| |
| |||||||
Log-Analyse und Auswertung: Evtl. Virus oder Trojaner eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2013, 16:35
| #1 |
 |  Evtl. Virus oder Trojaner eingefangen Vierenscanner findet nicht aber könnt ihr euch mal das Logfile anschauen? Danke Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:22, on 21.01.2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINXP\System32\smss.exe C:\WINXP\system32\winlogon.exe C:\WINXP\system32\services.exe C:\WINXP\system32\lsass.exe C:\WINXP\system32\Ati2evxx.exe C:\WINXP\system32\svchost.exe C:\WINXP\System32\svchost.exe C:\WINXP\system32\svchost.exe C:\WINXP\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINXP\system32\Ati2evxx.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Dokan\DokanLibrary\mounter.exe C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe C:\WINXP\system32\svchost.exe D:\VLCC\VNC4\WinVNC4.exe C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINXP\Explorer.EXE C:\WINXP\RTHDCPL.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Nero\Nero 7\InCD\NBHGui.exe C:\Programme\Nero\Nero 7\InCD\InCD.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINXP\system32\MSTMON_N.EXE C:\WINXP\system32\rundll32.exe D:\PDF\vspdfprsrv.exe D:\Real Player\RealPlay.exe C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe D:\PDF\PDF24\pdf24.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINXP\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe D:\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programme\FRITZ!DSL\StCenter.EXE C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINXP\system32\wbem\wmiapsrv.exe C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe c:\programme\avira\antivir desktop\ipmGui.exe C:\Programme\Google\Update\GoogleUpdate.exe C:\Programme\Google\Update\GoogleUpdate.exe D:\Festplatten Test\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbit Downloader\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file) O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\Quik time\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "D:\Clone CD\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINXP\system32\MSTMON_N.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [USB Webmail Notifier] D:\USBWEB~1\USB Webmail Notifier.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [IR_SERVER] C:\Programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent O4 - HKLM\..\Run: [APSDaemon] "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PDFPrint] D:\PDF\PDF24\pdf24.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Skype] "C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe O8 - Extra context menu item: &Download by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINXP\system32\Ati2evxx.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: DokanMounter - Unknown owner - C:\Programme\Dokan\DokanLibrary\mounter.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\VLCC\VNC4\WinVNC4.exe -- End of file - 12223 bytes |
|
21.01.2013, 17:04
| #2 |
| /// Malware-holic   | Evtl. Virus oder Trojaner eingefangen hi
__________________bitte das nächste mal Anleitungen lesen, hjt logs wollen wir nicht sehen, hjt wird nicht mehr weiterentwickelt. wo genau liegt das Problem? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.01.2013, 17:51
| #3 |
| | Evtl. Virus oder Trojaner eingefangen Tschulding hab ich nicht gesehen! Meine web.de account wurde gehackt! Jetzt weis ich noch ob was am PC war oder nur mein extrem einfaches Passwort!
__________________Hier die logs!OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.01.2013 17:34:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andy\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 82,05% Memory free 5,34 Gb Paging File | 4,73 Gb Available in Paging File | 88,67% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme Drive C: | 195,31 Gb Total Space | 137,98 Gb Free Space | 70,65% Space Free | Partition Type: NTFS Drive D: | 400,85 Gb Total Space | 32,81 Gb Free Space | 8,18% Space Free | Partition Type: NTFS Drive K: | 3,73 Gb Total Space | 1,85 Gb Free Space | 49,50% Space Free | Partition Type: FAT32 Computer Name: MEDIABOX | User Name: Andy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.21 17:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.05.22 07:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- D:\PDF\PDF24\pdf24.exe PRC - [2012.01.18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.31 15:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.03.31 13:43:48 | 000,156,672 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.03.31 13:32:14 | 000,134,144 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2011.03.21 12:19:36 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.09.04 09:15:42 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- D:\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Programme\Dokan\DokanLibrary\mounter.exe PRC - [2008.12.06 22:28:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2008.12.06 22:21:20 | 002,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- D:\VLCC\VNC4\winvnc4.exe PRC - [2008.07.16 16:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe PRC - [2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exe PRC - [2007.11.26 13:54:22 | 001,629,480 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007.11.26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007.11.26 13:54:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 7\InCD\InCD.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- D:\PDF\vspdfprsrv.exe PRC - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE PRC - [2005.11.15 02:07:28 | 000,917,504 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\FwebProt.exe PRC - [2005.11.15 02:07:28 | 000,679,936 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe PRC - [2004.11.25 13:11:36 | 000,151,552 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) -- C:\WINXP\system32\MSTMON_N.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.06 11:55:32 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.01.28 18:14:07 | 000,997,888 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll MOD - [2011.01.28 17:48:37 | 000,212,992 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll MOD - [2011.01.28 17:48:15 | 011,791,360 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll MOD - [2011.01.28 17:48:04 | 000,771,584 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll MOD - [2011.01.28 17:46:56 | 000,025,600 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll MOD - [2011.01.28 17:46:55 | 012,428,800 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll MOD - [2011.01.28 17:46:45 | 001,587,200 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll MOD - [2011.01.28 17:46:20 | 000,676,352 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll MOD - [2011.01.28 17:46:16 | 005,449,728 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll MOD - [2011.01.28 17:46:11 | 000,970,752 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll MOD - [2011.01.28 17:46:08 | 007,867,392 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll MOD - [2011.01.28 17:45:57 | 011,485,184 | ---- | M] () -- C:\WINXP\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll MOD - [2011.01.28 17:41:52 | 000,315,392 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.01.28 17:41:46 | 000,434,176 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2011.01.28 17:41:45 | 000,040,960 | ---- | M] () -- C:\WINXP\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.08.04 14:58:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2010.08.03 20:24:04 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.03.16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll MOD - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () -- C:\Programme\Dokan\DokanLibrary\mounter.exe MOD - [2008.12.05 20:32:44 | 007,331,840 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll MOD - [2008.12.05 20:32:44 | 002,023,424 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll MOD - [2008.12.05 20:32:34 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- D:\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007.05.22 09:59:22 | 000,128,512 | ---- | M] () -- D:\WinRAR\WinRAR\RarExt.dll MOD - [2006.10.26 21:30:12 | 000,131,072 | ---- | M] () -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\EnumDevLib.dll MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- D:\PDF\vspdfprsrv.exe MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- D:\PDF\vspdfdialogs100.bpl MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- D:\PDF\expertpdf4core.bpl MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- D:\PDF\vspdfcore100.bpl MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- D:\PDF\vsvector100.bpl MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- D:\PDF\vspdfeditor100.bpl MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- D:\PDF\TMSlite100.bpl MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- D:\PDF\te100.bpl MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- D:\PDF\VirtualTree100.bpl MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- D:\PDF\uoolep100.bpl MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- D:\PDF\VSDesktop100.bpl MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- D:\PDF\visage100.bpl MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- D:\PDF\vsmisc100.bpl MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- D:\PDF\PKIECtrl100.bpl MOD - [2005.07.20 03:53:04 | 000,966,765 | ---- | M] () -- C:\Programme\Realtek\RTL8187B Wireless LAN Utility\acAuth.dll MOD - [2005.06.02 12:40:42 | 000,014,336 | ---- | M] () -- C:\WINXP\system32\vsmon1.dll MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- D:\PDF\sqlite.dll ========== Services (SafeList) ========== SRV - [2013.01.19 13:20:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.03.19 16:49:29 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.04.20 17:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.12.31 11:34:32 | 000,020,992 | ---- | M] () [Auto | Running] -- C:\Programme\Dokan\DokanLibrary\mounter.exe -- (DokanMounter) SRV - [2008.12.06 22:28:44 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- D:\VLCC\VNC4\winvnc4.exe -- (WinVNC4) SRV - [2007.11.26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.06.27 17:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2005.11.21 10:34:24 | 000,081,920 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 09:48:06 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajc09bxj) DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINXP\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.04.02 01:31:43 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\tbhsd.sys -- (tbhsd) DRV - [2011.07.25 16:30:56 | 000,033,536 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2011.07.25 16:30:54 | 000,189,184 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2011.06.09 22:05:11 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.09.03 19:15:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\sptd.sys -- (sptd) DRV - [2010.08.04 03:20:12 | 005,243,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.07.28 17:27:36 | 006,108,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.07.02 15:44:44 | 000,006,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINXP\system32\drivers\EMSLink_i386.sys -- (EMSLink) DRV - [2010.05.17 13:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.09.09 07:32:51 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Temp\iMSPCLOj.sys -- (iMSPCLOj) DRV - [2009.07.13 14:46:38 | 000,037,280 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.01 10:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2009.07.01 10:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009.06.28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.11 03:19:48 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\androidusb.sys -- (androidusb) DRV - [2009.04.09 13:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 13:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 13:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 13:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\massfilter.sys -- (massfilter) DRV - [2009.03.13 18:29:00 | 000,028,672 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\libusb0.sys -- (libusb0) DRV - [2009.01.07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINXP\system32\drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008.12.31 11:34:30 | 000,060,928 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\dokan.sys -- (Dokan) DRV - [2008.12.07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\btnetBus.sys -- (btnetBUs) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.07.02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2008.06.25 23:26:36 | 000,335,104 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008.04.13 21:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\MPE.sys -- (MPE) DRV - [2007.11.26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007.11.26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINXP\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007.11.26 13:54:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINXP\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007.11.26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINXP\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007.06.17 11:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2007.02.17 23:15:34 | 000,232,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINXP\system32\drivers\VMM.sys -- (vmm) DRV - [2007.01.29 05:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2006.12.26 13:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\afc.sys -- (Afc) DRV - [2005.12.23 13:15:32 | 