10:25:43.0640 3628  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:25:43.0671 3628  Nla - ok
10:25:43.0718 3628  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:25:43.0921 3628  Npfs - ok
10:25:44.0000 3628  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:25:44.0187 3628  Ntfs - ok
10:25:44.0218 3628  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
10:25:44.0406 3628  NtLmSsp - ok
10:25:44.0437 3628  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:25:44.0671 3628  NtmsSvc - ok
10:25:44.0750 3628  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:25:44.0921 3628  Null - ok
10:25:44.0968 3628  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:25:45.0171 3628  NwlnkFlt - ok
10:25:45.0218 3628  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:25:45.0453 3628  NwlnkFwd - ok
10:25:45.0562 3628  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:25:45.0593 3628  ose - ok
10:25:45.0875 3628  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:25:46.0234 3628  osppsvc - ok
10:25:46.0265 3628  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
10:25:46.0468 3628  Parport - ok
10:25:46.0515 3628  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:25:46.0718 3628  PartMgr - ok
10:25:46.0750 3628  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:25:46.0921 3628  ParVdm - ok
10:25:46.0953 3628  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:25:47.0187 3628  PCI - ok
10:25:47.0187 3628  PCIDump - ok
10:25:47.0203 3628  PCIIde - ok
10:25:47.0250 3628  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:25:47.0453 3628  Pcmcia - ok
10:25:47.0453 3628  PDCOMP - ok
10:25:47.0468 3628  PDFRAME - ok
10:25:47.0484 3628  PDRELI - ok
10:25:47.0500 3628  PDRFRAME - ok
10:25:47.0500 3628  perc2 - ok
10:25:47.0515 3628  perc2hib - ok
10:25:47.0578 3628  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
10:25:47.0625 3628  PlugPlay - ok
10:25:47.0625 3628  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:25:47.0812 3628  PolicyAgent - ok
10:25:47.0843 3628  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:25:48.0015 3628  PptpMiniport - ok
10:25:48.0031 3628  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:25:48.0203 3628  ProtectedStorage - ok
10:25:48.0218 3628  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:25:48.0390 3628  PSched - ok
10:25:48.0406 3628  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:25:48.0578 3628  Ptilink - ok
10:25:48.0625 3628  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:25:48.0656 3628  PxHelp20 - ok
10:25:48.0656 3628  ql1080 - ok
10:25:48.0671 3628  Ql10wnt - ok
10:25:48.0687 3628  ql12160 - ok
10:25:48.0703 3628  ql1240 - ok
10:25:48.0703 3628  ql1280 - ok
10:25:48.0734 3628  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:25:48.0921 3628  RasAcd - ok
10:25:48.0984 3628  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:25:49.0171 3628  RasAuto - ok
10:25:49.0203 3628  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:25:49.0406 3628  Rasl2tp - ok
10:25:49.0437 3628  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:25:49.0640 3628  RasMan - ok
10:25:49.0656 3628  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:25:49.0828 3628  RasPppoe - ok
10:25:49.0828 3628  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:25:50.0015 3628  Raspti - ok
10:25:50.0093 3628  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:25:50.0281 3628  Rdbss - ok
10:25:50.0343 3628  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:25:50.0578 3628  RDPCDD - ok
10:25:50.0640 3628  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:25:50.0703 3628  RDPWD - ok
10:25:50.0781 3628  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:25:51.0015 3628  RDSessMgr - ok
10:25:51.0046 3628  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:25:51.0218 3628  redbook - ok
10:25:51.0296 3628  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:25:51.0468 3628  RemoteAccess - ok
10:25:51.0515 3628  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:25:51.0718 3628  RpcLocator - ok
10:25:51.0750 3628  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:25:51.0796 3628  RpcSs - ok
10:25:51.0875 3628  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
10:25:52.0062 3628  RSVP - ok
10:25:52.0140 3628  [ 97B59CE2CFBB0884A16DDD8F1781812B ] RT80x86         C:\WINDOWS\system32\DRIVERS\RT2860.sys
10:25:52.0234 3628  RT80x86 - ok
10:25:52.0281 3628  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:25:52.0468 3628  SamSs - ok
