| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AdserverplusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2013, 22:13
| #1 |
| |  Adserverplus Hi! Hab schon seit einigen Wochen nen Trojaner an Bord - bin immer noch nicht dazu gekommen, zur Vernichtung zu schreiten. Ich weiß, ich weiß...  Ich habe jetzt einen Quick-Scan durchgeführt mit den unten stehenden Meldungen. Heute Nacht werde ich einen vollständigen Scan starten. Vielleicht können wir ja "ins Geschäft kommen", damit ich den mist wieder loswerde. Jetzt schon mal: VIELEN DANK! Ach ja: sollte ich etwas falsch machen, bitte ich um Nachsicht - ich gebe mir zumindest ganz doll Mühe!!!  Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Olli :: Olli007 [Administrator] 05.02.2013 21:34:07 MBAM-log-2013-02-05 (22-00-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273125 Laufzeit: 7 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Programme\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 25 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\yOLE (Backdoor.Bot.Gen) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Backdoor.Agent) -> Daten: explorer.exe -> Keine Aktion durchgeführt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Bösartig: (Explorer.exe) Gut: () -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 4 C:\Programme\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 163 C:\Programme\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\WINDOWS\system32\explorer.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Programme\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\170f337942c410233f577de5778810a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3d0187861633ce04b8c224f2475a2837 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\3d0187861633ce04b8c224f2475a2837_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d2458fd784f4eb7cff549c598cd14651_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\7e781915f58fe108a6af37bf82ba047b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Olli\AppData\LocalLow\bbrs_002.tb\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) |
|
05.02.2013, 22:18
| #2 |
| /// Malware-holic   | Adserverplus Hi
__________________bittenur das, was hiersteht ausführen: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
05.02.2013, 23:22
| #3 |
| | Adserverplus OTL.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2013 22:30:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Olli\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,36 Mb Total Physical Memory | 655,91 Mb Available Physical Memory | 64,66% Memory free 2,38 Gb Paging File | 1,88 Gb Available in Paging File | 78,89% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,35 Gb Total Space | 15,00 Gb Free Space | 21,02% Space Free | Partition Type: NTFS Drive D: | 71,82 Gb Total Space | 34,76 Gb Free Space | 48,40% Space Free | Partition Type: FAT32 Drive F: | 29,80 Gb Total Space | 29,41 Gb Free Space | 98,69% Space Free | Partition Type: FAT32 Drive H: | 7,39 Gb Total Space | 6,13 Gb Free Space | 82,84% Space Free | Partition Type: FAT32 Computer Name: Olli007 | User Name: Olli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2012.11.13 20:44:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Olli\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.18 08:11:31 | 000,111,120 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.07.06 13:34:19 | 000,688,128 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2010.10.12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe PRC - [2010.10.12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.13 20:07:30 | 004,653,056 | ---- | M] () -- C:\xampp\mysql\bin\mysqld-nt.exe PRC - [2008.01.18 00:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\apache.exe PRC - [2007.08.10 11:42:42 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Temp\RtkBtMnt.exe PRC - [2007.07.11 14:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2007.07.11 14:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe PRC - [2007.06.14 19:21:00 | 000,850,704 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2007.06.13 07:16:02 | 000,528,384 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2007.05.16 15:18:12 | 002,483,760 | ---- | M] (Cyberlink) -- C:\Programme\Home Cinema\Power2Go\Power2GoExpress.exe PRC - [2007.03.30 16:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe PRC - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.03.21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.03.16 02:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe PRC - [2007.01.17 10:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2006.10.28 09:57:30 | 001,137,421 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageServer\TrueImageMonitor.exe PRC - [2006.10.27 21:41:12 | 001,870,670 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageServer\TimounterMonitor.exe PRC - [2006.10.27 19:01:28 | 000,135,168 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2006.10.27 19:01:26 | 000,393,216 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.09.18 13:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe PRC - [2001.12.10 17:43:25 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe PRC - [2000.07.18 17:19:16 | 000,126,976 | R--- | M] ( ) -- C:\WINDOWS\agfguard.exe ========== Modules (No Company Name) ========== MOD - [2013.02.05 09:08:41 | 002,050,560 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13020500\algo.dll MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2012.10.25 13:39:28 | 000,034,088 | ---- | M] () -- C:\Programme\CyberLink\Shared Files\RichVideops.dll MOD - [2012.07.19 22:21:08 | 000,797,184 | ---- | M] () -- C:\Programme\RapidSolution\Audials 9\ac3filter.ax MOD - [2012.06.08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Programme\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012.06.08 04:34:06 | 000,627,216 | ---- | M] () -- C:\Programme\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.06 13:34:19 | 000,688,128 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2011.06.21 08:42:38 | 000,024,064 | ---- | M] () -- C:\WINDOWS\system32\sst3cl3.dll MOD - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe MOD - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.02.13 20:07:30 | 004,653,056 | ---- | M] () -- C:\xampp\mysql\bin\mysqld-nt.exe MOD - [2008.02.13 19:57:42 | 001,662,976 | ---- | M] () -- C:\xampp\apache\bin\libmysql.dll MOD - [2008.01.18 00:17:16 | 000,073,782 | ---- | M] () -- C:\xampp\apache\bin\zlib1.dll MOD - [2007.11.08 23:23:48 | 000,166,912 | ---- | M] () -- C:\xampp\apache\bin\libmcrypt.dll MOD - [2007.10.30 13:28:00 | 000,086,016 | ---- | M] () -- C:\xampp\apache\bin\pxlib.dll MOD - [2007.10.25 09:34:00 | 000,163,840 | ---- | M] () -- C:\xampp\apache\bin\pslib.dll MOD - [2007.06.14 19:22:00 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll MOD - [2007.06.14 16:15:00 | 000,721,090 | ---- | M] () -- C:\xampp\php\zendOptimizer\lib\Optimizer\php-5.2.x\ZendOptimizer.dll MOD - [2007.06.13 07:16:02 | 000,528,384 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe MOD - [2007.06.06 14:06:10 | 001,721,904 | ---- | M] () -- C:\Programme\Home Cinema\Power2Go\P2GRC.dll MOD - [2007.05.23 07:23:34 | 004,591,616 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll MOD - [2007.05.22 15:09:20 | 000,025,600 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll MOD - [2007.04.06 01:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll MOD - [2007.02.04 11:14:48 | 000,020,687 | ---- | M] () -- C:\xampp\php\zendOptimizer\lib\ZendExtensionManager.dll MOD - [2006.10.27 19:00:32 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Acronis\Common\rpc_client.dll MOD - [2006.09.18 13:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe MOD - [2006.03.09 17:45:36 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll MOD - [2003.12.16 17:01:02 | 000,024,621 | ---- | M] () -- d:\Programme\WS_FTP Pro\nsftpch.