000,086,368 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700obex.sys -- (W700obex) DRV - [2005.12.23 13:14:26 | 000,088,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mgmt.sys -- (W700mgmt) DRV - [2005.12.23 13:13:16 | 000,097,056 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mdm.sys -- (W700mdm) DRV - [2005.12.23 13:13:12 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700mdfl.sys -- (W700mdfl) DRV - [2005.12.23 13:12:06 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\W700bus.sys -- (W700bus) DRV - [2005.08.03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\npf.sys -- (NPF) DRV - [2004.09.01 14:01:54 | 000,023,296 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\U2S2KXP.sys -- (U2SP) DRV - [2003.07.18 18:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINXP\system32\MLPTDR_N.SYS -- (MLPTDR_N) DRV - [2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 90 5F D7 59 37 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: D:\Real Player\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: D:\Real Player\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: D:\Real Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: D:\amazon downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.03 19:07:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.13 21:50:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.19 13:20:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.19 13:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.28 14:13:11 | 000,000,000 | ---D | M] [2010.09.03 16:39:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Extensions [2013.01.11 17:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions [2012.12.02 08:56:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.01.11 17:28:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.22 16:52:32 | 000,341,143 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.12.17 10:34:29 | 000,036,139 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2011.12.19 15:26:01 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\11-suche.xml [2011.12.19 15:26:01 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\englische-ergebnisse.xml [2011.12.19 15:26:01 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\gmx-suche.xml [2011.12.19 15:26:01 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\lastminute.xml [2010.11.19 18:47:50 | 000,001,115 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\rapidshare-filefinder.xml [2011.12.19 15:26:01 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\searchplugins\webde-suche.xml [2013.01.19 13:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 13:19:55 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2013.01.19 13:20:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.09 19:25:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.01.06 09:46:10 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Programme\mozilla firefox\plugins\npEModelPlugin.dll [2010.10.15 10:15:10 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.11.05 10:33:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.05 10:33:27 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.11.05 10:33:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.11.05 10:33:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.05 10:33:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.05 10:33:27 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 12:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbit Downloader\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINXP\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CloneCDTray] D:\Clone CD\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [IR_SERVER] C:\Programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINXP\system32\MSTMON_N.EXE (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] D:\PDF\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [QuickTime Task] D:\Quik time\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [USB Webmail Notifier] D:\USBWEB~1\USB Webmail Notifier.exe File not found O4 - HKLM..\Run: [vspdfprsrv.exe] D:\PDF\vspdfprsrv.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [PC Suite Tray] D:\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Skype] "C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe" /nosplash /minimized File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Dokumente und Einstellungen\Andy\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O8 - Extra context menu item: &Download by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Orbit Downloader\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\FRITZ!DSL\SARAH.DLL (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in My Computer) O15 - HKCU\..Trusted Ranges: Range1 ([*] in My Computer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E37DD4E-6CF2-47B5-90A9-1BFB37D5CDC5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINXP\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINXP\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.03 19:38:15 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.001 -- [ NTFS ] O32 - AutoRun File - [2011.03.13 13:45:46 | 000,000,135 | ---- | M] () - C:\AUTOEXEC.002 -- [ NTFS ] O32 - AutoRun File - [2011.03.13 16:15:23 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.003 -- [ NTFS ] O32 - AutoRun File - [2011.03.13 16:21:14 | 000,000,167 | ---- | M] () - C:\AUTOEXEC.004 -- [ NTFS ] O32 - AutoRun File - [2011.03.13 16:32:37 | 000,000,139 | ---- | M] () - C:\AUTOEXEC.005 -- [ NTFS ] O32 - AutoRun File - [2011.03.13 16:32:37 | 000,000,158 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.13 16:32:38 | 000,000,158 | ---- | M] () - C:\autoexec.epc -- [ NTFS ] O33 - MountPoints2\{586b4f6d-cbba-11df-a3c5-002354a34f31}\Shell\AutoRun\command - "" = L:\Glucofacts.bat O33 - MountPoints2\{586b4f6d-cbba-11df-a3c5-002354a34f31}\Shell\open\command - "" = L:\Glucofacts.bat O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell - "" = AutoRun O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{72c799d2-6ddc-11e0-a690-002354a34f31}\Shell\AutoRun\command - "" = C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL hxxp://www.garmin.com/agent O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell - "" = AutoRun O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a37bc06-113f-11e1-a947-002354a34f31}\Shell\AutoRun\command - "" = K:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell - "" = AutoRun O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{aaf0c3c1-ef59-11df-a459-002354a34f31}\Shell\AutoRun\command - "" = K:\DPFMate.exe O33 - MountPoints2\{c6e33932-2efc-11e0-a576-002354a34f31}\Shell\AutoRun\command - "" = K:\Get_Started_for_Win.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINXP\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINXP\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINXP\system32\Rundll32.exe C:\WINXP\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINXP\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINXP\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINXP\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.21 17:33:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe [2013.01.20 09:32:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Avira [2013.01.20 09:27:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla [2013.01.20 09:27:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Mozilla [2013.01.20 09:27:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013.01.20 09:27:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\ssmdrv.sys [2013.01.20 09:27:06 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avipbb.sys [2013.01.20 09:27:06 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avgntflt.sys [2013.01.20 09:27:06 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINXP\System32\drivers\avkmgr.sys [2013.01.20 09:27:02 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013.01.20 09:27:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013.01.19 13:19:55 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.01.19 13:15:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2013.01.19 13:15:10 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2013.01.19 13:15:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2013.01.19 13:15:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.19 13:11:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2013.01.19 13:10:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Abelssoft [2013.01.19 13:10:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CheckDrive [2013.01.19 13:10:50 | 000,000,000 | ---D | C] -- C:\Programme\CheckDrive [2013.01.18 17:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andy\Eigene Dateien\Amazon MP3 [2010.09.03 20:27:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.sys [1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.21 17:30:00 | 000,001,086 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job [2013.01.21 17:29:00 | 000,001,082 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job [2013.01.21 17:29:00 | 000,000,268 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job [2013.01.21 17:28:52 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2013.01.21 17:24:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andy\Desktop\OTL.exe [2013.01.21 15:04:26 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2013.01.20 12:56:03 | 000,000,069 | ---- | M] () -- C:\WINXP\NeroDigital.ini [2013.01.20 10:10:02 | 000,000,276 | ---- | M] () -- C:\WINXP\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job [2013.01.20 09:27:18 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.01.19 13:15:38 | 000,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.01.19 13:10:53 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Desktop\CheckDrive.lnk [2013.01.17 15:20:59 | 000,793,538 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Desktop\W201-Optiktuner.rar [2013.01.13 13:57:10 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\AVSDVDPlayer.m3u [2013.01.13 13:52:43 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.04 11:02:31 | 000,000,083 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2013.01.03 11:52:24 | 000,017,127 | ---- | M] () -- C:\WINXP\MSTMON_N.INI [2012.12.24 10:07:05 | 000,002,471 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NOXON DAB MediaPlayer.lnk [1 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.20 09:27:18 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.01.19 13:15:38 | 000,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2013.01.19 13:10:53 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Desktop\CheckDrive.lnk [2013.01.17 15:20:58 | 000,793,538 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Desktop\W201-Optiktuner.rar [2012.09.22 16:08:17 | 000,438,272 | ---- | C] () -- C:\WINXP\System32\PaintX.dll [2012.09.22 15:37:43 | 000,074,240 | ---- | C] () -- C:\WINXP\cadkasdeinst01.exe [2012.08.18 13:42:09 | 000,001,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\.recently-used.xbel [2012.02.12 20:29:22 | 000,025,916 | -H-- | C] () -- C:\WINXP\System32\mlfcache.dat [2012.01.31 20:32:11 | 000,000,046 | ---- | C] () -- C:\WINXP\ClonyDrives.ini [2012.01.31 20:17:25 | 000,043,520 | ---- | C] () -- C:\WINXP\System32\CmdLineExt03.dll [2011.10.25 18:03:56 | 000,006,656 | ---- | C] () -- C:\WINXP\System32\drivers\EMSLink_i386.sys [2011.09.10 15:02:15 | 000,000,038 | ---- | C] () -- C:\WINXP\popcinfot.dat [2011.09.06 19:22:01 | 000,127,085 | ---- | C] () -- C:\WINXP\System32\RTKFMSOURCE.dll [2011.09.06 18:01:08 | 000,363,520 | ---- | C] () -- C:\WINXP\System32\PsisDecd.dll [2011.07.19 17:11:51 | 000,000,083 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2011.06.06 20:22:35 | 000,000,105 | ---- | C] () -- C:\WINXP\asciiart.ini [2011.04.24 03:30:20 | 000,340,005 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1482476501-1682526488-1801674531-1003-0.dat [2011.04.24 03:30:17 | 000,134,626 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.03.19 16:49:31 | 000,000,000 | ---- | C] () -- C:\WINXP\eDrawingOfficeAutomator.INI [2011.03.16 15:22:52 | 000,035,802 | ---- | C] () -- C:\WINXP\p69-a6b-21159.dll [2011.03.15 19:58:33 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2011.03.15 19:58:33 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5A1597EEC2.sys [2011.03.14 15:33:06 | 000,035,802 | ---- | C] () -- C:\WINXP\p69-a6b-Do21159.dll [2011.03.13 16:32:40 | 000,001,556 | ---- | C] () -- C:\WINXP\wininit.ini [2011.02.26 17:51:54 | 000,000,754 | ---- | C] () -- C:\WINXP\WORDPAD.INI [2010.09.04 17:20:30 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.04 08:48:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\AVSDVDPlayer.m3u [2010.09.03 20:27:27 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\inst.exe [2010.09.03 20:27:27 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.cat [2010.09.03 20:27:27 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\pcouffin.inf [2010.09.03 16:52:09 | 000,576,680 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2010.09.03 16:48:36 | 000,000,227 | RHS- | M] () -- C:\WINXP\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 12:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINXP\system32\wbem\fastprox.dll -- [2009.08.03 22:13:55 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINXP\system32\wbem\wbemess.dll -- [2008.04.14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.19 13:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010.09.03 19:14:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.11.25 16:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF [2010.11.25 18:03:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4 [2010.11.25 16:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs [2010.09.03 19:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.09.03 18:54:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2011.06.28 14:17:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaAccount [2011.06.28 14:11:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.09.03 19:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.09 10:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2011.07.19 17:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2011.12.31 13:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Squeezebox [2011.12.04 10:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2011.12.07 22:39:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Unreal Streaming Technologies [2011.11.17 19:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2012.02.10 17:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.09.04 17:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Amazon [2012.02.13 20:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Audacity [2010.09.08 23:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Avimpgwmv [2010.11.16 20:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DAEMON Tools Lite [2011.08.13 21:52:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DDMSettings [2012.07.20 14:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Digiarty [2010.10.27 19:58:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Dr. DivX 2.0 OSS [2010.09.05 01:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDFab [2012.09.20 17:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoft [2012.09.20 17:02:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.03.19 16:53:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\EDrawings [2011.02.26 17:40:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\eXPert PDF Editor [2011.03.16 15:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\FreeCAD [2013.01.20 13:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\FRITZ! [2012.09.01 09:08:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\GARMIN [2010.11.20 11:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\GrabPro [2012.08.18 13:42:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\gtk-2.0 [2011.10.23 10:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\ImgBurn [2010.09.03 19:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Nokia [2011.08.08 16:46:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Opera [2011.08.08 19:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Orbit [2011.06.28 13:53:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\PC Suite [2010.11.20 10:56:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\ProgSense [2012.01.22 20:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Sierra [2012.02.18 01:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Software4u [2012.10.16 17:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TeamViewer [2011.12.04 10:43:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TerraTec [2011.01.28 16:03:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\TightVNC [2011.11.17 19:10:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Vodafone [2010.09.03 20:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\Vso [2010.09.03 15:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andy\Anwendungsdaten\WinBatch ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.09.03 17:12:11 | 000,000,000 | ---D | M] -- C:\ATI [2011.03.13 16:35:03 | 000,000,000 | ---D | M] -- C:\BHROOT [2011.03.13 16:36:57 | 000,000,000 | ---D | M] -- C:\BHUNINST [2012.10.06 08:29:40 | 000,000,000 | ---D | M] -- C:\Bilderramen [2011.07.19 17:20:24 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2013.01.19 13:16:05 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.04.08 10:03:10 | 000,000,000 | ---D | M] -- C:\divx [2010.09.04 10:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2010.09.03 15:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.11.20 11:13:36 | 000,000,000 | ---D | M] -- C:\downloads [2012.09.17 18:21:28 | 000,000,000 | ---D | M] -- C:\Elektor [2012.02.16 15:30:09 | 000,000,000 | ---D | M] -- C:\Navi App alt Iphone [2011.01.28 19:26:13 | 000,000,000 | ---D | M] -- C:\net [2010.09.03 16:44:58 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.09.06 19:22:01 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.21 15:04:16 | 000,000,000 | R--D | M] -- C:\Programme [2010.09.03 16:57:28 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.03.24 20:49:36 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.01.31 20:59:22 | 000,000,000 | ---D | M] -- C:\Spiele [2013.01.20 12:24:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.08 17:56:40 | 000,000,000 | ---D | M] -- C:\TheNeedForSpeed [2011.12.31 13:43:38 | 000,000,000 | ---D | M] -- C:\updates [2011.11.25 16:36:18 | 000,000,000 | ---D | M] -- C:\Virtuell DISK [2010.09.04 18:00:26 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB [2013.01.21 17:29:21 | 000,000,000 | ---D | M] -- C:\WINXP < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2010.09.03 15:21:46 | 000,000,065 | RH-- | C] () -- C:\WINXP\Tasks\desktop.ini [2010.09.03 15:26:22 | 000,000,006 | -H-- | C] () -- C:\WINXP\Tasks\SA.DAT [2010.09.04 09:20:35 | 000,000,276 | ---- | C] () -- C:\WINXP\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job [2010.09.04 09:20:36 | 000,000,268 | ---- | C] () -- C:\WINXP\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job [2010.09.26 18:28:13 | 000,001,082 | ---- | C] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job [2010.09.26 18:28:14 | 000,001,086 | ---- | C] () -- C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job [2012.02.10 17:47:42 | 000,000,276 | ---- | C] () -- C:\WINXP\Tasks\AppleSoftwareUpdate.job [2012.04.09 09:46:14 | 000,000,258 | ---- | C] () -- C:\WINXP\Tasks\debutShakeIcon.job < MD5 for: AGP440.SYS > [2010.04.13 21:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2010.04.13 21:24:48 | 017,814,872 | ---- | M] () .cab file -- C:\WINXP\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.13 22:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINXP\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\dllcache\eventlog.dll [2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINXP\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\explorer.exe [2008.04.14 12:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINXP\system32\dllcache\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.03 13:11:07 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINXP\NLDRV\001\iastor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\dllcache\netlogon.dll [2008.04.14 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINXP\system32\netlogon.dll < MD5 for: NVATABUS.SYS > [2004.06.03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.11\IDE\Win2K\NvAtaBus.sys [2004.06.03 09:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\NVIDIA\nForceWin2KXP\5.11\IDE\WinXP\NvAtaBus.sys < MD5 for: NVGTS.SYS > [2009.06.30 16:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.45\International\IDE\WinXP\sataraid\nvgts.sys [2009.06.30 16:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.45\International\IDE\WinXP\sata_ide\nvgts.sys < MD5 for: SCECLI.DLL > [2008.04.14 12:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\dllcache\scecli.dll [2008.04.14 12:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINXP\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 12:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\dllcache\user32.dll [2008.04.14 12:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINXP\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 12:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\dllcache\userinit.exe [2008.04.14 12:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINXP\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 12:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\dllcache\winlogon.exe [2008.04.14 12:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINXP\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\dllcache\ws2ifsl.sys [2008.04.14 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINXP\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.09.03 19:15:08 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINXP\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2002.01.02 18:56:38 | 000,094,208 | ---- | M] () -- C:\WINXP\System32\config\default.sav [2002.01.02 18:56:38 | 001,093,632 | ---- | M] () -- C:\WINXP\System32\config\software.sav [2002.01.02 18:56:38 | 000,462,848 | ---- | M] () -- C:\WINXP\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINXP\system32\*.tmp files -> C:\WINXP\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.08.18 13:42:09 | 000,001,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Andy\.recently-used.xbel [2013.01.21 15:25:00 | 014,155,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andy\NTUSER.DAT [2013.01.21 17:38:53 | 000,225,280 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andy\ntuser.dat.LOG [2013.01.21 15:24:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andy\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2013 17:34:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 82,05% Memory free
5,34 Gb Paging File | 4,73 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 137,98 Gb Free Space | 70,65% Space Free | Partition Type: NTFS
Drive D: | 400,85 Gb Total Space | 32,81 Gb Free Space | 8,18% Space Free | Partition Type: NTFS
Drive K: | 3,73 Gb Total Space | 1,85 Gb Free Space | 49,50% Space Free | Partition Type: FAT32
Computer Name: MEDIABOX | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINXP\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Programme\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Orbit Downloader\Orbitdownloader\orbitdm.exe" = D:\Orbit Downloader\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Orbit Downloader\Orbitdownloader\orbitnet.exe" = D:\Orbit Downloader\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"D:\VLCC\TightVNC\Data\WinVNC.exe" = D:\VLCC\TightVNC\Data\WinVNC.exe:*:Enabled:TightVNC Win32 Server -- (TightVNC Group)
"D:\VLCC\TightVNC\tvnserver.exe" = D:\VLCC\TightVNC\tvnserver.exe:*:Enabled:TightVNC Server
"D:\VLCC\TightVNC\vncviewer.exe" = D:\VLCC\TightVNC\vncviewer.exe:*:Enabled:TightVNC Viewer
"D:\VLCC\VNC4\winvnc4.exe" = D:\VLCC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Real Player\realplay.exe" = D:\Real Player\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\TVersity\Media Server\MediaServer.exe" = C:\Programme\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Programme\YouWave_Android\vb\VBoxSDL.exe" = C:\Programme\YouWave_Android\vb\VBoxSDL.exe:*:Disabled:VBoxSDL
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"D:\explorer iphone\iDevice Manager\Software4u.IDeviceManager.exe" = D:\explorer iphone\iDevice Manager\Software4u.IDeviceManager.exe:*:Enabled:iDevice Manager
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E3DDC8-E020-5903-31AE-D6B593FE8323}" = Catalyst Control Center InstallProxy
"{0C6EC504-2794-4992-BE14-2F57378C1183}" = FreeCAD 0.7
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1596098A-FCEC-48F0-B7C7-08A31B771031}" = Nero 7 Essentials
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1D5F5901-537A-4EF4-BE9F-59F232E327BD}" = Map & Travel Navigator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{267A1D4B-FDB6-4914-AD41-FC8F3AB118B9}" = NOXON DAB Player
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BCF80C8-C84F-43C6-A721-8AF93D64EA3D}" = CAS Interface Studio 8.7.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A87B2D8-C631-4BBB-8A77-AE43D211B714}" = SolidWorks eDrawings 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5754AB15-F61B-4B9B-91AA-E286F55CFA8B}" = PDF-XChange Viewer
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6969899D-0D56-45D5-9C41-7489F2153F8C}" = USB to Serial Port Adapter(PA088) V3.0.0
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.6.0
"{825E9A84-1E03-4526-9F8E-45015C938A7C}" = WBFS Manager 4.0
"{841170F5-59D8-D804-D837-4629E2C692A8}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8A96B905-B786-43DC-8C8C-5E52A5966E48}" = DokanLibrary
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.7.12231.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7547D1A-40F9-4251-8D41-818FACDEAF0C}" = Leisure Suit Larry 7
"{A84873A6-D05A-48BE-BA80-19D82B742228}" = CAS Studio
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187B Wireless LAN Driver and Utility
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C6C1FA8E-2658-41C3-99E9-1EB92C087A95}_is1" = DReaM 1.12b / Hamlib-1.2.10
"{C9246F7F-0BA3-45C7-8B49-A69F0273FA69}" = NOXON DAB MediaPlayer
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AnyDVD" = AnyDVD
"ASCII Art - Machine_is1" = ASCII Art - Machine 1.2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.3 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AVI Screen Saver" = AVI Screen Saver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Debut" = Debut Video Capture Software
"D-Fend Reloaded" = D-Fend Reloaded 1.2.1 (deinstallieren)
"DivX Setup" = DivX-Setup
"DIVXCodec" = DivX Codec 3.1alpha release
"DRM Software Radio" = DRM Software Radio
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 7_is1" = DVDFab 7.0.4.0 (15/04/2010)
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"EPC Compact" = EPC Compact
"Euro Kfz Kennzeichen" = Euro Kfz Kennzeichen
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.4 by MixMeister
"FLVPlayer" = FLV Player 1.3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FRITZ!DSL" = AVM FRITZ!DSL
"HyperCam 3" = HyperCam 3
"ImgBurn" = ImgBurn
"InstallShield_{A31289C6-04EF-4437-A35B-7CC96167145C}" = Leisure Suit Larry - Magna Cum Laude
"IZ8BLY MT63 Terminal" = IZ8BLY MT63 Terminal