10:25:52.0500 3628  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
10:25:52.0515 3628  SASDIFSV - ok
10:25:52.0531 3628  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
10:25:52.0562 3628  SASKUTIL - ok
10:25:52.0609 3628  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:25:52.0812 3628  SCardSvr - ok
10:25:52.0890 3628  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:25:53.0078 3628  Schedule - ok
10:25:53.0234 3628  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
10:25:53.0312 3628  SDScannerService - ok
10:25:53.0390 3628  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:25:53.0500 3628  SDUpdateService - ok
10:25:53.0546 3628  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:25:53.0578 3628  SDWSCService - ok
10:25:53.0609 3628  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:25:53.0796 3628  Secdrv - ok
10:25:53.0828 3628  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:25:54.0015 3628  seclogon - ok
10:25:54.0093 3628  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
10:25:54.0281 3628  SENS - ok
10:25:54.0312 3628  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
10:25:54.0500 3628  Serial - ok
10:25:54.0546 3628  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:25:54.0734 3628  Sfloppy - ok
10:25:54.0812 3628  [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:25:55.0000 3628  SharedAccess - ok
10:25:55.0046 3628  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:25:55.0078 3628  ShellHWDetection - ok
10:25:55.0093 3628  Simbad - ok
10:25:55.0156 3628  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Programme\Skype\Updater\Updater.exe
10:25:55.0187 3628  SkypeUpdate - ok
10:25:55.0203 3628  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:25:55.0437 3628  SLIP - ok
10:25:55.0500 3628  [ 21EA9DC8FBE1236051832ABB5254226F ] SnoopFree       C:\WINDOWS\system32\Drivers\SnopFree.sys
10:25:55.0500 3628  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\SnopFree.sys. md5: 21EA9DC8FBE1236051832ABB5254226F
10:25:55.0500 3628  SnoopFree ( LockedFile.Multi.Generic ) - warning
10:25:55.0500 3628  SnoopFree - detected LockedFile.Multi.Generic (1)
10:25:55.0531 3628  [ ADBF2FFB193DD067254BF9090FD8A669 ] SnoopFreeSvc    C:\WINDOWS\system32\SnoopFreeSvc.exe
10:25:55.0546 3628  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - warning
10:25:55.0546 3628  SnoopFreeSvc - detected UnsignedFile.Multi.Generic (1)
10:25:56.0046 3628  [ 473F35E2A378B854731E67C377A3BEA7 ] SNP2UVC         C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:25:56.0187 3628  SNP2UVC - ok
10:25:56.0203 3628  Sparrow - ok
10:25:56.0296 3628  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:25:56.0531 3628  splitter - ok
10:25:56.0625 3628  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:25:56.0671 3628  Spooler - ok
10:25:56.0843 3628  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
10:25:56.0843 3628  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:25:56.0843 3628  sptd ( LockedFile.Multi.Generic ) - warning
10:25:56.0843 3628  sptd - detected LockedFile.Multi.Generic (1)
10:25:56.0890 3628  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:25:57.0015 3628  sr - ok
10:25:57.0062 3628  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
10:25:57.0171 3628  srservice - ok
10:25:57.0265 3628  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:25:57.0328 3628  Srv - ok
10:25:57.0406 3628  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:25:57.0562 3628  SSDPSRV - ok
10:25:57.0625 3628  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:25:57.0640 3628  ssmdrv - ok
10:25:57.0796 3628  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:25:58.0015 3628  stisvc - ok
10:25:58.0062 3628  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:25:58.0250 3628  streamip - ok
10:25:58.0296 3628  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:25:58.0500 3628  swenum - ok
10:25:58.0531 3628  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:25:58.0703 3628  swmidi - ok
10:25:58.0718 3628  SwPrv - ok
10:25:58.0734 3628  symc810 - ok
10:25:58.0734 3628  symc8xx - ok
10:25:58.0750 3628  sym_hi - ok
10:25:58.0765 3628  sym_u3 - ok
10:25:58.0843 3628  [ 8E25A1DBB8527B2074AF9B682F818768 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:25:58.0875 3628  SynTP - ok
10:25:58.0890 3628  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:25:59.0078 3628  sysaudio - ok
10:25:59.0140 3628  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:25:59.0343 3628  SysmonLog - ok