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008.02.13 20:07:30 | 004,653,056 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld-nt.exe -- (mysql) SRV - [2008.01.18 00:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\apache.exe -- (Apache2.2) SRV - [2007.12.25 22:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2007.03.21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.01.17 10:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.10.27 19:01:26 | 000,393,216 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.19 22:21:19 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd) DRV - [2012.07.19 22:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP) DRV - [2012.07.19 22:21:13 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap) DRV - [2012.06.25 10:24:54 | 000,075,256 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV - [2012.03.02 15:02:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandadb.sys -- (androidusb) DRV - [2012.03.02 15:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2012.03.02 15:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag) DRV - [2012.03.02 15:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps) DRV - [2012.03.02 15:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus) DRV - [2012.02.06 21:05:49 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.07.14 12:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.03.25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.20 10:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.04.03 09:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.03.05 13:39:52 | 000,388,800 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2008.03.05 13:39:52 | 000,032,320 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.03.05 13:39:50 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2008.02.29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.08.15 01:00:00 | 000,567,936 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (fxusbase) DRV - [2007.08.15 01:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2007.06.15 12:46:26 | 000,099,200 | ---- | M] (10moons) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tridvid.sys -- (TridVid) DRV - [2007.05.30 19:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.05.02 02:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007.04.24 10:33:46 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt) DRV - [2007.04.24 10:33:46 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex) DRV - [2007.04.24 10:33:44 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm) DRV - [2007.04.24 10:33:42 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl) DRV - [2007.04.24 10:33:34 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus) DRV - [2007.04.13 18:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.02.16 14:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.12.22 19:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 19:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 19:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.10.12 23:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys) DRV - [2000.08.09 13:57:02 | 000,202,336 | R--- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AGFUCAPI.sys -- (agfucapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/ IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {B08A320E-4D68-4298-A6AA-D31208FDF13B} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{B08A320E-4D68-4298-A6AA-D31208FDF13B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {9fb7d178-155a-4318-9173-1a8eaaea7fe4}:2.1.10 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.13 22:21:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.12.01 00:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.07.13 18:03:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.01 16:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.01.08 22:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2013.01.08 22:03:48 | 000,000,000 | ---D | M] [2011.03.12 22:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Extensions [2010.08.29 20:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.26 11:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions [2012.08.08 23:54:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.24 13:44:15 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012.08.08 23:54:23 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.12 22:52:58 | 000,000,000 | ---D | M] ("FootieFox") -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\{9fb7d178-155a-4318-9173-1a8eaaea7fe4} [2012.07.28 10:50:35 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com [2008.05.10 23:17:07 | 000,000,000 | ---D | M] (Wortliste von hxxp://tkltrans.sf.net (alte und neue deutsche Rechtschreibung)) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org [2012.08.08 23:55:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.08.26 11:40:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire [2012.08.26 11:40:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire [2012.08.26 11:40:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.08.08 23:55:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire [2012.08.08 23:55:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire [2012.08.26 11:40:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.08.24 12:46:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.08.26 12:31:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.08.26 11:40:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.08.26 11:40:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.08.26 11:40:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.08.26 11:40:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.08.08 23:55:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d2458fd784f4eb7cff549c598cd14651_expire [2012.08.26 11:40:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012.08.26 11:40:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire [2012.08.26 11:40:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.08.26 11:40:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.08.24 12:46:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.08.24 12:46:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.08.24 12:55:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin-1.xml [2011.03.12 22:41:47 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin-2.xml [2012.07.02 21:35:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin-3.xml [2012.03.19 18:09:28 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin.gif [2012.03.19 18:09:28 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin.src [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Mozilla\Firefox\Profiles\wicee585.default\searchplugins\icqplugin.xml [2012.09.01 16:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.13 23:02:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.25 16:28:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.26 18:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.24 23:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.23 22:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.24 13:54:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.09.01 16:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.01 00:07:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.06.13 22:21:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.09.01 16:07:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2010.10.12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CCMSDK.dll [2010.10.12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2010.10.12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2010.10.12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2010.10.12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2010.10.12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.25 22:27:57 | 000,221,682 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost joomla O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 7777 more lines... O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageServer\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Programme\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Programme\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageServer\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX) O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Programme\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Power2GoExpress] C:\Programme\Home Cinema\Power2Go\Power2GoExpress.exe (Cyberlink) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDN Guard.lnk = C:\WINDOWS\agfguard.exe ( ) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198757187140 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4B08D7C-362B-44A1-A490-D87A72096937}: NameServer = 217.0.43.193 217.0.43.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\explorer.