"JDownloader" = JDownloader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KONICA MINOLTA PagePro 1300W" = KONICA MINOLTA PagePro 1300W
"Logitech Media Server_is1" = Logitech Media Server 7.7.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NOXON DAB Stick" = NOXON DAB Stick V86.001.0504.2011
"NVIDIA Drivers" = NVIDIA Drivers
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Opera 12.00.1467" = Opera 12.00
"Orbit_is1" = Orbit Downloader
"Radio Decoder" = Radio Decoder
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Recuva" = Recuva
"ST5UNST #1" = Kfz-Kennzeichen free
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamViewer 7" = TeamViewer 7
"tento.XT_is1" = tento.XT v1.1
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.1
"Video Screensaver" = Video Screensaver 1.0
"VLC media player" = VLC media player 1.1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.2.0
"WinX Free DVD to AVI Ripper_is1" = WinX Free DVD to AVI Ripper 4.3.17
"WinX Free FLV to MPEG Converter_is1" = WinX Free FLV to MPEG Converter 4.1.6
"WMCSetup" = Windows Media Connect
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flash Video Downloader 2.2" = Flash Video Downloader 2.2
"FLV Downloader" = FLV Downloader
"Glucofacts Deluxe Updater 2.0" = Glucofacts Deluxe Updater 2.0
"Video Downloader" = Video Downloader
"WinImage" = WinImage
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2013 09:13:41 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.01.2013 18:19:55 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.01.2013 19:10:37 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 19.01.2013 21:56:06 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 04:08:54 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 04:24:59 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 04:37:46 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 20.01.2013 04:53:53 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.01.2013 10:04:33 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 21.01.2013 12:29:02 | Computer Name = MEDIABOX | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 20.01.2013 04:26:27 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 20.01.2013 04:26:27 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 20.01.2013 04:39:10 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 20.01.2013 04:39:10 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 20.01.2013 04:55:17 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 20.01.2013 04:55:17 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 21.01.2013 10:05:53 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 21.01.2013 10:05:53 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 21.01.2013 12:30:25 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "EMS Inter-Link driver V3.0" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
Error - 21.01.2013 12:30:25 | Computer Name = MEDIABOX | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_N" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
< End of report >
|
|
21.01.2013, 19:21
| #4 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen bekomm ich noch ne antwort, warum du denkst malware auf dem PC zu haben, mit Problem beschreibung arbeitets sich schon noch besser :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 19:43
| #5 |
| | Evtl. Virus oder Trojaner eingefangen Weil mein Mail Account gehackt wurde! Jetzt weis ich nicht ob es am Rechner lag oder an mein extrem leichten Passwort! |
|
21.01.2013, 21:24
| #6 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hi na leichte Passwörter sind nie gut, und dann noch im "idialfalle" das selbe für alle Dienste? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> Evtl. Virus oder Trojaner eingefangen |
|
22.01.2013, 15:01
| #7 |
| | Evtl. Virus oder Trojaner eingefangen So hier die logs! 14:45:14.0265 5960 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:45:16.0265 5960 ============================================================ 14:45:16.0265 5960 Current date / time: 2013/01/22 14:45:16.0265 14:45:16.0265 5960 SystemInfo: 14:45:16.0265 5960 14:45:16.0265 5960 OS Version: 5.1.2600 ServicePack: 3.0 14:45:16.0265 5960 Product type: Workstation 14:45:16.0265 5960 ComputerName: MEDIABOX 14:45:16.0265 5960 UserName: Andy 14:45:16.0265 5960 Windows directory: C:\WINXP 14:45:16.0265 5960 System windows directory: C:\WINXP 14:45:16.0265 5960 Processor architecture: Intel x86 14:45:16.0265 5960 Number of processors: 4 14:45:16.0265 5960 Page size: 0x1000 14:45:16.0265 5960 Boot type: Normal boot 14:45:16.0265 5960 ============================================================ 14:45:19.0015 5960 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 14:45:19.0062 5960 Drive \Device\Harddisk5\DR11 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:45:19.0062 5960 ============================================================ 14:45:19.0062 5960 \Device\Harddisk0\DR0: 14:45:19.0062 5960 MBR partitions: 14:45:19.0062 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559 14:45:19.0062 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x321B4A29 14:45:19.0062 5960 \Device\Harddisk5\DR11: 14:45:19.0062 5960 MBR partitions: 14:45:19.0062 5960 \Device\Harddisk5\DR11\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x777FE0 14:45:19.0062 5960 ============================================================ 14:45:19.0109 5960 C: <-> \Device\Harddisk0\DR0\Partition1 14:45:19.0156 5960 D: <-> \Device\Harddisk0\DR0\Partition2 14:45:19.0203 5960 ============================================================ 14:45:19.0203 5960 Initialize success 14:45:19.0203 5960 ============================================================ 14:46:03.0625 0192 ============================================================ 14:46:03.0625 0192 Scan started 14:46:03.0625 0192 Mode: Manual; SigCheck; TDLFS; 14:46:03.0625 0192 ============================================================ 14:46:04.0296 0192 ================ Scan system memory ======================== 14:46:04.0296 0192 System memory - ok 14:46:04.0296 0192 ================ Scan services ============================= 14:46:04.0406 0192 Abiosdsk - ok 14:46:04.0406 0192 abp480n5 - ok 14:46:04.0562 0192 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe 14:46:04.0734 0192 ACDaemon - ok 14:46:04.0765 0192 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINXP\system32\DRIVERS\ACPI.sys 14:46:05.0609 0192 ACPI - ok 14:46:05.0625 0192 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINXP\system32\drivers\ACPIEC.sys 14:46:05.0734 0192 ACPIEC - ok 14:46:05.0734 0192 adpu160m - ok 14:46:05.0765 0192 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINXP\system32\drivers\aec.sys 14:46:05.0906 0192 aec - ok 14:46:05.0937 0192 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINXP\system32\DRIVERS\AegisP.sys 14:46:05.0937 0192 AegisP ( UnsignedFile.Multi.Generic ) - warning 14:46:05.0937 0192 AegisP - detected UnsignedFile.Multi.Generic (1) 14:46:05.0968 0192 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINXP\system32\drivers\Afc.sys 14:46:05.0984 0192 Afc - ok 14:46:06.0000 0192 [ 4D43E74F2A1239D53929B82600F1971C ] AFD C:\WINXP\System32\drivers\afd.sys 14:46:06.0031 0192 AFD - ok 14:46:06.0031 0192 Aha154x - ok 14:46:06.0031 0192 aic78u2 - ok 14:46:06.0046 0192 aic78xx - ok 14:46:06.0062 0192 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINXP\system32\alrsvc.dll 14:46:06.0140 0192 Alerter - ok 14:46:06.0156 0192 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINXP\System32\alg.exe 14:46:06.0203 0192 ALG - ok 14:46:06.0203 0192 AliIde - ok 14:46:06.0203 0192 amsint - ok 14:46:06.0234 0192 [ E94E2EA7FAAA05C776A711EDB198B9FD ] androidusb C:\WINXP\system32\Drivers\androidusb.sys 14:46:06.0250 0192 androidusb ( UnsignedFile.Multi.Generic ) - warning 14:46:06.0250 0192 androidusb - detected UnsignedFile.Multi.Generic (1) 14:46:06.0421 0192 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 14:46:06.0453 0192 AntiVirSchedulerService - ok 14:46:06.0468 0192 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 14:46:06.0484 0192 AntiVirService - ok 14:46:06.0515 0192 [ 133B7B6D6A3EC9E46FBE742EE1516C37 ] AnyDVD C:\WINXP\system32\Drivers\AnyDVD.sys 14:46:06.0531 0192 AnyDVD - ok 14:46:06.0593 0192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:46:06.0609 0192 Apple Mobile Device - ok 14:46:06.0625 0192 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINXP\System32\appmgmts.dll 14:46:06.0703 0192 AppMgmt - ok 14:46:06.0718 0192 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINXP\system32\DRIVERS\arp1394.sys 14:46:06.0812 0192 Arp1394 - ok 14:46:06.0812 0192 asc - ok 14:46:06.0828 0192 asc3350p - ok 14:46:06.0828 0192 asc3550 - ok 14:46:06.0859 0192 [ 5B01AF89D16D562825C4DB4530F20CBB ] Aspi32 C:\WINXP\system32\drivers\aspi32.sys 14:46:06.0890 0192 Aspi32 ( UnsignedFile.Multi.Generic ) - warning 14:46:06.0890 0192 Aspi32 - detected UnsignedFile.Multi.Generic (1) 14:46:06.0953 0192 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 14:46:06.0984 0192 aspnet_state - ok 14:46:06.0984 0192 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINXP\system32\DRIVERS\asyncmac.sys 14:46:07.0078 0192 AsyncMac - ok 14:46:07.0109 0192 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINXP\system32\DRIVERS\atapi.sys 14:46:07.0203 0192 atapi - ok 14:46:07.0203 0192 Atdisk - ok 14:46:07.0234 0192 [ 4753831A772AF0DD89111B544E1BBDD9 ] Ati HotKey Poller C:\WINXP\system32\Ati2evxx.exe 14:46:07.0312 0192 Ati HotKey Poller - ok 14:46:07.0406 0192 [ E7426973D081B6607056D1DD91BD9B01 ] ati2mtag C:\WINXP\system32\DRIVERS\ati2mtag.sys 14:46:07.0578 0192 ati2mtag - ok 14:46:07.0609 0192 [ 7E13F3F0F4C4C337A6949A18D1D23089 ] AtiHdmiService C:\WINXP\system32\drivers\AtiHdmi.sys 14:46:07.0625 0192 AtiHdmiService - ok 14:46:07.0640 0192 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINXP\system32\DRIVERS\atmarpc.sys 14:46:07.0734 0192 Atmarpc - ok 14:46:07.0750 0192 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINXP\System32\audiosrv.dll 14:46:07.0843 0192 AudioSrv - ok 14:46:07.0859 0192 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINXP\system32\DRIVERS\audstub.sys 14:46:07.0937 0192 audstub - ok 14:46:07.0968 0192 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINXP\system32\DRIVERS\avgntflt.sys 14:46:07.0984 0192 avgntflt - ok 14:46:08.0000 0192 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINXP\system32\DRIVERS\avipbb.sys 14:46:08.0015 0192 avipbb - ok 14:46:08.0031 0192 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\WINXP\system32\DRIVERS\avkmgr.sys 14:46:08.0046 0192 avkmgr - ok 14:46:08.0109 0192 [ 8DFA2EC772F97ED02B384DB88641B367 ] AVM IGD CTRL Service C:\Programme\FRITZ!DSL\IGDCTRL.EXE 14:46:08.0125 0192 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - warning 14:46:08.0125 0192 AVM IGD CTRL Service - detected UnsignedFile.Multi.Generic (1) 14:46:08.0156 0192 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINXP\system32\drivers\Beep.sys 14:46:08.0265 0192 Beep - ok 14:46:08.0375 0192 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINXP\system32\qmgr.dll 14:46:08.0515 0192 BITS - ok 14:46:08.0593 0192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe 14:46:08.0625 0192 Bonjour Service - ok 14:46:08.0656 0192 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINXP\System32\browser.dll 14:46:08.0750 0192 Browser - ok 14:46:08.0750 0192 BT - ok 14:46:08.0765 0192 btaudio - ok 14:46:08.0781 0192 Btcsrusb - ok 14:46:08.0781 0192 BTDriver - ok 14:46:08.0828 0192 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINXP\system32\DRIVERS\BthEnum.sys 14:46:08.0937 0192 BthEnum - ok 14:46:08.0968 0192 [ CE441CCD98C5ECB10CB12FCAF97322EC ] BtHidBus C:\WINXP\system32\Drivers\BtHidBus.sys 14:46:08.0984 0192 BtHidBus - ok 14:46:09.0000 0192 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINXP\system32\DRIVERS\bthmodem.sys 14:46:09.0109 0192 BTHMODEM - ok 14:46:09.0125 0192 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINXP\system32\DRIVERS\bthpan.sys 14:46:09.0218 0192 BthPan - ok 14:46:09.0250 0192 [ F55BFD05892C321FB7470D334D6B44E1 ] BTHPORT C:\WINXP\system32\Drivers\BTHport.sys 14:46:09.0296 0192 BTHPORT - ok 14:46:09.0328 0192 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINXP\System32\bthserv.dll 14:46:09.0421 0192 BthServ - ok 14:46:09.0437 0192 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINXP\system32\Drivers\BTHUSB.sys 14:46:09.0515 0192 BTHUSB - ok 14:46:09.0546 0192 [ D3C277A51EF9E2EC972D6221F99C0B6D ] btnetBUs C:\WINXP\system32\Drivers\btnetBus.sys 14:46:09.0562 0192 btnetBUs - ok 14:46:09.0562 0192 BTWDNDIS - ok 14:46:09.0562 0192 btwhid - ok 14:46:09.0593 0192 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINXP\system32\drivers\cbidf2k.sys 14:46:09.0687 0192 cbidf2k - ok 14:46:09.0703 0192 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINXP\system32\DRIVERS\CCDECODE.sys 14:46:09.0796 0192 CCDECODE - ok 14:46:09.0796 0192 cd20xrnt - ok 14:46:09.0812 0192 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINXP\system32\drivers\Cdaudio.sys 14:46:09.0921 0192 Cdaudio - ok 14:46:09.0937 0192 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINXP\system32\drivers\Cdfs.sys 14:46:10.0031 0192 Cdfs - ok 14:46:10.0031 0192 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINXP\system32\DRIVERS\cdrom.sys 14:46:10.0125 0192 Cdrom - ok 14:46:10.0140 0192 Changer - ok 14:46:10.0156 0192 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINXP\system32\cisvc.exe 14:46:10.0250 0192 CiSvc - ok 14:46:10.0265 0192 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINXP\system32\clipsrv.exe 14:46:10.0359 0192 ClipSrv - ok 14:46:10.0375 0192 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:46:10.0406 0192 clr_optimization_v2.0.50727_32 - ok 14:46:10.0453 