10:25:59.0453 3628  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:25:59.0640 3628  TapiSrv - ok
10:25:59.0718 3628  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:25:59.0843 3628  Tcpip - ok
10:25:59.0906 3628  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:26:00.0171 3628  TDPIPE - ok
10:26:00.0250 3628  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:26:00.0500 3628  TDTCP - ok
10:26:00.0578 3628  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:26:00.0796 3628  TermDD - ok
10:26:00.0828 3628  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:26:01.0015 3628  TermService - ok
10:26:01.0046 3628  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:26:01.0078 3628  Themes - ok
10:26:01.0093 3628  TosIde - ok
10:26:01.0156 3628  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:26:01.0343 3628  TrkWks - ok
10:26:01.0406 3628  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:26:01.0593 3628  Udfs - ok
10:26:01.0593 3628  ultra - ok
10:26:01.0671 3628  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:26:01.0859 3628  Update - ok
10:26:01.0906 3628  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:26:02.0031 3628  upnphost - ok
10:26:02.0078 3628  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
10:26:02.0281 3628  UPS - ok
10:26:02.0343 3628  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:26:02.0546 3628  usbccgp - ok
10:26:02.0625 3628  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:26:02.0812 3628  usbehci - ok
10:26:02.0843 3628  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:26:03.0015 3628  usbhub - ok
10:26:03.0078 3628  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:26:03.0265 3628  usbprint - ok
10:26:03.0296 3628  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:26:03.0468 3628  usbscan - ok
10:26:03.0515 3628  [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:26:03.0703 3628  usbstor - ok
10:26:03.0781 3628  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:26:03.0953 3628  usbuhci - ok
10:26:04.0000 3628  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:26:04.0203 3628  usbvideo - ok
10:26:04.0218 3628  [ C019889035CDC1A06F2FEBC93CBB6897 ] uvclf           C:\WINDOWS\system32\DRIVERS\uvclf.sys
10:26:04.0265 3628  uvclf - ok
10:26:04.0296 3628  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:26:04.0500 3628  VgaSave - ok
10:26:04.0515 3628  ViaIde - ok
10:26:04.0578 3628  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:26:04.0765 3628  VolSnap - ok
10:26:04.0859 3628  [ 67E65C5108818AD08CC45835D494A4FB ] vpnagent        C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:26:04.0890 3628  vpnagent - ok
10:26:04.0953 3628  [ 0D8DF4058901616A4E716AB67D472581 ] vpnva           C:\WINDOWS\system32\DRIVERS\vpnva.sys
10:26:04.0984 3628  vpnva - ok
10:26:05.0046 3628  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:26:05.0171 3628  VSS - ok
10:26:05.0265 3628  [ 29829B4B6F9DF2494D135722E6C7D375 ] VSSERV          C:\Programme\Softwin\BitDefender10\vsserv.exe
10:26:05.0296 3628  VSSERV ( UnsignedFile.Multi.Generic ) - warning
10:26:05.0296 3628  VSSERV - detected UnsignedFile.Multi.Generic (1)
10:26:05.0359 3628  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:26:05.0609 3628  W32Time - ok
10:26:05.0687 3628  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:26:05.0859 3628  Wanarp - ok
10:26:05.0921 3628  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
10:26:05.0984 3628  WDC_SAM - ok
10:26:06.0125 3628  [ 300B4847E1157BDD7A306B18ED65A97E ] WDDMService     C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:26:06.0187 3628  WDDMService ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0187 3628  WDDMService - detected UnsignedFile.Multi.Generic (1)
10:26:06.0265 3628  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
10:26:06.0312 3628  Wdf01000 - ok
10:26:06.0328 3628  WDICA - ok
10:26:06.0390 3628  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:26:06.0625 3628  wdmaud - ok
10:26:06.0750 3628  [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
10:26:06.0781 3628  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
10:26:06.0781 3628  WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
10:26:06.0843 3628  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:26:07.0062 3628  WebClient - ok
10:26:07.0218 3628  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:26:07.0468 3628  winmgmt - ok
10:26:07.0546 3628  [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:26:07.0609 3628  WmdmPmSN - ok