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1119e819-eb7b-11dc-b9c1-001dd92a258b}\Shell\Setup\command - "" = C:\WINDOWS\System32\setup.exe -- [2008.04.14 06:53:02 | 000,023,040 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{9fc575f0-ab5a-11e1-8ce8-001dd92a258b}\Shell - "" = AutoRun O33 - MountPoints2\{9fc575f0-ab5a-11e1-8ce8-001dd92a258b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9fc575f0-ab5a-11e1-8ce8-001dd92a258b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a08a771c-6095-11e0-8a44-001d72001445}\Shell - "" = AutoRun O33 - MountPoints2\{a08a771c-6095-11e0-8a44-001d72001445}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a08a771c-6095-11e0-8a44-001d72001445}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cd5e1bd1-2a72-11e0-89c0-001d72001445}\Shell - "" = AutoRun O33 - MountPoints2\{cd5e1bd1-2a72-11e0-89c0-001d72001445}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cd5e1bd1-2a72-11e0-89c0-001d72001445}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597) ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 18:54:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Olli\Startmenü\Programme\CyberLink PowerDVD [2013.01.16 01:02:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Anwendungsdaten\Power2Go8 [2013.01.14 21:07:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Audacity [2013.01.14 21:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Audacity [2013.01.14 20:05:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Conexant [2013.01.14 19:05:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Olli\Startmenü\Programme\HomeCinema [2013.01.14 18:59:21 | 000,075,256 | ---- | C] (CyberLink) -- C:\WINDOWS\System32\drivers\CLVirtualDrive.sys [2013.01.14 18:59:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HomeCinema [2013.01.14 18:59:00 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\CyberLink [2013.01.14 18:56:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\install_clap [2013.01.14 18:55:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CLSK [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 22:19:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.05 21:29:54 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 18:58:00 | 000,000,356 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.02.05 18:57:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.05 18:54:56 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.05 18:54:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.05 18:54:51 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys [2013.01.25 18:25:58 | 000,131,431 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Eigene Dateien\DSC01833.JPG [2013.01.17 00:53:15 | 000,460,762 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.17 00:53:15 | 000,442,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.17 00:53:15 | 000,085,626 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.17 00:53:15 | 000,072,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.16 00:58:22 | 000,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.14 21:07:06 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Desktop\Audacity.lnk [2013.01.14 20:05:28 | 000,001,651 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HomeCinema.lnk [2013.01.14 20:04:18 | 000,001,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Movies.lnk [2013.01.14 20:04:15 | 000,004,704 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2013.01.14 20:04:15 | 000,000,008 | RHS- | M] () -- C:\WINDOWS\System32\9BC3559BBD.sys [2013.01.14 20:03:58 | 000,001,987 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Desktop\CyberLink PowerProducer 5.5.lnk [2013.01.14 18:59:07 | 000,001,924 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CyberLink Power2Go 8.lnk [2013.01.11 01:05:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.11 00:41:58 | 000,002,395 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\Desktop\Microsoft Office Word 2003.lnk [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 23:34:16 | 000,200,800 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.25 18:25:58 | 000,131,431 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\Eigene Dateien\DSC01833.JPG [2013.01.14 21:07:06 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Audacity.lnk [2013.01.14 21:07:06 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\Desktop\Audacity.lnk [2013.01.14 20:05:28 | 000,001,651 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HomeCinema.lnk [2013.01.14 20:04:18 | 000,001,494 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Movies.lnk [2013.01.14 20:04:15 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9BC3559BBD.sys [2013.01.14 20:04:14 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2013.01.14 20:03:58 | 000,001,987 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\Desktop\CyberLink PowerProducer 5.5.lnk [2013.01.14 18:59:07 | 000,001,924 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CyberLink Power2Go 8.lnk [2013.01.06 18:26:49 | 000,493,432 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2013.01.06 18:25:17 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\sst3cl3.dll [2012.06.10 15:40:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2012.06.10 15:26:42 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Missing.ini [2012.04.12 11:18:45 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\PUTTY.RND [2012.02.15 18:22:45 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.07.09 22:06:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.05.07 15:33:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.08.18 13:28:32 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\webtopcookie.properties [2008.03.06 14:01:24 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.27 16:58:54 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Olli\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2007.08.10 11:40:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 06:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.03.05 13:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012.01.26 01:04:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.11.14 11:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix [2013.01.14 18:59:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CLSK [2013.01.14 20:05:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Conexant [2012.02.06 21:04:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.01.28 01:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2010.04.01 14:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2011.04.02 19:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2013.01.14 20:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\install_clap [2009.02.01 14:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2012.08.17 13:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2013.01.06 18:26:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2008.08.12 20:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2013.01.14 20:04:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.11.08 17:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2012.09.09 17:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012.04.11 20:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Alien Skin [2013.01.14 22:26:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Audacity [2010.09.17 21:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\BonkEnc [2012.07.28 10:50:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\BrowserCompanion [2009.02.08 17:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\ComCenter [2012.02.06 21:12:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\DAEMON Tools Lite [2012.06.13 22:29:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\DDMSettings [2010.04.01 14:15:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\elsterformular [2009.02.01 15:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Eumex 400 [2010.11.14 11:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\ICAClient [2013.01.05 00:57:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\ICQ [2008.03.07 00:22:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\ICQLite [2007.12.27 17:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Opera [2008.08.12 20:42:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Teleca [2010.08.29 20:15:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Thunderbird [2008.03.06 08:14:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Olli\Anwendungsdaten\Thunderbird_sav ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.12.27 17:04:05 | 000,000,000 | ---D | M] -- C:\Acer [2009.03.14 19:52:46 | 000,000,000 | ---D | M] -- C:\BOOK [2009.03.14 19:52:46 | 000,000,000 | ---D | M] -- C:\DOCS [2008.03.06 13:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2007.10.05 08:50:41 | 000,000,000 | ---D | M] -- C:\DOTNETFX [2007.12.27 17:28:29 | 000,000,000 | ---D | M] -- C:\ELEMENTS [2012.02.07 20:25:15 | 000,000,000 | ---D | M] -- C:\G [2007.10.05 08:51:16 | 000,000,000 | ---D | M] -- C:\I386 [2009.03.14 19:52:46 | 000,000,000 | ---D | M] -- C:\Joomla [2007.10.05 08:51:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.22 15:35:41 | 000,000,000 | ---D | M] -- C:\Netgear [2008.04.07 10:34:05 | 000,000,000 | ---D | M] -- C:\PC-WELT [2007.12.27 11:44:07 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.14 21:06:49 | 000,000,000 | ---D | M] -- C:\Programme [2012.06.07 20:45:59 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2007.10.05 08:54:03 | 000,000,000 | ---D | M] -- C:\SUPPORT [2007.10.05 08:54:03 | 000,000,000 | ---D | M] -- C:\sysinfo [2007.12.27 16:57:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2007.10.05 08:54:04 | 000,000,000 | ---D | M] -- C:\TEM [2008.03.12 16:46:55 | 000,000,000 | ---D | M] -- C:\temp [2012.11.18 11:41:23 | 000,000,000 | ---D | M] -- C:\Transfer [2009.03.14 19:52:49 | 000,000,000 | ---D | M] -- C:\VALUEADD [2013.02.05 21:39:35 | 000,000,000 | ---D | M] -- C:\WINDOWS [2008.04.25 22:30:52 | 000,000,000 | ---D | M] -- C:\www [2008.04.25 22:14:01 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2008.04.14 06:53:10 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp [2008.04.14 06:53:10 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2008.04.14 06:53:10 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp [2008.04.14 06:53:10 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2008.04.14 06:53:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2008.04.14 06:53:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.04.14 06:53:10 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2004.08.04 04:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2007.08.10 12:44:02 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT [2011.01.04 00:24:37 | 000,001,082 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [2011.01.04 00:24:38 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [2012.07.10 20:40:41 | 000,000,356 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job < MD5 for: AGP440.SYS > [2004.08.04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2011.05.17 23:34:56 | 000,006,952 | ---- | M] () MD5=285E4243D457A528918798CE90FCF40F -- C:\Programme\CyberLink\PowerDirector\EventLog.dll [2004.08.04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 04:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 06:52:46 | 000,151,133 | RHS- | M] () MD5=C576A4B8DFC98451E60A6026662D11C8 -- C:\WINDOWS\system32\explorer.exe < MD5 for: IASTOR.SYS > [2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys [2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys [2007.03.21 11:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Programme\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 04:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 04:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 04:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2004.08.04 04:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.09.06 09:30:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2004.09.06 09:30:16 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2004.09.06 09:30:16 | 000,438,272 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.10.23 00:24:23 | 000,010,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\hs_err_pid4940.log [2013.02.04 23:33:49 | 011,534,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\Olli\NTUSER.DAT [2013.02.05 22:39:45 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Olli\ntuser.dat.LOG [2013.02.04 23:33:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Olli\ntuser.ini [2012.04.29 23:46:36 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\PUTTY.RND [2008.08.18 13:29:26 | 000,000,146 | ---- | M] () -- C:\Dokumente und Einstellungen\Olli\webtopcookie.properties < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.11.13 12:55:38 | 001,866,496 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > [/CODE] Extra.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 22:30:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Olli\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,36 Mb Total Physical Memory | 655,91 Mb Available Physical Memory | 64,66% Memory free
2,38 Gb Paging File | 1,88 Gb Available in Paging File | 78,89% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,35 Gb Total Space | 15,00 Gb Free Space | 21,02% Space Free | Partition Type: NTFS
Drive D: | 71,82 Gb Total Space | 34,76 Gb Free Space | 48,40% Space Free | Partition Type: FAT32
Drive F: | 29,80 Gb Total Space | 29,41 Gb Free Space | 98,69% Space Free | Partition Type: FAT32
Drive H: | 7,39 Gb Total Space | 6,13 Gb Free Space | 82,84% Space Free | Partition Type: FAT32
Computer Name: Olli007 | User Name: Olli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "D:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"12972:TCP" = 12972:TCP:LocalSubNet:Enabled:audials localhttpserver 12972
"14714:TCP" = 14714:TCP:LocalSubNet:Enabled:audials localhttpserver 14714
"31931:TCP" = 31931:TCP:LocalSubNet:Enabled:audials localhttpserver 31931
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Home Cinema\PowerDirector\PDR.exe" = C:\Programme\Home Cinema\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"D:\Programme\WS_FTP Pro\wsftppro.exe" = D:\Programme\WS_FTP Pro\wsftppro.exe:*:Disabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\WINDOWS\system32\explorer.exe" = C:\WINDOWS\system32\explorer.exe:*:Enabled: -- ()
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Winamp\winamp.exe" = C:\Programme\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\RapidSolution\Audials 9\Audials.exe" = C:\Programme\RapidSolution\Audials 9\Audials.exe:LocalSubNet:Enabled:Audials local subnet -- (Audials AG)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0591FFE0-9E49-46F2-811F-DF829AFFB2FB}" = Macromedia Contribute 3
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB)
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{412AACB5-057F-465D-A542-A5A457106EE3}" = Driver Setup
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{494A69C4-5E64-4AA4-B04F-6190E9A19192}" = Acronis True Image Server
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62175CAB-909A-44B5-AA9F-98F111A87F6A}" = Eisenbahn.exe professionell
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BF7B8E4A-9FEC-4A5F-A890-021B8C0DAFCF}" = Audials
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AGFINSTALL" = Eumex 5000PC Treiber entfernen
"Audacity_is1" = Audacity 2.0.2
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"BrowserCompanion" = BrowserCompanion
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ComCenter 1.0" = ComCenter
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ElsterFormular 11.2.0.4074" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"hp deskjet 916c series_Driver" = hp deskjet 916c series
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Konfigurator Eumex 400" = Konfigurator Eumex 400
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Opera 12.13.1734" = Opera 12.13
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xampp" = XAMPP 1.6.6a
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 18.12.2010 14:58:16 | Computer Name = OLLI007 | Source = avast! | ID = 33554522
Description =
Error - 18.12.2010 14:58:16 | Computer Name = OLLI007 | Source = avast! | ID = 33554522
Description =
Error - 18.12.2010 14:58:16 | Computer Name = OLLI007 | Source = avast! | ID = 33554522
Description =
Error - 07.04.2011 17:51:57 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 27.04.2011 14:18:51 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 27.04.2011 14:23:54 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 12.09.2011 15:04:12 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 13.09.2011 16:39:59 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 17.09.2011 09:08:41 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
Error - 18.09.2011 04:50:37 | Computer Name = Olli007 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 27.01.2013 06:42:45 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34409313
Error - 27.01.2013 06:42:45 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34409313
Error - 27.01.2013 06:42:46 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.01.2013 06:42:46 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34411266
Error - 27.01.2013 06:42:46 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34411266
Error - 27.01.2013 06:42:48 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.01.2013 06:42:48 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 34413219
Error - 27.01.2013 06:42:48 | Computer Name = Olli007 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 34413219
Error - 04.02.2013 16:36:27 | Computer Name = Olli007 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Audials.exe, Version 9.1.29900.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.02.2013 16:36:27 | Computer Name = Olli007 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Audials.exe, Version 9.1.29900.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 02.02.2013 04:57:34 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 02.02.2013 11:18:17 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 02.02.2013 15:33:51 | Computer Name = Olli007 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.
Error - 02.02.2013 17:11:53 | Computer Name = Olli007 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x8007001f.
Error - 03.02.2013 07:26:14 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 03.02.2013 08:51:16 | Computer Name = Olli007 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.
Error - 03.02.2013 13:52:27 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 03.02.2013 17:26:00 | Computer Name = Olli007 | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.