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:46:10.0468 0192 clr_optimization_v4.0.30319_32 - ok 14:46:10.0468 0192 CmdIde - ok 14:46:10.0484 0192 COMSysApp - ok 14:46:10.0484 0192 Cpqarray - ok 14:46:10.0500 0192 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINXP\System32\cryptsvc.dll 14:46:10.0593 0192 CryptSvc - ok 14:46:10.0593 0192 dac2w2k - ok 14:46:10.0609 0192 dac960nt - ok 14:46:10.0640 0192 [ D3D765E8455A961AE567B408F767D4F9 ] DcomLaunch C:\WINXP\system32\rpcss.dll 14:46:10.0703 0192 DcomLaunch - ok 14:46:10.0734 0192 [ 1523251B9D8A5D84DE0CD23418847824 ] de_serv C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe 14:46:10.0765 0192 de_serv ( UnsignedFile.Multi.Generic ) - warning 14:46:10.0765 0192 de_serv - detected UnsignedFile.Multi.Generic (1) 14:46:10.0796 0192 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINXP\System32\dhcpcsvc.dll 14:46:10.0890 0192 Dhcp - ok 14:46:10.0890 0192 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINXP\system32\DRIVERS\disk.sys 14:46:10.0984 0192 Disk - ok 14:46:10.0984 0192 dmadmin - ok 14:46:11.0015 0192 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINXP\system32\drivers\dmboot.sys 14:46:11.0140 0192 dmboot - ok 14:46:11.0140 0192 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINXP\system32\drivers\dmio.sys 14:46:11.0234 0192 dmio - ok 14:46:11.0265 0192 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINXP\system32\drivers\dmload.sys 14:46:11.0343 0192 dmload - ok 14:46:11.0343 0192 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINXP\System32\dmserver.dll 14:46:11.0437 0192 dmserver - ok 14:46:11.0453 0192 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINXP\system32\drivers\DMusic.sys 14:46:11.0562 0192 DMusic - ok 14:46:11.0578 0192 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINXP\System32\dnsrslvr.dll 14:46:11.0671 0192 Dnscache - ok 14:46:11.0687 0192 [ 280401196287679B53D5E797C2027062 ] Dokan C:\WINXP\system32\drivers\dokan.sys 14:46:11.0703 0192 Dokan ( UnsignedFile.Multi.Generic ) - warning 14:46:11.0703 0192 Dokan - detected UnsignedFile.Multi.Generic (1) 14:46:11.0718 0192 [ FDBB00E16D0FA193E513F68918AF0F0E ] DokanMounter C:\Programme\Dokan\DokanLibrary\mounter.exe 14:46:11.0734 0192 DokanMounter ( UnsignedFile.Multi.Generic ) - warning 14:46:11.0734 0192 DokanMounter - detected UnsignedFile.Multi.Generic (1) 14:46:11.0765 0192 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINXP\System32\dot3svc.dll 14:46:11.0859 0192 Dot3svc - ok 14:46:11.0859 0192 dpti2o - ok 14:46:11.0859 0192 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINXP\system32\drivers\drmkaud.sys 14:46:11.0953 0192 drmkaud - ok 14:46:11.0968 0192 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINXP\System32\eapsvc.dll 14:46:12.0062 0192 EapHost - ok 14:46:12.0109 0192 [ 075D91E4DE09A6F1EDE77C341803D454 ] ElbyCDFL C:\WINXP\system32\Drivers\ElbyCDFL.sys 14:46:12.0109 0192 ElbyCDFL - ok 14:46:12.0140 0192 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINXP\system32\Drivers\ElbyCDIO.sys 14:46:12.0156 0192 ElbyCDIO - ok 14:46:12.0187 0192 [ DFE6E822E7748C12A27CDF801A6FDC9E ] EMSLink C:\WINXP\system32\Drivers\EMSLink_i386.sys 14:46:12.0203 0192 EMSLink ( UnsignedFile.Multi.Generic ) - warning 14:46:12.0203 0192 EMSLink - detected UnsignedFile.Multi.Generic (1) 14:46:12.0234 0192 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINXP\System32\ersvc.dll 14:46:12.0312 0192 ERSvc - ok 14:46:12.0343 0192 [ F0A7D59AF279326528715B206669B86C ] Eventlog C:\WINXP\system32\services.exe 14:46:12.0375 0192 Eventlog - ok 14:46:12.0375 0192 [ ADA7241C16F3F42C7F210539FAD5F3AA ] EventSystem C:\WINXP\system32\es.dll 14:46:12.0437 0192 EventSystem - ok 14:46:12.0453 0192 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINXP\system32\drivers\Fastfat.sys 14:46:12.0531 0192 Fastfat - ok 14:46:12.0546 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINXP\System32\shsvcs.dll 14:46:12.0640 0192 FastUserSwitchingCompatibility - ok 14:46:12.0656 0192 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINXP\system32\drivers\Fdc.sys 14:46:12.0750 0192 Fdc - ok 14:46:12.0750 0192 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINXP\system32\drivers\Fips.sys 14:46:12.0843 0192 Fips - ok 14:46:12.0843 0192 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINXP\system32\drivers\Flpydisk.sys 14:46:12.0921 0192 Flpydisk - ok 14:46:12.0968 0192 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINXP\system32\DRIVERS\fltMgr.sys 14:46:13.0062 0192 FltMgr - ok 14:46:13.0140 0192 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 14:46:13.0156 0192 FontCache3.0.0.0 - ok 14:46:13.0171 0192 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINXP\system32\drivers\Fs_Rec.sys 14:46:13.0265 0192 Fs_Rec - ok 14:46:13.0281 0192 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINXP\system32\DRIVERS\ftdisk.sys 14:46:13.0375 0192 Ftdisk - ok 14:46:13.0406 0192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys 14:46:13.0421 0192 GEARAspiWDM - ok 14:46:13.0453 0192 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINXP\system32\DRIVERS\msgpc.sys 14:46:13.0562 0192 Gpc - ok 14:46:13.0609 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe 14:46:13.0609 0192 gupdate - ok 14:46:13.0625 0192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe 14:46:13.0625 0192 gupdatem - ok 14:46:13.0656 0192 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINXP\system32\DRIVERS\HDAudBus.sys 14:46:13.0750 0192 HDAudBus - ok 14:46:13.0796 0192 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:46:13.0890 0192 helpsvc - ok 14:46:13.0921 0192 [ A5AECF10BE62459533A06ED7EBF5770B ] HidBth C:\WINXP\system32\DRIVERS\hidbth.sys 14:46:14.0031 0192 HidBth - ok 14:46:14.0046 0192 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINXP\System32\hidserv.dll 14:46:14.0140 0192 HidServ - ok 14:46:14.0171 0192 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINXP\system32\DRIVERS\hidusb.sys 14:46:14.0250 0192 HidUsb - ok 14:46:14.0281 0192 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINXP\System32\kmsvc.dll 14:46:14.0375 0192 hkmsvc - ok 14:46:14.0375 0192 hpn - ok 14:46:14.0406 0192 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINXP\system32\Drivers\HTTP.sys 14:46:14.0453 0192 HTTP - ok 14:46:14.0484 0192 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINXP\System32\w3ssl.dll 14:46:14.0562 0192 HTTPFilter - ok 14:46:14.0578 0192 i2omgmt - ok 14:46:14.0578 0192 i2omp - ok 14:46:14.0578 0192 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINXP\system32\DRIVERS\i8042prt.sys 14:46:14.0671 0192 i8042prt - ok 14:46:14.0718 0192 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:46:14.0796 0192 idsvc - ok 14:46:14.0796 0192 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINXP\system32\DRIVERS\imapi.sys 14:46:14.0890 0192 Imapi - ok 14:46:14.0921 0192 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINXP\system32\imapi.exe 14:46:15.0000 0192 ImapiService - ok 14:46:15.0343 0192 [ 03BFF1DE5B708E92A1926BA4A33595D0 ] iMSPCLOj C:\DOKUME~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys 14:46:16.0125 0192 iMSPCLOj ( UnsignedFile.Multi.Generic ) - warning 14:46:16.0125 0192 iMSPCLOj - detected UnsignedFile.Multi.Generic (1) 14:46:16.0265 0192 [ B02A8A25192EE1C5E653628637AB6AAA ] InCDfs C:\WINXP\system32\drivers\InCDFs.sys 14:46:16.0281 0192 InCDfs - ok 14:46:16.0281 0192 [ B49BD5B663E1AF9BF3233B782B70D865 ] InCDPass C:\WINXP\system32\drivers\InCDPass.sys 14:46:16.0296 0192 InCDPass - ok 14:46:16.0312 0192 [ 8FD364EDBD97983575CEE3E8909E62B4 ] InCDrec C:\WINXP\system32\drivers\InCDrec.sys 14:46:16.0312 0192 InCDrec - ok 14:46:16.0312 0192 [ FC04E827133D54AB79CA254708F76CD0 ] incdrm C:\WINXP\system32\drivers\InCDRm.sys 14:46:16.0328 0192 incdrm - ok 14:46:16.0468 0192 [ 067020BB8ABF1F6B80361051B2806C90 ] InCDsrv C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe 14:46:16.0546 0192 InCDsrv - ok 14:46:16.0546 0192 ini910u - ok 14:46:16.0687 0192 [ A109FE3CA1EE4E92292B349DE1B32F7B ] IntcAzAudAddService C:\WINXP\system32\drivers\RtkHDAud.sys 14:46:16.0890 0192 IntcAzAudAddService - ok 14:46:16.0890 0192 IntelIde - ok 14:46:16.0921 0192 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINXP\system32\DRIVERS\Ip6Fw.sys 14:46:17.0031 0192 Ip6Fw - ok 14:46:17.0062 0192 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINXP\system32\DRIVERS\ipfltdrv.sys 14:46:17.0156 0192 IpFilterDriver - ok 14:46:17.0156 0192 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINXP\system32\DRIVERS\ipinip.sys 14:46:17.0250 0192 IpInIp - ok 14:46:17.0250 0192 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINXP\system32\DRIVERS\ipnat.sys 14:46:17.0343 0192 IpNat - ok 14:46:17.0421 0192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe 14:46:17.0437 0192 iPod Service - ok 14:46:17.0437 0192 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINXP\system32\DRIVERS\ipsec.sys 14:46:17.0531 0192 IPSec - ok 14:46:17.0562 0192 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINXP\system32\DRIVERS\irenum.sys 14:46:17.0609 0192 IRENUM - ok 14:46:17.0640 0192 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINXP\system32\DRIVERS\isapnp.sys 14:46:17.0750 0192 isapnp - ok 14:46:17.0765 0192 [ 71E1FC547CC488D5CD7BF0860C96F5AF ] IvtBtBUs C:\WINXP\system32\Drivers\IvtBtBus.sys 14:46:17.0781 0192 IvtBtBUs - ok 14:46:17.0828 0192 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 14:46:17.0843 0192 JavaQuickStarterService - ok 14:46:17.0859 0192 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINXP\system32\DRIVERS\kbdclass.sys 14:46:17.0953 0192 Kbdclass - ok 14:46:17.0953 0192 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINXP\system32\DRIVERS\kbdhid.sys 14:46:18.0046 0192 kbdhid - ok 14:46:18.0078 0192 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINXP\system32\drivers\kmixer.sys 14:46:18.0171 0192 kmixer - ok 14:46:18.0187 0192 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINXP\system32\drivers\KSecDD.sys 14:46:18.0234 0192 KSecDD - ok 14:46:18.0265 0192 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] LanmanServer C:\WINXP\System32\srvsvc.dll 14:46:18.0375 0192 LanmanServer - ok 14:46:18.0406 0192 [ C9B816901C1ABF28BA6C5B6CB65EB75B ] lanmanworkstation C:\WINXP\System32\wkssvc.dll 14:46:18.0437 0192 lanmanworkstation - ok 14:46:18.0437 0192 lbrtfdc - ok 14:46:18.0484 0192 [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0 C:\WINXP\system32\DRIVERS\libusb0.sys 14:46:18.0484 0192 libusb0 ( UnsignedFile.Multi.Generic ) - warning 14:46:18.0484 0192 libusb0 - detected UnsignedFile.Multi.Generic (1) 14:46:18.0531 0192 [ FAAB52B7766409D702B99FE5553DC34F ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 14:46:18.0531 0192 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:46:18.0531 0192 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:46:18.0546 0192 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINXP\System32\lmhsvc.dll 14:46:18.0640 0192 LmHosts - ok 14:46:18.0671 0192 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\WINXP\system32\DRIVERS\massfilter.sys 14:46:18.0703 0192 massfilter - ok 14:46:18.0718 0192 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINXP\System32\msgsvc.dll 14:46:18.0828 0192 Messenger - ok 14:46:18.0843 0192 [ 856E7D0EDEA8C1B11949E69936533CA6 ] MLPTDR_N C:\WINXP\system32\MLPTDR_N.sys 14:46:18.0890 0192 MLPTDR_N - ok 14:46:18.0921 0192 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINXP\system32\drivers\mnmdd.sys 14:46:19.0000 0192 mnmdd - ok 14:46:19.0031 0192 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINXP\system32\mnmsrvc.exe 14:46:19.0125 0192 mnmsrvc - ok 14:46:19.0140 0192 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINXP\system32\drivers\Modem.sys 14:46:19.0218 0192 Modem - ok 14:46:19.0234 0192 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINXP\system32\DRIVERS\mouclass.sys 14:46:19.0328 0192 Mouclass - ok 14:46:19.0359 0192 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINXP\system32\DRIVERS\mouhid.sys 14:46:19.0437 0192 mouhid - ok 14:46:19.0453 0192 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINXP\system32\drivers\MountMgr.sys 14:46:19.0531 0192 MountMgr - ok 14:46:19.0578 0192 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 14:46:19.0609 0192 MozillaMaintenance - ok 14:46:19.0625 0192 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINXP\system32\DRIVERS\MPE.sys 14:46:19.0703 0192 MPE - ok 14:46:19.0703 0192 mraid35x - ok 14:46:19.0718 0192 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINXP\system32\DRIVERS\mrxdav.sys 14:46:19.0812 0192 MRxDAV - ok 14:46:19.0828 0192 [ D09B9F0B9960DD41E73127B7814C115F ] MRxSmb C:\WINXP\system32\DRIVERS\mrxsmb.sys 14:46:19.0906 0192 MRxSmb - ok 14:46:19.0953 0192 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINXP\system32\msdtc.exe 14:46:20.0031 0192 MSDTC - ok 14:46:20.0046 0192 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINXP\system32\drivers\Msfs.sys 14:46:20.0125 0192 Msfs - ok 14:46:20.0125 0192 MSIServer - ok 14:46:20.0156 0192 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINXP\system32\drivers\MSKSSRV.sys 14:46:20.0234 0192 MSKSSRV - ok 14:46:20.0234 0192 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINXP\system32\drivers\MSPCLOCK.sys 14:46:20.0312 0192 MSPCLOCK - ok 14:46:20.0328 0192 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINXP\system32\drivers\MSPQM.sys 14:46:20.0421 0192 MSPQM - ok 14:46:20.0437 0192 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINXP\system32\DRIVERS\mssmbios.sys 14:46:20.0515 0192 mssmbios - ok 14:46:20.0531 0192 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINXP\system32\drivers\MSTEE.sys 14:46:20.0625 0192 MSTEE - ok 14:46:20.0625 0192 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINXP\system32\drivers\Mup.sys 