10:26:07.0640 3628  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:26:07.0812 3628  WmiApSrv - ok
10:26:07.0937 3628  [ D3DBD6E76F4BE9BEE67EB631488B5F29 ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
10:26:08.0062 3628  WMPNetworkSvc - ok
10:26:08.0140 3628  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:26:08.0343 3628  WS2IFSL - ok
10:26:08.0375 3628  [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:26:08.0562 3628  wscsvc - ok
10:26:08.0593 3628  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:26:08.0765 3628  WSTCODEC - ok
10:26:08.0812 3628  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:26:09.0000 3628  wuauserv - ok
10:26:09.0062 3628  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:26:09.0156 3628  WudfPf - ok
10:26:09.0171 3628  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:26:09.0203 3628  WudfRd - ok
10:26:09.0234 3628  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:26:09.0265 3628  WudfSvc - ok
10:26:09.0359 3628  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:26:09.0546 3628  WZCSVC - ok
10:26:09.0625 3628  [ 5DC7B7F1DD7B9ED4066A6B065F0CE329 ] XCOMM           C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
10:26:09.0625 3628  XCOMM ( UnsignedFile.Multi.Generic ) - warning
10:26:09.0625 3628  XCOMM - detected UnsignedFile.Multi.Generic (1)
10:26:09.0671 3628  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:26:09.0906 3628  xmlprov - ok
10:26:09.0937 3628  ================ Scan global ===============================
10:26:10.0000 3628  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
10:26:10.0078 3628  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:26:10.0109 3628  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
10:26:10.0140 3628  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
10:26:10.0140 3628  [Global] - ok
10:26:10.0140 3628  ================ Scan MBR ==================================
10:26:10.0187 3628  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:26:11.0000 3628  \Device\Harddisk0\DR0 - ok
10:26:11.0000 3628  ================ Scan VBR ==================================
10:26:11.0000 3628  [ 1ADC3489D52F3C97647A577C6803EB19 ] \Device\Harddisk0\DR0\Partition1
10:26:11.0000 3628  \Device\Harddisk0\DR0\Partition1 - ok
10:26:11.0093 3628  [ D56A3B990EAA43C9BF7798A85CB5E097 ] \Device\Harddisk0\DR0\Partition2
10:26:11.0093 3628  \Device\Harddisk0\DR0\Partition2 - ok
10:26:11.0093 3628  ============================================================
10:26:11.0093 3628  Scan finished
10:26:11.0093 3628  ============================================================
10:26:11.0109 2916  Detected object count: 13
10:26:11.0109 2916  Actual detected object count: 13
10:26:27.0281 2916  bdfdll ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0281 2916  bdfdll ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0296 2916  bdss ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0296 2916  bdss ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0296 2916  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0296 2916  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0296 2916  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0296 2916  EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0312 2916  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0312 2916  EPSON_PM_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0312 2916  LIVESRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0312 2916  LIVESRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0312 2916  SnoopFree ( LockedFile.Multi.Generic ) - skipped by user
10:26:27.0312 2916  SnoopFree ( LockedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0328 2916  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0328 2916  SnoopFreeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0328 2916  sptd ( LockedFile.Multi.Generic ) - skipped by user
10:26:27.0328 2916  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0328 2916  VSSERV ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0328 2916  VSSERV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0343 2916  WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0343 2916  WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0343 2916  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0343 2916  WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:26:27.0343 2916  XCOMM ( UnsignedFile.Multi.Generic ) - skipped by user
10:26:27.0343 2916  XCOMM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke!