Error - 04.02.2013 13:04:42 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 05.02.2013 13:57:44 | Computer Name = Olli007 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Eumex 5000PC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
< End of report >
[/CODE] |
|
05.02.2013, 23:38
| #4 |
| /// Malware-holic | Adserverplus otl fix Fixen mit OTL
Code:
ATTFilter :OTL
:files
:Commands
[emptytemp]
[resethosts]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 00:00
| #5 |
| | AdserverplusCode:
ATTFilter
All processes killed
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 15205844 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 15205844 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: GOLEO
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Olli
->Temp folder emptied: 65464397 bytes
->Temporary Internet Files folder emptied: 16034107 bytes
->Java cache emptied: 32290374 bytes
->FireFox cache emptied: 50443427 bytes
->Opera cache emptied: 8298673 bytes
->Flash cache emptied: 1858162 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 8285063 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56874809 bytes
RecycleBin emptied: 1061494162 bytes
Total Files Cleaned = 1.270,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_234834
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Bin jetzt erschöpft und gehe schlafen. Morgen mehr? Oder war's das schon? Liebe Grüße Olli  |
|
06.02.2013, 12:10
| #6 |
| /// Malware-holic | Adserverplus hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> Adserverplus |
|
06.02.2013, 22:14
| #7 |
| | Adserverplus Weiter geht's...: Code:
ATTFilter
21:48:37.0671 0452 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:48:38.0187 0452 ============================================================
21:48:38.0187 0452 Current date / time: 2013/02/06 21:48:38.0187
21:48:38.0187 0452 SystemInfo:
21:48:38.0187 0452
21:48:38.0187 0452 OS Version: 5.1.2600 ServicePack: 3.0
21:48:38.0187 0452 Product type: Workstation
21:48:38.0187 0452 ComputerName: Olli007
21:48:38.0187 0452 UserName: Olli
21:48:38.0187 0452 Windows directory: C:\WINDOWS
21:48:38.0187 0452 System windows directory: C:\WINDOWS
21:48:38.0187 0452 Processor architecture: Intel x86
21:48:38.0187 0452 Number of processors: 2
21:48:38.0187 0452 Page size: 0x1000
21:48:38.0187 0452 Boot type: Normal boot
21:48:38.0187 0452 ============================================================
21:48:39.0109 0452 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:48:39.0140 0452 Drive \Device\Harddisk1\DR4 - Size: 0x1D9988C00 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:48:39.0140 0452 ============================================================
21:48:39.0140 0452 \Device\Harddisk0\DR0:
21:48:39.0140 0452 MBR partitions:
21:48:39.0140 0452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBB86BD, BlocksNum 0x8EB29E2
21:48:39.0140 0452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x9A6B09F, BlocksNum 0x8FADA22
21:48:39.0140 0452 \Device\Harddisk1\DR4:
21:48:39.0156 0452 MBR partitions:
21:48:39.0156 0452 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
21:48:39.0156 0452 ============================================================
21:48:39.0250 0452 C: <-> \Device\Harddisk0\DR0\Partition1
21:48:39.0265 0452 D: <-> \Device\Harddisk0\DR0\Partition2
21:48:39.0281 0452 ============================================================
21:48:39.0281 0452 Initialize success
21:48:39.0281 0452 ============================================================
22:01:41.0000 4264 ============================================================
22:01:41.0000 4264 Scan started
22:01:41.0000 4264 Mode: Manual; SigCheck; TDLFS;
22:01:41.0000 4264 ============================================================
22:01:41.0859 4264 ================ Scan system memory ========================
22:01:41.0859 4264 System memory - ok
22:01:41.0859 4264 ================ Scan services =============================
22:01:42.0062 4264 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
22:01:42.0328 4264 Aavmker4 - ok
22:01:42.0343 4264 Abiosdsk - ok
22:01:42.0375 4264 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:01:43.0703 4264 abp480n5 - ok
22:01:43.0750 4264 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:43.0921 4264 ACPI - ok
22:01:43.0953 4264 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:01:44.0093 4264 ACPIEC - ok
22:01:44.0203 4264 [ BEA35C88BA4187F280A5B0E142C15593 ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
22:01:44.0265 4264 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - warning
22:01:44.0265 4264 AcrSch2Svc - detected UnsignedFile.Multi.Generic (1)
22:01:44.0281 4264 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:01:44.0421 4264 adpu160m - ok
22:01:44.0437 4264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:01:44.0578 4264 aec - ok
22:01:44.0625 4264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:01:44.0687 4264 AFD - ok
22:01:44.0734 4264 [ 14DCB3E40A3B6D65C718065E6694F039 ] agfucapi C:\WINDOWS\system32\DRIVERS\AGFUCAPI.SYS
22:01:44.0750 4264 agfucapi ( UnsignedFile.Multi.Generic ) - warning
22:01:44.0750 4264 agfucapi - detected UnsignedFile.Multi.Generic (1)
22:01:44.0796 4264 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:01:44.0953 4264 agp440 - ok
22:01:44.0953 4264 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:01:45.0093 4264 agpCPQ - ok
22:01:45.0125 4264 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:01:45.0203 4264 Aha154x - ok
22:01:45.0218 4264 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:01:45.0343 4264 aic78u2 - ok
22:01:45.0359 4264 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:01:45.0515 4264 aic78xx - ok
22:01:45.0562 4264 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:01:45.0703 4264 Alerter - ok
22:01:45.0718 4264 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:01:45.0859 4264 ALG - ok
22:01:45.0875 4264 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:01:46.0015 4264 AliIde - ok
22:01:46.0031 4264 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:01:46.0156 4264 alim1541 - ok
22:01:46.0171 4264 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:01:46.0296 4264 amdagp - ok
22:01:46.0312 4264 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:01:46.0375 4264 amsint - ok
22:01:46.0406 4264 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\WINDOWS\system32\DRIVERS\lgandbus.sys
22:01:46.0484 4264 Andbus - ok
22:01:46.0515 4264 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\WINDOWS\system32\DRIVERS\lganddiag.sys
22:01:46.0546 4264 AndDiag - ok
22:01:46.0562 4264 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\WINDOWS\system32\DRIVERS\lgandgps.sys
22:01:46.0593 4264 AndGps - ok
22:01:46.0625 4264 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\WINDOWS\system32\DRIVERS\lgandmodem.sys
22:01:46.0671 4264 ANDModem - ok
22:01:46.0703 4264 [ 54A40A58FF71936026F2E49ECFD487B8 ] androidusb C:\WINDOWS\system32\Drivers\lgandadb.sys
22:01:46.0812 4264 androidusb - ok
22:01:46.0875 4264 [ 97ED5AA5FBAA105EF614B8C240B62BA1 ] Apache2.2 C:\xampp\apache\bin\apache.exe
22:01:46.0890 4264 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
22:01:46.0890 4264 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
22:01:46.0953 4264 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:01:46.0968 4264 Apple Mobile Device - ok
22:01:47.0000 4264 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:01:47.0156 4264 AppMgmt - ok
22:01:47.0187 4264 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:01:47.0328 4264 Arp1394 - ok
22:01:47.0375 4264 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:01:47.0515 4264 asc - ok
22:01:47.0531 4264 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:01:47.0609 4264 asc3350p - ok
22:01:47.0625 4264 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:01:47.0750 4264 asc3550 - ok
22:01:47.0875 4264 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:01:47.0906 4264 aspnet_state - ok
22:01:47.0937 4264 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:01:47.0953 4264 aswFsBlk - ok