14:46:20.0718 0192 Mup - ok 14:46:20.0734 0192 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINXP\system32\DRIVERS\NABTSFEC.sys 14:46:20.0828 0192 NABTSFEC - ok 14:46:20.0859 0192 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINXP\System32\qagentrt.dll 14:46:20.0953 0192 napagent - ok 14:46:21.0015 0192 [ 5836B9E91863A00EC1B8E785EFD86ECB ] NBService C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe 14:46:21.0062 0192 NBService - ok 14:46:21.0093 0192 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINXP\system32\drivers\NDIS.sys 14:46:21.0187 0192 NDIS - ok 14:46:21.0203 0192 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINXP\system32\DRIVERS\NdisIP.sys 14:46:21.0281 0192 NdisIP - ok 14:46:21.0296 0192 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINXP\system32\DRIVERS\ndistapi.sys 14:46:21.0375 0192 NdisTapi - ok 14:46:21.0390 0192 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINXP\system32\DRIVERS\ndisuio.sys 14:46:21.0484 0192 Ndisuio - ok 14:46:21.0484 0192 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINXP\system32\DRIVERS\ndiswan.sys 14:46:21.0578 0192 NdisWan - ok 14:46:21.0578 0192 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINXP\system32\drivers\NDProxy.sys 14:46:21.0656 0192 NDProxy - ok 14:46:21.0656 0192 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINXP\system32\DRIVERS\netbios.sys 14:46:21.0734 0192 NetBIOS - ok 14:46:21.0765 0192 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINXP\system32\DRIVERS\netbt.sys 14:46:21.0875 0192 NetBT - ok 14:46:21.0890 0192 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINXP\system32\netdde.exe 14:46:21.0984 0192 NetDDE - ok 14:46:21.0984 0192 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINXP\system32\netdde.exe 14:46:22.0062 0192 NetDDEdsdm - ok 14:46:22.0078 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINXP\system32\lsass.exe 14:46:22.0171 0192 Netlogon - ok 14:46:22.0187 0192 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINXP\System32\netman.dll 14:46:22.0281 0192 Netman - ok 14:46:22.0390 0192 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:46:22.0406 0192 NetTcpPortSharing - ok 14:46:22.0421 0192 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINXP\system32\DRIVERS\nic1394.sys 14:46:22.0500 0192 NIC1394 - ok 14:46:22.0531 0192 [ 4AA50627B01C0E9C6B4C6BD3AF648F12 ] Nla C:\WINXP\System32\mswsock.dll 14:46:22.0562 0192 Nla - ok 14:46:22.0625 0192 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe 14:46:22.0656 0192 NMIndexingService - ok 14:46:22.0687 0192 [ D21FEE8DB254BA762656878168AC1DB6 ] NPF C:\WINXP\system32\DRIVERS\npf.sys 14:46:22.0703 0192 NPF ( UnsignedFile.Multi.Generic ) - warning 14:46:22.0703 0192 NPF - detected UnsignedFile.Multi.Generic (1) 14:46:22.0718 0192 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINXP\system32\drivers\Npfs.sys 14:46:22.0828 0192 Npfs - ok 14:46:22.0843 0192 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINXP\system32\drivers\Ntfs.sys 14:46:22.0937 0192 Ntfs - ok 14:46:22.0953 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINXP\system32\lsass.exe 14:46:23.0031 0192 NtLmSsp - ok 14:46:23.0046 0192 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINXP\system32\ntmssvc.dll 14:46:23.0140 0192 NtmsSvc - ok 14:46:23.0171 0192 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINXP\system32\drivers\Null.sys 14:46:23.0250 0192 Null - ok 14:46:23.0281 0192 [ A12EC731BB00ADAD2D016D41C1F18FA4 ] NVENETFD C:\WINXP\system32\DRIVERS\NVENETFD.sys 14:46:23.0328 0192 NVENETFD - ok 14:46:23.0343 0192 [ 5DC6A149897820DE315916B6EC984EC9 ] nvnetbus C:\WINXP\system32\DRIVERS\nvnetbus.sys 14:46:23.0375 0192 nvnetbus - ok 14:46:23.0390 0192 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\WINXP\system32\DRIVERS\nvsmu.sys 14:46:23.0421 0192 nvsmu - ok 14:46:23.0421 0192 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINXP\system32\DRIVERS\nwlnkflt.sys 14:46:23.0500 0192 NwlnkFlt - ok 14:46:23.0500 0192 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINXP\system32\DRIVERS\nwlnkfwd.sys 14:46:23.0578 0192 NwlnkFwd - ok 14:46:23.0593 0192 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINXP\system32\DRIVERS\ohci1394.sys 14:46:23.0671 0192 ohci1394 - ok 14:46:23.0687 0192 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINXP\system32\drivers\Parport.sys 14:46:23.0781 0192 Parport - ok 14:46:23.0796 0192 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINXP\system32\drivers\PartMgr.sys 14:46:23.0875 0192 PartMgr - ok 14:46:23.0890 0192 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINXP\system32\drivers\ParVdm.sys 14:46:23.0968 0192 ParVdm - ok 14:46:24.0000 0192 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINXP\system32\DRIVERS\pccsmcfd.sys 14:46:24.0031 0192 pccsmcfd - ok 14:46:24.0046 0192 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINXP\system32\DRIVERS\pci.sys 14:46:24.0140 0192 PCI - ok 14:46:24.0140 0192 PCIDump - ok 14:46:24.0140 0192 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINXP\system32\DRIVERS\pciide.sys 14:46:24.0218 0192 PCIIde - ok 14:46:24.0234 0192 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINXP\system32\drivers\Pcmcia.sys 14:46:24.0328 0192 Pcmcia - ok 14:46:24.0343 0192 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINXP\system32\Drivers\pcouffin.sys 14:46:24.0359 0192 pcouffin ( UnsignedFile.Multi.Generic ) - warning 14:46:24.0359 0192 pcouffin - detected UnsignedFile.Multi.Generic (1) 14:46:24.0359 0192 PDCOMP - ok 14:46:24.0359 0192 PDFRAME - ok 14:46:24.0359 0192 PDRELI - ok 14:46:24.0375 0192 PDRFRAME - ok 14:46:24.0375 0192 perc2 - ok 14:46:24.0375 0192 perc2hib - ok 14:46:24.0390 0192 [ F0A7D59AF279326528715B206669B86C ] PlugPlay C:\WINXP\system32\services.exe 14:46:24.0406 0192 PlugPlay - ok 14:46:24.0406 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINXP\system32\lsass.exe 14:46:24.0484 0192 PolicyAgent - ok 14:46:24.0484 0192 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINXP\system32\DRIVERS\raspptp.sys 14:46:24.0562 0192 PptpMiniport - ok 14:46:24.0562 0192 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINXP\system32\DRIVERS\processr.sys 14:46:24.0640 0192 Processor - ok 14:46:24.0656 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINXP\system32\lsass.exe 14:46:24.0734 0192 ProtectedStorage - ok 14:46:24.0734 0192 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINXP\system32\DRIVERS\psched.sys 14:46:24.0812 0192 PSched - ok 14:46:24.0843 0192 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe 14:46:24.0859 0192 PSI_SVC_2 - ok 14:46:24.0875 0192 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINXP\system32\DRIVERS\ptilink.sys 14:46:24.0953 0192 Ptilink - ok 14:46:24.0968 0192 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINXP\system32\Drivers\PxHelp20.sys 14:46:40.0140 0192 PxHelp20 - ok 14:46:40.0140 0192 ql1080 - ok 14:46:40.0156 0192 Ql10wnt - ok 14:46:40.0156 0192 ql12160 - ok 14:46:40.0156 0192 ql1240 - ok 14:46:40.0156 0192 ql1280 - ok 14:46:40.0171 0192 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINXP\system32\DRIVERS\rasacd.sys 14:46:40.0250 0192 RasAcd - ok 14:46:40.0281 0192 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINXP\System32\rasauto.dll 14:46:40.0375 0192 RasAuto - ok 14:46:40.0390 0192 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINXP\system32\DRIVERS\rasl2tp.sys 14:46:40.0484 0192 Rasl2tp - ok 14:46:40.0500 0192 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINXP\System32\rasmans.dll 14:46:40.0578 0192 RasMan - ok 14:46:40.0593 0192 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINXP\system32\DRIVERS\raspppoe.sys 14:46:40.0671 0192 RasPppoe - ok 14:46:40.0671 0192 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINXP\system32\DRIVERS\raspti.sys 14:46:40.0750 0192 Raspti - ok 14:46:40.0781 0192 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINXP\system32\DRIVERS\rdbss.sys 14:46:40.0859 0192 Rdbss - ok 14:46:40.0875 0192 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINXP\system32\DRIVERS\RDPCDD.sys 14:46:40.0937 0192 RDPCDD - ok 14:46:40.0968 0192 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINXP\system32\DRIVERS\rdpdr.sys 14:46:41.0062 0192 rdpdr - ok 14:46:41.0078 0192 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINXP\system32\drivers\RDPWD.sys 14:46:41.0156 0192 RDPWD - ok 14:46:41.0171 0192 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINXP\system32\sessmgr.exe 14:46:41.0281 0192 RDSessMgr - ok 14:46:41.0296 0192 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINXP\system32\DRIVERS\redbook.sys 14:46:41.0375 0192 redbook - ok 14:46:41.0406 0192 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINXP\System32\mprdim.dll 14:46:41.0484 0192 RemoteAccess - ok 14:46:41.0500 0192 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINXP\system32\regsvc.dll 14:46:41.0593 0192 RemoteRegistry - ok 14:46:41.0625 0192 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINXP\system32\DRIVERS\rfcomm.sys 14:46:41.0703 0192 RFCOMM - ok 14:46:41.0718 0192 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINXP\system32\locator.exe 14:46:41.0796 0192 RpcLocator - ok 14:46:41.0828 0192 [ D3D765E8455A961AE567B408F767D4F9 ] RpcSs C:\WINXP\system32\rpcss.dll 14:46:41.0843 0192 RpcSs - ok 14:46:41.0859 0192 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINXP\system32\rsvp.exe 14:46:41.0937 0192 RSVP - ok 14:46:41.0984 0192 [ 59757FE605EDEEFD8AA9EAD819AA38E2 ] RTL2832UBDA C:\WINXP\system32\drivers\RTL2832UBDA.sys 14:46:42.0015 0192 RTL2832UBDA - ok 14:46:42.0015 0192 [ 5D1E47E9D6204D09FC94223C4E1E15D0 ] RTL2832UUSB C:\WINXP\system32\Drivers\RTL2832UUSB.sys 14:46:42.0031 0192 RTL2832UUSB - ok 14:46:42.0062 0192 [ ADAC790BAA89AC1FEE08DEEF67D18F5C ] RTL2832U_IRHID C:\WINXP\system32\DRIVERS\RTL2832U_IRHID.sys 14:46:42.0062 0192 RTL2832U_IRHID - ok 14:46:42.0125 0192 [ 2E2E3A2D1BA5E540C32558F3F37D33E3 ] RTL8187B C:\WINXP\system32\DRIVERS\RTL8187B.sys 14:46:42.0156 0192 RTL8187B - ok 14:46:42.0187 0192 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINXP\system32\lsass.exe 14:46:42.0250 0192 SamSs - ok 14:46:42.0265 0192 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINXP\System32\SCardSvr.exe 14:46:42.0359 0192 SCardSvr - ok 14:46:42.0375 0192 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINXP\system32\schedsvc.dll 14:46:42.0500 0192 Schedule - ok 14:46:42.0515 0192 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINXP\system32\DRIVERS\secdrv.sys 14:46:42.0546 0192 Secdrv - ok 14:46:42.0578 0192 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINXP\System32\seclogon.dll 14:46:42.0640 0192 seclogon - ok 14:46:42.0656 0192 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINXP\system32\sens.dll 14:46:42.0718 0192 SENS - ok 14:46:42.0734 0192 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINXP\system32\DRIVERS\serenum.sys 14:46:42.0828 0192 serenum - ok 14:46:42.0843 0192 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINXP\system32\drivers\Serial.sys 14:46:42.0921 0192 Serial - ok 14:46:42.0984 0192 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe 14:46:43.0031 0192 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 14:46:43.0031 0192 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 14:46:43.0062 0192 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINXP\system32\DRIVERS\sfloppy.sys 14:46:43.0125 0192 Sfloppy - ok 14:46:43.0156 0192 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINXP\System32\ipnathlp.dll 14:46:43.0250 0192 SharedAccess - ok 14:46:43.0250 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINXP\System32\shsvcs.dll 14:46:43.0328 0192 ShellHWDetection - ok 14:46:43.0328 0192 Simbad - ok 14:46:43.0359 0192 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINXP\system32\DRIVERS\SLIP.sys 14:46:43.0437 0192 SLIP - ok 14:46:43.0468 0192 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe 14:46:43.0484 0192 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning 14:46:43.0484 0192 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1) 14:46:43.0484 0192 Sparrow - ok 14:46:43.0515 0192 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINXP\system32\drivers\splitter.sys 14:46:43.0593 0192 splitter - ok 14:46:43.0593 0192 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINXP\system32\spoolsv.exe 14:46:43.0671 0192 Spooler - ok 14:46:43.0718 0192 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINXP\system32\Drivers\sptd.sys 14:46:43.0718 0192 Suspicious file (NoAccess): C:\WINXP\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505 14:46:43.0718 0192 sptd ( LockedFile.Multi.Generic ) - warning 14:46:43.0718 0192 sptd - detected LockedFile.Multi.Generic (1) 14:46:43.0750 0192 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINXP\system32\DRIVERS\sr.sys 14:46:43.0781 0192 sr - ok 14:46:43.0812 0192 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINXP\system32\srsvc.dll 14:46:43.0859 0192 srservice - ok 14:46:43.0875 0192 [ 30EFED0C77D59AE0CACB0B5C756767ED ] Srv C:\WINXP\system32\DRIVERS\srv.sys 14:46:43.0921 0192 Srv - ok 14:46:43.0953 0192 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINXP\System32\ssdpsrv.dll 14:46:44.0000 0192 SSDPSRV - ok 14:46:44.0015 0192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINXP\system32\DRIVERS\ssmdrv.sys 14:46:44.0031 0192 ssmdrv - ok 14:46:44.0062 0192 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINXP\system32\wiaservc.dll 14:46:44.0156 0192 stisvc - ok 14:46:44.0171 0192 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINXP\system32\DRIVERS\StreamIP.sys 14:46:44.0250 0192 streamip - ok 14:46:44.0265 0192 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINXP\system32\DRIVERS\swenum.sys 14:46:44.0359 0192 swenum - ok 14:46:44.0375 