markusg · 28.12.2012, 14:48

Hi,
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

elico · 28.12.2012, 19:47

Hi,
anbei das Log von CF:
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-12-28.02 - Admin 12/28/2012  19:09:09.2.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Admin\Eigene Dateien\Downloads\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-28  ))))))))))))))))))))))))))))))
.
.
2012-12-27 19:38 . 2012-12-27 19:38	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-12-27 09:25 . 2012-12-27 10:52	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-12-27 09:25 . 2009-01-25 11:14	15224	----a-w-	c:\windows\system32\sdnclean.exe
2012-12-27 09:25 . 2012-12-27 09:25	--------	d-----w-	c:\programme\Spybot - Search & Destroy 2
2012-12-27 09:21 . 2012-12-27 09:21	388096	----a-r-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-27 09:21 . 2012-12-27 09:21	--------	d-----w-	c:\programme\Trend Micro
2012-12-26 20:28 . 2012-12-26 20:28	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\SUPERAntiSpyware.com
2012-12-26 20:27 . 2012-12-26 20:28	--------	d-----w-	c:\programme\SUPERAntiSpyware
2012-12-26 20:27 . 2012-12-26 20:27	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-12-26 10:56 . 2012-12-28 18:18	81984	----a-w-	c:\windows\system32\bdod.bin
2012-12-26 10:52 . 2012-12-26 10:52	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Bitdefender
2012-12-26 10:51 . 2012-12-26 10:51	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\BitDefender
2012-12-26 10:51 . 2012-12-26 10:51	--------	d-----w-	c:\programme\Softwin
2012-12-26 10:50 . 2012-12-26 10:51	--------	d-----w-	c:\programme\Gemeinsame Dateien\Softwin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2009-08-13 18:32	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-11 22:27 . 2012-04-06 08:45	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-11 22:27 . 2011-05-18 07:32	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2009-08-13 18:32	1866496	----a-w-	c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-08-13 18:32	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-08-13 18:32	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-08-13 18:32	43520	------w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-08-13 18:32	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-08-13 18:32	385024	------w-	c:\windows\system32\html.iec
2012-10-02 18:04 . 2009-08-13 18:32	58368	----a-w-	c:\windows\system32\synceng.dll
2012-09-29 18:54 . 2012-08-02 23:15	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-29 08:26 . 2012-12-27 15:33	262112	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 15:58	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 15:58	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 15:58	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 15:58	556056	----a-w-	c:\programme\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\programme\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\programme\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\programme\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"BCSSync"="c:\programme\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SnoopFreeUI"="SnoopFreeUI.exe" [2012-06-21 221184]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-10-04 296096]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-08-03 523216]
"BDMCon"="c:\programme\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\programme\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"SDTray"="c:\programme\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
 SuperHybridEngine.lnk - c:\programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-14 376832]
WDDMStatus.lnk - c:\programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2043904]
WDSmartWare.lnk - c:\programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Eurowin\\MaxTax Standard\\MAXTAX.exe"=
"c:\\Programme\\Eurowin\\MaxTax Standard\\STMAXTAX.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\Admin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Dokumente und Einstellungen\\Admin\\Eigene Dateien\\Downloads\\SweetImSetup.exe"=
"c:\\Programme\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Programme\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [x]
R2 WDDMService;WD SmartWare Drive Manager;c:\programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programme\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [x]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 uvclf;uvclf;c:\windows\system32\DRIVERS\uvclf.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\programme\Gemeinsame Dateien\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x86.sys [x]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 22:27]
.
2012-12-28 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-27 13:08]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-23 19:48]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-23 19:48]
.
2012-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-12-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-12-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3127665704-1242981442-2255728428-1007.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2012-12-28 c:\windows\Tasks\ReclaimerResumeInstallLogin_Admin.job
- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-28 17:39]
.
2012-12-28 c:\windows\Tasks\ReclaimerResumeInstall_Admin.job
- c:\dokumente und einstellungen\Admin\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-28 17:39]
.
2012-12-27 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-27 13:07]
.
2012-12-27 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\programme\Spybot - Search & Destroy 2\SDScan.exe [2012-12-27 13:07]
.
2012-12-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2012-06-06 19:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\tzjvj5sr.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=B4E17EA4-26D5-4462-B3AF-E5281260BED8&apn_ptnrs=&apn_sauid=24584BE5-BCE7-466F-805E-706A3FBF4532&apn_dtid=OSJ000&&q=
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=a003623a00000000000090e6ba7f0afb
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN113944720558886-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=a003623a00000000000090e6ba7f0afb&q=
FF - user.js: extensions.zonealarm.id - a003623a00000000000090e6ba7f0afb
FF - user.js: extensions.zonealarm.instlDay - 15542
FF - user.js: extensions.zonealarm.vrsn - 1.6.4.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.4.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.414:35
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN113944720558886-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-28 19:21
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Zeit der Fertigstellung: 2012-12-28  19:24:52
ComboFix-quarantined-files.txt  2012-12-28 18:24
.
Vor Suchlauf: 14 Verzeichnis(se), 21,482,143,744 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 21,517,856,768 Bytes frei
.
- - End Of File - - F210F8AFE446A3A35DBCCC7F78CF9F91