22:01:47.0984 4264 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
22:01:48.0000 4264 aswMon2 - ok
22:01:48.0031 4264 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
22:01:48.0046 4264 aswRdr - ok
22:01:48.0109 4264 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:01:48.0171 4264 aswSnx - ok
22:01:48.0203 4264 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:01:48.0250 4264 aswSP - ok
22:01:48.0265 4264 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:01:48.0281 4264 aswTdi - ok
22:01:48.0312 4264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:48.0437 4264 AsyncMac - ok
22:01:48.0453 4264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:48.0593 4264 atapi - ok
22:01:48.0593 4264 Atdisk - ok
22:01:48.0625 4264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:48.0765 4264 Atmarpc - ok
22:01:48.0796 4264 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:01:48.0937 4264 AudioSrv - ok
22:01:48.0968 4264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:49.0125 4264 audstub - ok
22:01:49.0187 4264 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
22:01:49.0203 4264 avast! Antivirus - ok
22:01:49.0250 4264 [ 0BCB6B3DF2E248C8E8F2FFC6F58D1341 ] AVMCOWAN C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
22:01:49.0296 4264 AVMCOWAN - ok
22:01:49.0343 4264 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:01:49.0406 4264 b57w2k - ok
22:01:49.0453 4264 [ B89BCF0A25AEB3B47030AC83287F894A ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:01:49.0546 4264 BCM43XX - ok
22:01:49.0593 4264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:01:49.0734 4264 Beep - ok
22:01:49.0781 4264 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:01:50.0000 4264 BITS - ok
22:01:50.0062 4264 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
22:01:50.0093 4264 Bonjour Service - ok
22:01:50.0125 4264 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
22:01:50.0187 4264 Browser - ok
22:01:50.0234 4264 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:01:50.0265 4264 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
22:01:50.0265 4264 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
22:01:50.0281 4264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:01:50.0453 4264 cbidf - ok
22:01:50.0453 4264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:50.0609 4264 cbidf2k - ok
22:01:50.0640 4264 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:01:50.0781 4264 CCDECODE - ok
22:01:50.0812 4264 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:01:50.0890 4264 cd20xrnt - ok
22:01:50.0921 4264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:51.0078 4264 Cdaudio - ok
22:01:51.0109 4264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:51.0218 4264 Cdfs - ok
22:01:51.0250 4264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:51.0375 4264 Cdrom - ok
22:01:51.0390 4264 Changer - ok
22:01:51.0421 4264 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:01:51.0562 4264 CiSvc - ok
22:01:51.0593 4264 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:01:51.0734 4264 ClipSrv - ok
22:01:51.0765 4264 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:51.0843 4264 clr_optimization_v2.0.50727_32 - ok
22:01:51.0859 4264 CLTNetCnService - ok
22:01:51.0890 4264 [ D15AAEF632805245ABD429BE3FE5F5EB ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
22:01:51.0921 4264 CLVirtualDrive - ok
22:01:51.0937 4264 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:01:52.0062 4264 CmBatt - ok
22:01:52.0093 4264 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:01:52.0265 4264 CmdIde - ok
22:01:52.0281 4264 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:01:52.0421 4264 Compbatt - ok
22:01:52.0437 4264 COMSysApp - ok
22:01:52.0453 4264 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:01:52.0609 4264 Cpqarray - ok
22:01:52.0656 4264 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:01:52.0781 4264 CryptSvc - ok
22:01:52.0828 4264 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
22:01:52.0859 4264 ctxusbm - ok
22:01:52.0953 4264 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:01:53.0109 4264 dac2w2k - ok
22:01:53.0125 4264 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:01:53.0265 4264 dac960nt - ok
22:01:53.0328 4264 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:01:53.0437 4264 DcomLaunch - ok
22:01:53.0515 4264 [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
22:01:53.0546 4264 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
22:01:53.0546 4264 DCService.exe - detected UnsignedFile.Multi.Generic (1)
22:01:53.0593 4264 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:01:53.0734 4264 Dhcp - ok
22:01:53.0750 4264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:53.0875 4264 Disk - ok
22:01:53.0906 4264 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
22:01:53.0921 4264 DKbFltr ( UnsignedFile.Multi.Generic ) - warning
22:01:53.0921 4264 DKbFltr - detected UnsignedFile.Multi.Generic (1)
22:01:53.0921 4264 dmadmin - ok
22:01:53.0984 4264 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:01:54.0156 4264 dmboot - ok
22:01:54.0171 4264 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:01:54.0312 4264 dmio - ok
22:01:54.0343 4264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:01:54.0484 4264 dmload - ok
22:01:54.0515 4264 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:01:54.0671 4264 dmserver - ok
22:01:54.0687 4264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:01:54.0828 4264 DMusic - ok
22:01:54.0859 4264 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:01:54.0953 4264 Dnscache - ok
22:01:55.0000 4264 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:01:55.0140 4264 Dot3svc - ok
22:01:55.0187 4264 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:01:55.0343 4264 dpti2o - ok
22:01:55.0390 4264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:55.0515 4264 drmkaud - ok
22:01:55.0562 4264 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
22:01:55.0593 4264 dtsoftbus01 - ok
22:01:55.0625 4264 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:01:55.0765 4264 EapHost - ok
22:01:55.0796 4264 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:01:55.0921 4264 ERSvc - ok
22:01:55.0968 4264 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:01:56.0000 4264 Eventlog - ok
22:01:56.0046 4264 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
22:01:56.0078 4264 EventSystem - ok
22:01:56.0109 4264 [ 4FD02E31EAC2CBC81EB08A1CE81E73A2 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
22:01:56.0171 4264 ewusbnet - ok
22:01:56.0203 4264 [ E98A64C7F106740A38FB2B78197816F8 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
22:01:56.0265 4264 ew_hwusbdev - ok
22:01:56.0281 4264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:56.0437 4264 Fastfat - ok
22:01:56.0453 4264 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:01:56.0515 4264 FastUserSwitchingCompatibility - ok
22:01:56.0562 4264 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
22:01:56.0703 4264 Fax - ok
22:01:56.0734 4264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:01:56.0859 4264 Fdc - ok
22:01:56.0890 4264 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
22:01:57.0031 4264 FETNDIS - ok
22:01:57.0093 4264 [ 11CA3ED71545666AE58363F558DF5365 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe
22:01:57.0140 4264 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
22:01:57.0140 4264 FileZilla Server - detected UnsignedFile.Multi.Generic (1)
22:01:57.0171 4264 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:01:57.0312 4264 Fips - ok
22:01:57.0328 4264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:01:57.0468 4264 Flpydisk - ok
22:01:57.0500 4264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:01:57.0625 4264 FltMgr - ok
22:01:57.0718 4264 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:01:57.0750 4264 FontCache3.0.0.0 - ok
22:01:57.0765 4264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:57.0921 4264 Fs_Rec - ok
22:01:57.0968 4264 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:58.0140 4264 Ftdisk - ok