0192 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINXP\system32\drivers\swmidi.sys 14:46:44.0453 0192 swmidi - ok 14:46:44.0453 0192 SwPrv - ok 14:46:44.0453 0192 symc810 - ok 14:46:44.0468 0192 symc8xx - ok 14:46:44.0468 0192 sym_hi - ok 14:46:44.0468 0192 sym_u3 - ok 14:46:44.0484 0192 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINXP\system32\drivers\sysaudio.sys 14:46:44.0578 0192 sysaudio - ok 14:46:44.0593 0192 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINXP\system32\smlogsvc.exe 14:46:44.0687 0192 SysmonLog - ok 14:46:44.0703 0192 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINXP\System32\tapisrv.dll 14:46:44.0796 0192 TapiSrv - ok 14:46:44.0828 0192 [ 74D4299CDC4CF748EFEF725C2206E135 ] tbhsd C:\WINXP\system32\drivers\tbhsd.sys 14:46:44.0843 0192 tbhsd - ok 14:46:44.0875 0192 [ AD978A1B783B5719720CFF204B666C8E ] Tcpip C:\WINXP\system32\DRIVERS\tcpip.sys 14:46:44.0921 0192 Tcpip - ok 14:46:44.0937 0192 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINXP\system32\drivers\TDPIPE.sys 14:46:45.0015 0192 TDPIPE - ok 14:46:45.0031 0192 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINXP\system32\drivers\TDTCP.sys 14:46:45.0109 0192 TDTCP - ok 14:46:45.0125 0192 [ 88155247177638048422893737429D9E ] TermDD C:\WINXP\system32\DRIVERS\termdd.sys 14:46:45.0203 0192 TermDD - ok 14:46:45.0234 0192 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINXP\System32\termsrv.dll 14:46:45.0328 0192 TermService - ok 14:46:45.0343 0192 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINXP\System32\shsvcs.dll 14:46:45.0421 0192 Themes - ok 14:46:45.0421 0192 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINXP\system32\tlntsvr.exe 14:46:45.0468 0192 TlntSvr - ok 14:46:45.0468 0192 TosIde - ok 14:46:45.0484 0192 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINXP\system32\trkwks.dll 14:46:45.0562 0192 TrkWks - ok 14:46:45.0593 0192 [ 228D8E60BC9C5238587B0BF1654EC580 ] U2SP C:\WINXP\system32\DRIVERS\u2s2kxp.sys 14:46:45.0609 0192 U2SP - ok 14:46:45.0640 0192 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINXP\system32\drivers\Udfs.sys 14:46:45.0734 0192 Udfs - ok 14:46:45.0734 0192 ultra - ok 14:46:45.0781 0192 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Programme\Unlocker\UnlockerDriver5.sys 14:46:45.0781 0192 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 14:46:45.0781 0192 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 14:46:45.0796 0192 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINXP\system32\DRIVERS\update.sys 14:46:45.0921 0192 Update - ok 14:46:45.0953 0192 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINXP\System32\upnphost.dll 14:46:46.0000 0192 upnphost - ok 14:46:46.0031 0192 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\WINXP\system32\DRIVERS\usbser_lowerflt.sys 14:46:46.0265 0192 upperdev - ok 14:46:46.0281 0192 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINXP\System32\ups.exe 14:46:46.0359 0192 UPS - ok 14:46:46.0390 0192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINXP\system32\Drivers\usbaapl.sys 14:46:46.0421 0192 USBAAPL - ok 14:46:46.0453 0192 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINXP\system32\drivers\usbaudio.sys 14:46:46.0546 0192 usbaudio - ok 14:46:46.0593 0192 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINXP\system32\DRIVERS\usbccgp.sys 14:46:46.0687 0192 usbccgp - ok 14:46:46.0703 0192 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINXP\system32\DRIVERS\usbehci.sys 14:46:46.0781 0192 usbehci - ok 14:46:46.0812 0192 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINXP\system32\DRIVERS\usbhub.sys 14:46:46.0906 0192 usbhub - ok 14:46:46.0921 0192 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINXP\system32\DRIVERS\usbohci.sys 14:46:47.0000 0192 usbohci - ok 14:46:47.0015 0192 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINXP\system32\DRIVERS\usbprint.sys 14:46:47.0093 0192 usbprint - ok 14:46:47.0140 0192 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINXP\system32\DRIVERS\usbscan.sys 14:46:47.0218 0192 usbscan - ok 14:46:47.0250 0192 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINXP\system32\drivers\usbser.sys 14:46:47.0328 0192 usbser - ok 14:46:47.0328 0192 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\WINXP\system32\DRIVERS\usbser_lowerfltj.sys 14:46:47.0406 0192 UsbserFilt - ok 14:46:47.0421 0192 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINXP\system32\DRIVERS\USBSTOR.SYS 14:46:47.0515 0192 usbstor - ok 14:46:47.0515 0192 VComm - ok 14:46:47.0531 0192 VcommMgr - ok 14:46:47.0562 0192 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINXP\System32\drivers\vga.sys 14:46:47.0656 0192 VgaSave - ok 14:46:47.0656 0192 ViaIde - ok 14:46:47.0718 0192 [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 14:46:47.0718 0192 VMCService ( UnsignedFile.Multi.Generic ) - warning 14:46:47.0718 0192 VMCService - detected UnsignedFile.Multi.Generic (1) 14:46:47.0765 0192 [ 590C7A3A1133E51A7E1CEF67366E75AF ] vmm C:\WINXP\system32\Drivers\vmm.sys 14:46:47.0765 0192 vmm - ok 14:46:47.0781 0192 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINXP\system32\drivers\VolSnap.sys 14:46:47.0859 0192 VolSnap - ok 14:46:47.0906 0192 [ F96A678DEBDCCB0B4BB7F38CB2580589 ] VPCNetS2 C:\WINXP\system32\DRIVERS\VMNetSrv.sys 14:46:47.0906 0192 VPCNetS2 - ok 14:46:47.0937 0192 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINXP\System32\vssvc.exe 14:46:47.0984 0192 VSS - ok 14:46:48.0000 0192 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINXP\system32\w32time.dll 14:46:48.0078 0192 W32Time - ok 14:46:48.0125 0192 [ B57979148638F84E54B6441F085F2584 ] W700bus C:\WINXP\system32\DRIVERS\W700bus.sys 14:46:48.0171 0192 W700bus - ok 14:46:48.0187 0192 [ 82DC8E5CC926FFE07ED5E54B98B4C652 ] W700mdfl C:\WINXP\system32\DRIVERS\W700mdfl.sys 14:46:48.0218 0192 W700mdfl - ok 14:46:48.0234 0192 [ A021DE85658CB97009EFE50EB1849672 ] W700mdm C:\WINXP\system32\DRIVERS\W700mdm.sys 14:46:48.0250 0192 W700mdm - ok 14:46:48.0250 0192 [ 1308F53761623DFE30733073A13B677B ] W700mgmt C:\WINXP\system32\DRIVERS\W700mgmt.sys 14:46:48.0281 0192 W700mgmt - ok 14:46:48.0281 0192 [ 725AED977F8B8155D8F3A424E435BE63 ] W700obex C:\WINXP\system32\DRIVERS\W700obex.sys 14:46:48.0296 0192 W700obex - ok 14:46:48.0312 0192 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINXP\system32\DRIVERS\wanarp.sys 14:46:48.0390 0192 Wanarp - ok 14:46:48.0421 0192 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINXP\system32\Drivers\wdf01000.sys 14:46:48.0468 0192 Wdf01000 - ok 14:46:48.0468 0192 WDICA - ok 14:46:48.0484 0192 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINXP\system32\drivers\wdmaud.sys 14:46:48.0562 0192 wdmaud - ok 14:46:48.0578 0192 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINXP\System32\webclnt.dll 14:46:48.0656 0192 WebClient - ok 14:46:48.0687 0192 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\WINXP\system32\drivers\windrvr6.sys 14:46:48.0703 0192 WinDriver6 ( UnsignedFile.Multi.Generic ) - warning 14:46:48.0703 0192 WinDriver6 - detected UnsignedFile.Multi.Generic (1) 14:46:48.0781 0192 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINXP\system32\wbem\WMIsvc.dll 14:46:48.0890 0192 winmgmt - ok 14:46:48.0968 0192 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 D:\VLCC\VNC4\WinVNC4.exe 14:46:49.0015 0192 WinVNC4 - ok 14:46:49.0031 0192 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINXP\system32\mspmsnsv.dll 14:46:49.0062 0192 WmdmPmSN - ok 14:46:49.0093 0192 [ 57FA31A965D8FC3172641A93618FBE9E ] Wmi C:\WINXP\System32\advapi32.dll 14:46:49.0140 0192 Wmi - ok 14:46:49.0156 0192 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINXP\system32\DRIVERS\wmiacpi.sys 14:46:49.0234 0192 WmiAcpi - ok 14:46:49.0250 0192 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINXP\system32\wbem\wmiapsrv.exe 14:46:49.0328 0192 WmiApSrv - ok 14:46:49.0390 0192 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 14:46:49.0453 0192 WMPNetworkSvc - ok 14:46:49.0484 0192 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINXP\system32\DRIVERS\wpdusb.sys 14:46:49.0484 0192 WpdUsb - ok 14:46:49.0593 0192 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:46:49.0640 0192 WPFFontCache_v0400 - ok 14:46:49.0671 0192 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINXP\System32\drivers\ws2ifsl.sys 14:46:49.0750 0192 WS2IFSL - ok 14:46:49.0765 0192 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINXP\system32\wscsvc.dll 14:46:49.0859 0192 wscsvc - ok 14:46:49.0875 0192 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINXP\system32\DRIVERS\WSTCODEC.SYS 14:46:49.0953 0192 WSTCODEC - ok 14:46:49.0984 0192 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINXP\system32\wuauserv.dll 14:46:50.0062 0192 wuauserv - ok 14:46:50.0093 0192 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINXP\system32\DRIVERS\WudfPf.sys 14:46:50.0140 0192 WudfPf - ok 14:46:50.0156 0192 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINXP\system32\DRIVERS\wudfrd.sys 14:46:50.0171 0192 WudfRd - ok 14:46:50.0203 0192 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINXP\System32\WUDFSvc.dll 14:46:50.0234 0192 WudfSvc - ok 14:46:50.0265 0192 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINXP\System32\wzcsvc.dll 14:46:50.0406 0192 WZCSVC - ok 14:46:50.0437 0192 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINXP\System32\xmlprov.dll 14:46:50.0515 0192 xmlprov - ok 14:46:50.0546 0192 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\WINXP\system32\DRIVERS\ZTEusbmdm6k.sys 14:46:50.0609 0192 ZTEusbmdm6k - ok 14:46:50.0625 0192 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\WINXP\system32\DRIVERS\ZTEusbnet.sys 14:46:50.0656 0192 ZTEusbnet - ok 14:46:50.0656 0192 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\WINXP\system32\DRIVERS\ZTEusbnmea.sys 14:46:50.0703 0192 ZTEusbnmea - ok 14:46:50.0718 0192 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\WINXP\system32\DRIVERS\ZTEusbser6k.sys 14:46:50.0734 0192 ZTEusbser6k - ok 14:46:50.0734 0192 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\WINXP\system32\DRIVERS\ZTEusbvoice.sys 14:46:50.0750 0192 ZTEusbvoice - ok 14:46:50.0765 0192 ================ Scan global =============================== 14:46:50.0796 0192 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINXP\system32\basesrv.dll 14:46:50.0812 0192 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll 14:46:50.0843 0192 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINXP\system32\winsrv.dll 14:46:50.0859 0192 [ F0A7D59AF279326528715B206669B86C ] C:\WINXP\system32\services.exe 14:46:50.0875 0192 [Global] - ok 14:46:50.0875 0192 ================ Scan MBR ================================== 14:46:50.0890 0192 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 14:46:51.0359 0192 \Device\Harddisk0\DR0 - ok 14:46:51.0359 0192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR11 14:46:51.0703 0192 \Device\Harddisk5\DR11 - ok 14:46:51.0703 0192 ================ Scan VBR ================================== 14:46:51.0703 0192 [ 322E58D03A9962F8F07BEB3F98C548E7 ] \Device\Harddisk0\DR0\Partition1 14:46:51.0703 0192 \Device\Harddisk0\DR0\Partition1 - ok 14:46:51.0718 0192 [ C3459D99BA4D1C6DB383BBF9C796422D ] \Device\Harddisk0\DR0\Partition2 14:46:51.0734 0192 \Device\Harddisk0\DR0\Partition2 - ok 14:46:51.0734 0192 [ 53F018DC5C8AF3F547C563CA3205B6FF ] \Device\Harddisk5\DR11\Partition1 14:46:51.0734 0192 \Device\Harddisk5\DR11\Partition1 - ok 14:46:51.0734 0192 ============================================================ 14:46:51.0734 0192 Scan finished 14:46:51.0734 0192 ============================================================ 14:46:51.0859 4188 Detected object count: 19 14:46:51.0859 4188 Actual detected object count: 19 14:47:37.0109 4188 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 androidusb ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 androidusb ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 AVM IGD CTRL Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 de_serv ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 de_serv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 EMSLink ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 EMSLink ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 iMSPCLOj ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 iMSPCLOj ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0109 4188 NPF ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0109 4188 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 sptd ( LockedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:37.0125 4188 WinDriver6 ( UnsignedFile.Multi.Generic ) - skipped by user 14:47:37.0125 4188 WinDriver6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:47:42.0890 5956 Deinitialize success |
|
23.01.2013, 14:40
| #8 | |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 16:05
| #9 |
| | Evtl. Virus oder Trojaner eingefangen So fertig! Combofix Logfile: Code:
ATTFilter ComboFix 13-01-23.01 - Andy 23.01.2013 15:39:49.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3583.2856 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Andy\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\5A1597EEC2.sys
c:\dokumente und einstellungen\Andy\Anwendungsdaten\inst.exe
c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Temporary Internet Files\noxondabstickupdate.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\winxp\IsUn0407.exe
c:\winxp\iun6002.exe
c:\winxp\ntdll.dl
c:\winxp\system32\drivers\npf.sys
c:\winxp\system32\Packet.dll
c:\winxp\system32\pthreadVC.dll
c:\winxp\system32\WanPacket.dll
c:\winxp\system32\win32.dll
c:\winxp\system32\wpcap.dll
c:\winxp\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-23 bis 2013-01-23 ))))))))))))))))))))))))))))))
.