--- --- ---

Danke!

VG

markusg · 02.01.2013, 21:47

hi

lade den CCleaner standard:
CCleaner Download - CCleaner 3.26.1888
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools,uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

elico · 04.01.2013, 11:47

Hallo,
anbei die Liste:

7-Zip 9.20 7/27/2012 --> notwendig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12/29/2012 11.5.502.135 --> notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12/29/2012 11.5.502.135 --> notwendig
Ask Toolbar Ask.com 9/17/2012 3.69MB 1.15.4.0 --> unnötig
Ask Toolbar Updater Ask.com 9/17/2012 1.2.2.23821 --> unnötig
Asus ACPI Driver AsusTek Computer 8/14/2009 6.1.1.1008 --> notwendig
ASUS USB2.0 UVC VGA WebCam Sonix 8/14/2009 5.8.52108.207_WHQL --> notwendig
ASUSUpdate for Eee PC 11/17/2011 --> notwendig
Atheros Client Installation Program Atheros 8/14/2009 7.0 --> notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 8/14/2009 1.0.0.16 --> notwendig
Avira Free Antivirus Avira 12/25/2012 12.1.9.1236 --> notwendig
BitDefender Free Edition v10 SOFTWIN 12/26/2012 35.39MB 10.2.9 --> notwendig (?)
BitZipper 2010 Bitberry Software 6/28/2011 --> unnötig
CCleaner Piriform 12/19/2012 3.26 --> notwendig (?)
Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 10/18/2012 3.0.3054 --> notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 12/13/2012 333.00MB 12.0.6612.1000 --> unnötig
Counter-Strike 2D 0.1.1.9 Unreal Software 9/8/2012 --> unnötig
Data Sync ASUS 8/14/2009 62.16MB 1.0.2 --> notwendig
Dropbox Dropbox, Inc. 6/5/2012 1.4.7 --> notwendig
Druckerdeinstallation für EPSON BX525WD Series SEIKO EPSON Corporation 10/28/2011 --> notwendig
Eee Docking 1.3.6.0 ASUSTEK 8/14/2009 1.3.6.0 --> notwendig
EeeSplendid ASUS 8/14/2009 5.1.1.0021 --> unbekannt
ElsterFormular Landesfinanzdirektion Thüringen 5/20/2012 11.3.0.4235 --> notwendig
ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 5/20/2012 13.2.0.8623p --> notwendig
EPSON Scan Seiko Epson Corporation 10/28/2011 --> notwendig
EpsonNet Print SEIKO EPSON CORPORATION 10/28/2011 2.5.00 --> notwendig
EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 10/28/2011 3.3b --> notwendig
ESET Online Scanner v3 6/25/2012 --> notwendig (?)
eurowin maxtax eurowin 4/17/2010 15103 --> unnötig
Exavo SurveyStudio 5.0.0.379 9/28/2012 --> notwendig
EzMessenger ASUS 8/14/2009 16.04MB 1.0.2 --> unbekannt
File Type Assistant Trusted Software 4/7/2011 --> unbekannt
FontResizer ASUSTek 8/14/2009 1.50MB 1.00.0010 --> unbekannt
Google Chrome Google Inc. 6/23/2011 23.0.1271.97 --> notwendig
Google Drive Google, Inc. 11/30/2012 15.85MB 1.6.3837.2778 --> unbekannt
gretl version 1.9.6 The gretl team 12/15/2011 1.9.6 --> notwendig
Harzing's Publish or Perish 3.8.2.4688 Tarma Software Research Pty Ltd 11/1/2012 3.8.2.4688 --> notwendig
HiJackThis Trend Micro 12/27/2012 0.36MB 1.0.0 --> unnötig
Intel(R) Graphics Media Accelerator Driver 6/21/2012 --> unbekannt
Java 7 Update 9 Oracle 9/1/2012 128.00MB 7.0.90 ----> notwendig
LiveUpdate Asus 8/14/2009 7.02MB 1.13 ----> notwendig
Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 12/25/2012 1.65.1.1000 ----> notwendig (?)
Microsoft .NET Framework 1.1 11/16/2012 --> unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 11/16/2012 183.00MB 2.2.30729 --> unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 5/12/2012 239.00MB 3.2.30729 --> unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 5/12/2012 --> unbekannt
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 8/14/2009 --> unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 11/16/2012 177.00MB 12.0.6612.1000 --> unnötig
Microsoft Office Professional Plus 2010 Microsoft Corporation 12/13/2012 14.0.6029.1000 --> notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 8/14/2009 8.20MB 2.9 --> unbekannt