22:01:58.0187 4264 [ 4A51F6DE41CF9FE72A5893D80504E998 ] fxusbase C:\WINDOWS\system32\DRIVERS\fxusbase.sys
22:01:58.0250 4264 fxusbase - ok
22:01:58.0281 4264 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
22:01:58.0406 4264 gagp30kx - ok
22:01:58.0437 4264 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:01:58.0468 4264 GEARAspiWDM - ok
22:01:58.0484 4264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:58.0609 4264 Gpc - ok
22:01:58.0703 4264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
22:01:58.0750 4264 gupdate - ok
22:01:58.0765 4264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
22:01:58.0781 4264 gupdatem - ok
22:01:58.0796 4264 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:58.0937 4264 HDAudBus - ok
22:01:58.0984 4264 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:01:59.0125 4264 helpsvc - ok
22:01:59.0140 4264 HidServ - ok
22:01:59.0187 4264 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:59.0328 4264 HidUsb - ok
22:01:59.0375 4264 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:01:59.0500 4264 hkmsvc - ok
22:01:59.0531 4264 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:01:59.0687 4264 hpn - ok
22:01:59.0734 4264 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:01:59.0781 4264 HSFHWAZL - ok
22:01:59.0828 4264 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:01:59.0921 4264 HSF_DPV - ok
22:01:59.0968 4264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:02:00.0031 4264 HTTP - ok
22:02:00.0046 4264 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:02:00.0187 4264 HTTPFilter - ok
22:02:00.0218 4264 [ 22A4B14530194FC57C1C849FB5AFEE17 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
22:02:00.0328 4264 huawei_enumerator - ok
22:02:00.0359 4264 [ 3E3BFE85B9FE3720BF4C108F57C945FB ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
22:02:00.0421 4264 hwdatacard - ok
22:02:00.0453 4264 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:02:00.0578 4264 i2omgmt - ok
22:02:00.0609 4264 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:02:00.0734 4264 i2omp - ok
22:02:00.0765 4264 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:02:00.0890 4264 i8042prt - ok
22:02:00.0953 4264 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:02:00.0984 4264 IAANTMON - ok
22:02:01.0187 4264 [ 12C7F8D581C4A9F126F5F8F5683A1C29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:02:01.0562 4264 ialm - ok
22:02:01.0609 4264 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:02:01.0625 4264 iaStor - ok
22:02:01.0687 4264 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Programme\ICQ6Toolbar\ICQ Service.exe
22:02:01.0718 4264 ICQ Service - ok
22:02:01.0812 4264 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:02:01.0890 4264 idsvc - ok
22:02:01.0937 4264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:02:02.0062 4264 Imapi - ok
22:02:02.0093 4264 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
22:02:02.0250 4264 ImapiService - ok
22:02:02.0281 4264 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:02:02.0437 4264 ini910u - ok
22:02:02.0515 4264 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys
22:02:02.0531 4264 int15.sys ( UnsignedFile.Multi.Generic ) - warning
22:02:02.0531 4264 int15.sys - detected UnsignedFile.Multi.Generic (1)
22:02:02.0703 4264 [ B45A576AD280DD4F605F58B24CDAAFE1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:02:03.0031 4264 IntcAzAudAddService - ok
22:02:03.0062 4264 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:02:03.0203 4264 IntelIde - ok
22:02:03.0234 4264 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:02:03.0359 4264 intelppm - ok
22:02:03.0390 4264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:02:03.0515 4264 Ip6Fw - ok
22:02:03.0562 4264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:02:03.0703 4264 IpFilterDriver - ok
22:02:03.0718 4264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:02:03.0843 4264 IpInIp - ok
22:02:03.0875 4264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:02:04.0000 4264 IpNat - ok
22:02:04.0062 4264 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
22:02:04.0125 4264 iPod Service - ok
22:02:04.0187 4264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:02:04.0328 4264 IPSec - ok
22:02:04.0359 4264 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
22:02:04.0484 4264 irda - ok
22:02:04.0500 4264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:02:04.0640 4264 IRENUM - ok
22:02:04.0671 4264 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
22:02:04.0812 4264 Irmon - ok
22:02:04.0843 4264 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:02:04.0984 4264 isapnp - ok
22:02:05.0093 4264 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
22:02:05.0109 4264 JavaQuickStarterService - ok
22:02:05.0156 4264 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:02:05.0328 4264 Kbdclass - ok
22:02:05.0343 4264 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:02:05.0468 4264 kbdhid - ok
22:02:05.0500 4264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:02:05.0625 4264 kmixer - ok
22:02:05.0671 4264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:02:05.0734 4264 KSecDD - ok
22:02:05.0765 4264 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:02:05.0812 4264 lanmanserver - ok
22:02:05.0859 4264 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:02:05.0921 4264 lanmanworkstation - ok
22:02:05.0921 4264 lbrtfdc - ok
22:02:06.0000 4264 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
22:02:06.0015 4264 LBTServ - ok
22:02:06.0062 4264 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:02:06.0078 4264 LHidFilt - ok
22:02:06.0140 4264 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
22:02:06.0156 4264 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:02:06.0156 4264 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:02:06.0203 4264 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:02:06.0343 4264 LmHosts - ok
22:02:06.0359 4264 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:02:06.0375 4264 LMouFilt - ok
22:02:06.0406 4264 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:02:06.0421 4264 LUsbFilt - ok
22:02:06.0453 4264 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:02:06.0468 4264 mdmxsdk - ok
22:02:06.0484 4264 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:02:06.0625 4264 Messenger - ok
22:02:06.0656 4264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:02:06.0796 4264 mnmdd - ok
22:02:06.0843 4264 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:02:06.0984 4264 mnmsrvc - ok
22:02:07.0015 4264 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:02:07.0140 4264 Modem - ok
22:02:07.0156 4264 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:02:07.0296 4264 Mouclass - ok
22:02:07.0328 4264 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:02:07.0468 4264 mouhid - ok
22:02:07.0515 4264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:02:07.0640 4264 MountMgr - ok
22:02:07.0656 4264 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:02:07.0812 4264 mraid35x - ok
22:02:07.0828 4264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:02:07.0953 4264 MRxDAV - ok
22:02:08.0000 4264 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:02:08.0109 4264 MRxSmb - ok
22:02:08.0140 4264 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:02:08.0296 4264 MSDTC - ok
22:02:08.0328 4264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:02:08.0468 4264 Msfs - ok
22:02:08.0484 4264 [ 95C6432151CCFF8617352F8E616A1AA4 ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
22:02:08.0625 4264 MSIRCOMM - ok
22:02:08.0625 4264 MSIServer - ok
22:02:08.0656 4264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:02:08.0781 4264 MSKSSRV - ok
22:02:08.0812 4264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:02:08.0921 4264 MSPCLOCK - ok
22:02:08.0968 4264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:02:09.0109 4264 MSPQM - ok
22:02:09.0156 4264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:02:09.0281 4264 mssmbios - ok
22:02:09.0296 4264 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:02:09.0437 4264 MSTEE - ok