.
2013-01-20 08:32 . 2013-01-20 08:32 -------- d-----w- c:\dokumente und einstellungen\Andy\Anwendungsdaten\Avira
2013-01-20 08:27 . 2013-01-20 08:27 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Mozilla
2013-01-20 08:27 . 2012-11-27 09:01 83944 ----a-w- c:\winxp\system32\drivers\avgntflt.sys
2013-01-20 08:27 . 2012-11-22 14:51 36552 ----a-w- c:\winxp\system32\drivers\avkmgr.sys
2013-01-20 08:27 . 2012-11-22 14:50 134336 ----a-w- c:\winxp\system32\drivers\avipbb.sys
2013-01-20 08:27 . 2013-01-20 08:27 -------- d-----w- c:\programme\Avira
2013-01-20 08:27 . 2013-01-20 08:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2013-01-19 12:15 . 2013-01-19 12:15 -------- d-----w- c:\programme\iPod
2013-01-19 12:15 . 2013-01-19 12:15 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-19 12:15 . 2013-01-19 12:15 -------- d-----w- c:\programme\iTunes
2013-01-19 12:11 . 2013-01-19 12:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2013-01-19 12:10 . 2013-01-19 12:13 -------- d-----w- c:\dokumente und einstellungen\Andy\Lokale Einstellungen\Anwendungsdaten\Abelssoft
2013-01-19 12:10 . 2013-01-19 12:10 -------- d-----w- c:\programme\CheckDrive
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 11:57 . 2012-04-07 14:15 697864 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2013-01-19 11:57 . 2011-05-18 20:02 74248 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2012-12-08 10:40 . 2011-03-15 18:58 2516 --sha-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
2013-01-19 12:20 . 2013-01-19 12:19 262552 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\winxp\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\winxp\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\winxp\system32\nbDX.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-09-03 . 451D0981F4CCA5697307AF90D799BDC3 . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2008-12-06 2387968]
"DAEMON Tools Lite"="d:\daemon tools\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"PC Suite Tray"="d:\nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-28 19557480]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\programme\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\programme\Nero\Nero 7\InCD\NBHGui.exe" [2007-11-26 1629480]
"InCD"="c:\programme\Nero\Nero 7\InCD\InCD.exe" [2007-11-26 1057064]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-04 202256]
"QuickTime Task"="d:\quik time\QTTask.exe" [2010-08-10 421888]
"CloneCDTray"="d:\clone cd\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"KONICA MINOLTA PagePro 1300WStatusDisplay"="c:\winxp\system32\MSTMON_N.EXE" [2004-11-25 151552]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"vspdfprsrv.exe"="d:\pdf\vspdfprsrv.exe" [2006-05-04 998912]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"PDFPrint"="d:\pdf\PDF24\pdf24.exe" [2012-05-22 160872]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Andy\Startmenü\Programme\Autostart\
FRITZ!DSL Protect.lnk - c:\programme\FRITZ!DSL\FwebProt.exe [2010-9-3 917504]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
REALTEK RTL8187B Wireless LAN Utility.lnk - c:\programme\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe [2010-9-3 880640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Realtek\\RTL8187B Wireless LAN Utility\\RtWLan.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Opera\\opera.exe"=
"d:\\Orbit Downloader\\Orbitdownloader\\orbitdm.exe"=
"d:\\Orbit Downloader\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\VLCC\\TightVNC\\Data\\WinVNC.exe"=
"d:\\VLCC\\VNC4\\winvnc4.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"d:\\Real Player\\realplay.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
"c:\\Programme\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
"3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\winxp\system32\drivers\BtHidBus.sys [07.01.2009 23:39 20744]
R0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [03.09.2010 19:15 691696]
R1 avkmgr;avkmgr;c:\winxp\system32\drivers\avkmgr.sys [20.01.2013 09:27 36552]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2013 09:27 85280]
R2 Dokan;Dokan;c:\winxp\system32\drivers\dokan.sys [31.12.2008 11:34 60928]
R2 DokanMounter;DokanMounter;c:\programme\Dokan\DokanLibrary\mounter.exe [31.12.2008 11:34 20992]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 17:20 9216]
R3 pcouffin;VSO Software pcouffin;c:\winxp\system32\drivers\pcouffin.sys [03.09.2010 20:27 47360]
R3 RTL2832UBDA;NOXON DAB Stick BDA Driver;c:\winxp\system32\drivers\RTL2832UBDA.sys [06.09.2011 19:22 189184]
R3 RTL2832UUSB;NOXON DAB Stick USB Driver;c:\winxp\system32\drivers\RTL2832UUSB.sys [06.09.2011 19:22 33536]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\winxp\system32\drivers\EMSLink_i386.sys [25.10.2011 18:03 6656]
S2 MLPTDR_N;MLPTDR_N;c:\winxp\system32\MLPTDR_N.SYS [18.07.2003 18:44 18848]
S3 androidusb;ADB Interface Driver;c:\winxp\system32\drivers\androidusb.sys [26.12.2011 10:55 25728]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\winxp\system32\drivers\btnetBus.sys [07.12.2008 12:44 30088]
S3 iMSPCLOj;iMSPCLOj;\??\c:\dokume~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys --> c:\dokume~1\Andy\LOKALE~1\Temp\iMSPCLOj.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\winxp\system32\drivers\IvtBtBus.sys [02.07.2008 14:58 26248]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\winxp\system32\drivers\libusb0.sys [09.11.2011 16:44 28672]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winxp\system32\drivers\massfilter.sys [17.11.2011 19:08 7680]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\winxp\system32\drivers\RTL2832U_IRHID.sys [06.09.2011 19:22 37280]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\winxp\system32\drivers\RTL8187B.sys [03.09.2010 16:29 335104]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\winxp\system32\drivers\ZTEusbnet.sys [17.11.2011 19:10 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\winxp\system32\drivers\zteusbvoice.sys [17.11.2011 19:10 105344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 21:18 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-04-09 c:\winxp\Tasks\debutShakeIcon.job
- c:\programme\NCH Software\Debut\debut.exe [2012-04-09 08:32]
.
2013-01-23 c:\winxp\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 17:28]
.
2013-01-23 c:\winxp\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 17:28]
.
2013-01-23 c:\winxp\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
2013-01-20 c:\winxp\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1682526488-1801674531-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbit downloader\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Andy\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\programme\FRITZ!DSL\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Andy\Anwendungsdaten\Mozilla\Firefox\Profiles\3kvl8u0t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Skype - c:\dokumente und einstellungen\Andy\Anwendungsdaten\Skype\Phone\Skype.exe
HKLM-Run-USB Webmail Notifier - d:\usbweb~1\USB Webmail Notifier.exe
HKLM-Run-IR_SERVER - c:\programme\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-DVD Identifier_is1 - d:\dvd cd anlyse\DVD Identifier\Uninst\unins000.exe
AddRemove-EPC Compact - c:\winxp\ISUN0407.EXE
AddRemove-FRITZ!DSL - c:\winxp\IsUn0407.exe
AddRemove-Radio Decoder - c:\winxp\iun6002.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-23 15:46
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\winxp\system32\Ati2evxx.dll
c:\winxp\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(1032)
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\programme\FRITZ!DSL\avmcsock.dll
c:\programme\FRITZ!DSL\avmufc.dll
.
- - - - - - - > 'explorer.exe'(5016)
c:\winxp\system32\webcheck.dll
c:\winxp\system32\wpdshserviceobj.dll
d:\nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\nokia\Nokia PC Suite 7\NGSCM.DLL
d:\nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
d:\nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\programme\Microsoft Virtual PC\VPCShExH.DLL
c:\winxp\system32\portabledevicetypes.dll
c:\winxp\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\winxp\system32\Ati2evxx.exe
c:\winxp\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\FRITZ!DSL\IGDCTRL.EXE
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Nero\Nero 7\InCD\InCDsrv.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
d:\vlcc\VNC4\WinVNC4.exe
c:\winxp\RTHDCPL.EXE
c:\winxp\system32\rundll32.exe
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\winxp\system32\wbem\wmiapsrv.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programme\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-23 15:49:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-23 14:49
.
Vor Suchlauf: 23 Verzeichnis(se), 147.944.521.728 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 154.033.790.976 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1A24F7BDA49011F7B589DA0D33972C68
|
|
24.01.2013, 18:17
| #10 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hi öffne mal bitte c: qoobox rechtsklick, quarantain, packe es mit winrar, oder zip, lade es dann hoch: Trojaner-Board Upload Channel teile mir bitte mit, wenn fertig.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2013, 18:51
| #11 |
| | Evtl. Virus oder Trojaner eingefangen Is upgeloadet! Danke noch für die Hilfe! |
|
24.01.2013, 22:44
| #12 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hatt leider net geklappt File-Upload.net - Ihr kostenloser File Hoster! da mal bitte hochladen, link als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2013, 16:34
| #13 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hi, danke malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2013, 21:40
| #14 |
| | Evtl. Virus oder Trojaner eingefangen Hab es mal trüber laufen lassen! Das mit der Openbox Software kann ich nicht ganz verstehen die Software war damals beim Sat receiver dabei und ist zum Programm und sendelisten editiren! Hab die Software seit ca.2008 und mitlerweile am 3PC hab aber jetzt trotzdem mal in quarantäne geschoben! Hier der Log Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.25.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Andy :: MEDIABOX [Administrator] Schutz: Deaktiviert 25.01.2013 20:02:54 mbam-log-2013-01-25 (20-02-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 402304 Laufzeit: 1 Stunde(n), 25 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 D:\System Volume Information\_restore{7EC18A29-9B24-4EC2-B058-65800773F519}\RP525\A0123537.exe (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Daten pyranja PC\Bilder Videos alter PC\gags\NICETOHAVE\STRESSZOLDO.EXE (Joke.Stressreducer) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Daten pyranja PC\openb0x\Neuer Ordner\pobedit091_nagra_au\getkeys.dll (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Daten pyranja PC\openb0x\Neuer Ordner\pobedit091_nagra_au\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Daten pyranja PC\Openbox\Pobedit 0.909\Pobedit 0.909\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Koscom zu Openbox\Koscom zu Openbox 1\PB_0.922\PB 0.922\POBEDIT.EXE (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Koscom zu Openbox\Koscom zu Openbox 1\Wechsel koscom zu openbox\PB_0.922\PB 0.922\POBEDIT.EXE (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Koscom zu Openbox\PB_0.922\PB 0.922\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Koscom zu Openbox\Wechsel koscom zu openbox\PB_0.922\PB 0.922\pobedit.exe (Backdoor.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
29.01.2013, 13:07
| #15 |
| /// Malware-holic | Evtl. Virus oder Trojaner eingefangen hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Evtl. Virus oder Trojaner eingefangen |
| antivir, avira, bho, bonjour, converter, desktop, downloader, echtzeit-scanner, excel, festplatte, google, hijack, hijackthis, hkus\s-1-5-18, home, internet explorer, logfile, mozilla, mp3, plug-in, real player, realtek, scan, software, system, trojaner, virus, windows, windows xp |
Linear-Darstellung