Microsoft Silverlight Microsoft Corporation 5/14/2012 80.91MB 5.1.10411.0 --> notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 8/14/2009 1.74MB 3.1.0000 --> unbekannt
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 8/14/2009 2.29MB 1.0.1215.0 --> unbekannt
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 8/14/2009 1.45MB 1.0.1215.0 --> unbekannt
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 8/14/2009 --> unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 5/18/2010 0.11MB 8.0.50727.4053 --> unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/18/2011 5.28MB 8.0.61001 --> unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 1/1/2010 0.15MB 9.0.30729.4148 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 4/13/2011 10.20MB 9.0.30729.5570 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 5/29/2011 9.65MB 9.0.30729 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/30/2009 10.28MB 9.0.30729 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10/27/2010 10.19MB 9.0.30729.4148 --> unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/24/2011 10.20MB 9.0.30729.6161 --> unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10/20/2011 14.97MB 10.0.40219 --> unbekannt
Microsoft Works Microsoft Corporation 10/10/2012 8.91MB 9.7.0621 --> unnötig
Mozilla Firefox 17.0.1 (x86 de) Mozilla 12/27/2012 17.0.1 --> notwendig
Mozilla Maintenance Service Mozilla 12/28/2012 17.0.1 --> notwendig
Opera 12.02 Opera Software ASA 10/10/2012 12.02.1578 --> notwendig
PDF To Excel Converter V2.0 PDF To Excel Converter - Download FREE 10/12/2012 --> notwendig
PDF-Viewer Tracker Software Products Ltd 8/8/2012 2.5.204.0 --> notwendig
R for Windows 2.10.1 R Development Core Team 3/25/2010 2.10.1 --> unnötig
R-Word Demo 1.2 R-tools Technology Inc. 10/17/2010 --> unnötig
Ralink Wireless LAN Ralink 8/20/2009 1.0.7.0 --> unbekannt
RealPlayer RealNetworks 1/1/2013 16.0.0 --> unnötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 8/14/2009 5.10.0.5841 --> benötigt
Secure Download Manager e-academy Inc. 7/28/2012 0.91MB 3.0.5 --> benötigt
Simplyzip (remove only) 8/4/2012 --> unnötig
Skype web features Skype Technologies S.A. 8/14/2009 5.04MB 1.0.3810 --> unnötig
Skype™ 5.10 Skype Technologies S.A. 9/14/2012 19.45MB 5.10.116 --> benötigt
SnoopFree Privacy Shield --> unnötig
SopCast 3.2.9 SopCast - Free P2P internet TV | live football, NBA, cricket 4/28/2010 3.2.9 --> unnötig
Spybot - Search & Destroy Safer-Networking Ltd. 12/27/2012 2.0.12 --> notwendig (?)
Super Hybrid Engine ASUS 8/14/2009 1.18 --> notwendig
SUPERAntiSpyware SUPERAntiSpyware.com 12/26/2012 5.6.1014 --> notwendig (?)
Synaptics Pointing Device Driver Synaptics Incorporated 8/14/2009 13.0.1.0 --> unbekannt
TRAMO/SEATS 12/15/2011 --> unnötig
USB2.0 UVC Camera Device UVCPCC 8/14/2009 0.1.0.0 --> notwendig
VideoLAN VLC media player 0.8.6a VideoLAN Team 6/30/2012 0.8.6a --> notwendig
WD SmartWare Western Digital 11/7/2011 41.56MB 1.1.0.2 --> unnötig
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 8/8/2012 --> unbekannt
Windows Internet Explorer 8 Microsoft Corporation 8/8/2012 20090308.140743 --> unnötig
Windows Live Anmelde-Assistent Microsoft Corporation 8/14/2009 1.93MB 5.000.818.5 --> unbekannt
Windows Live Essentials Microsoft Corporation 8/14/2009 14.0.8064.0206 --> unbekannt
Windows Live Sync Microsoft Corporation 8/14/2009 2.80MB 14.0.8064.206 --> unbekannt
Windows Live-Uploadtool Microsoft Corporation 8/14/2009 0.22MB 14.0.8014.1029 --> unbekannt
Windows Media Format 11 runtime 5/7/2011 --> unbekannt
Windows Media Player 11 5/7/2011 --> benötigt
Windows Media Player Firefox Plugin Microsoft Corp 8/8/2012 0.29MB 1.0.0.8 --> benötigt
WinRAR 4.20 (32-Bit) win.rar GmbH 7/28/2012 4.20.0 --> benötigt
Wooldridge data (4e) 12/15/2011 --> unnötig
X-12-ARIMA version 0.3 build 192 12/15/2011 --> unnötig

VG

markusg · 04.01.2013, 14:49

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
deinstaliere:
Ask : alle
BitDefender : nur ein Programm mit aktivem Wächter, entweder Avira, oder bitdefender
BitZipper
Counter
ESET
eurowin
EzMessenger
File Type
FontResizer
Google Drive
HiJackThis
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
R for
R-Word
RealPlayer
Simplyzip
Skype web
SnoopFree
SopCast
Spybot
SUPERAntiSpyware
TRAMO
VideoLAN
VideoLAN - Official page for VLC media player, the Open Source video framework!
Version 2 instalieren.

Deinstaliere:
WD
Windows Live : alle von dir nicht benötigten
Wooldridge
X-12

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

27.12.2012, 18:41	#2
markusg /// Malware-holic	Phishing-Mail gelesen ohne Link zu folgen Hi hatten noch andere Programme Funde, die benötige ich nämlich. Wenn du mal wieder was an Spam reinbekommst, bitte zu uns für eine Analyse weiterleiten, wie das geht, steht in meiner Signatur. __________________ __________________

27.12.2012, 20:23	#8
markusg /// Malware-holic	Phishing-Mail gelesen ohne Link zu folgen Bitte weiter mit tdss killer. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Phishing-Mail gelesen ohne Link zu folgen

Plagegeister aller Art und deren Bekämpfung: Phishing-Mail gelesen ohne Link zu folgen