22:02:09.0468 4264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:02:09.0546 4264 Mup - ok
22:02:09.0593 4264 mysql - ok
22:02:09.0609 4264 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:02:09.0750 4264 NABTSFEC - ok
22:02:09.0796 4264 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:02:09.0953 4264 napagent - ok
22:02:09.0984 4264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:02:10.0125 4264 NDIS - ok
22:02:10.0156 4264 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:02:10.0296 4264 NdisIP - ok
22:02:10.0328 4264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:02:10.0375 4264 NdisTapi - ok
22:02:10.0406 4264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:02:10.0546 4264 Ndisuio - ok
22:02:10.0578 4264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:02:10.0703 4264 NdisWan - ok
22:02:10.0750 4264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:02:10.0796 4264 NDProxy - ok
22:02:10.0812 4264 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:02:10.0953 4264 NetBIOS - ok
22:02:10.0968 4264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:02:11.0125 4264 NetBT - ok
22:02:11.0156 4264 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:02:11.0312 4264 NetDDE - ok
22:02:11.0328 4264 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:02:11.0453 4264 NetDDEdsdm - ok
22:02:11.0484 4264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:02:11.0625 4264 Netlogon - ok
22:02:11.0640 4264 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:02:11.0781 4264 Netman - ok
22:02:11.0828 4264 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:02:11.0859 4264 NetTcpPortSharing - ok
22:02:11.0890 4264 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:02:12.0015 4264 NIC1394 - ok
22:02:12.0046 4264 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:02:12.0078 4264 Nla - ok
22:02:12.0093 4264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:02:12.0218 4264 Npfs - ok
22:02:12.0234 4264 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
22:02:12.0359 4264 NSCIRDA - ok
22:02:12.0390 4264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:02:12.0546 4264 Ntfs - ok
22:02:12.0578 4264 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
22:02:12.0593 4264 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
22:02:12.0593 4264 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
22:02:12.0609 4264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:02:12.0734 4264 NtLmSsp - ok
22:02:12.0781 4264 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:02:12.0968 4264 NtmsSvc - ok
22:02:12.0984 4264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:02:13.0140 4264 Null - ok
22:02:13.0171 4264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:02:13.0296 4264 NwlnkFlt - ok
22:02:13.0328 4264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:02:13.0468 4264 NwlnkFwd - ok
22:02:13.0484 4264 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:02:13.0609 4264 ohci1394 - ok
22:02:13.0687 4264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:02:13.0703 4264 ose - ok
22:02:13.0906 4264 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:02:14.0234 4264 osppsvc - ok
22:02:14.0265 4264 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:02:14.0406 4264 Parport - ok
22:02:14.0437 4264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:02:14.0562 4264 PartMgr - ok
22:02:14.0609 4264 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:02:14.0750 4264 ParVdm - ok
22:02:14.0781 4264 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:02:14.0921 4264 PCI - ok
22:02:14.0921 4264 PCIDump - ok
22:02:14.0953 4264 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:02:15.0093 4264 PCIIde - ok
22:02:15.0109 4264 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:02:15.0234 4264 Pcmcia - ok
22:02:15.0250 4264 PDCOMP - ok
22:02:15.0265 4264 PDFRAME - ok
22:02:15.0265 4264 PDRELI - ok
22:02:15.0281 4264 PDRFRAME - ok
22:02:15.0312 4264 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:02:15.0468 4264 perc2 - ok
22:02:15.0484 4264 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:02:15.0640 4264 perc2hib - ok
22:02:15.0671 4264 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:02:15.0718 4264 PlugPlay - ok
22:02:15.0734 4264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:02:15.0843 4264 PolicyAgent - ok
22:02:15.0875 4264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:16.0000 4264 PptpMiniport - ok
22:02:16.0031 4264 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:02:16.0171 4264 Processor - ok
22:02:16.0171 4264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:02:16.0296 4264 ProtectedStorage - ok
22:02:16.0312 4264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:16.0437 4264 PSched - ok
22:02:16.0468 4264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:16.0609 4264 Ptilink - ok
22:02:16.0640 4264 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:02:16.0656 4264 PxHelp20 - ok
22:02:16.0671 4264 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:02:16.0796 4264 ql1080 - ok
22:02:16.0812 4264 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:02:16.0953 4264 Ql10wnt - ok
22:02:16.0968 4264 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:02:17.0109 4264 ql12160 - ok
22:02:17.0109 4264 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:02:17.0265 4264 ql1240 - ok
22:02:17.0265 4264 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:02:17.0421 4264 ql1280 - ok
22:02:17.0437 4264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:17.0593 4264 RasAcd - ok
22:02:17.0625 4264 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:02:17.0765 4264 RasAuto - ok
22:02:17.0781 4264 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:02:17.0859 4264 Rasirda - ok
22:02:17.0859 4264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:17.0984 4264 Rasl2tp - ok
22:02:18.0031 4264 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:02:18.0156 4264 RasMan - ok
22:02:18.0187 4264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:18.0312 4264 RasPppoe - ok
22:02:18.0328 4264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:18.0468 4264 Raspti - ok
22:02:18.0500 4264 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:18.0640 4264 Rdbss - ok
22:02:18.0656 4264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:02:18.0812 4264 RDPCDD - ok
22:02:18.0859 4264 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:02:19.0000 4264 rdpdr - ok
22:02:19.0046 4264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:02:19.0109 4264 RDPWD - ok
22:02:19.0156 4264 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:02:19.0296 4264 RDSessMgr - ok
22:02:19.0312 4264 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:02:19.0437 4264 redbook - ok
22:02:19.0468 4264 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:02:19.0609 4264 RemoteAccess - ok
22:02:19.0640 4264 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:02:19.0765 4264 RemoteRegistry - ok
22:02:19.0859 4264 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Programme\CyberLink\Shared Files\RichVideo.exe
22:02:19.0890 4264 RichVideo - ok
22:02:19.0921 4264 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:02:20.0062 4264 RpcLocator - ok
22:02:20.0093 4264 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:02:20.0156 4264 RpcSs - ok
22:02:20.0203 4264 [ 43110C2A2C5ED32EAD96C440718E4452 ] RRNetCap C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
22:02:20.0218 4264 RRNetCap - ok
22:02:20.0218 4264 [ 43110C2A2C5ED32EAD96C440718E4452 ] RRNetCapMP C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
22:02:20.0250 4264 RRNetCapMP - ok
22:02:20.0281 4264 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:02:20.0453 4264 RSVP - ok
22:02:20.0484 4264 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\WINDOWS\system32\DRIVERS\s125bus.sys
22:02:20.0500 4264 s125bus - ok
22:02:20.0546 4264 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
22:02:20.0562 4264 s125mdfl - ok
22:02:20.0578 4264 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\WINDOWS\system32\DRIVERS\s125mdm.sys
22:02:20.0609 4264 s125mdm - ok
22:02:20.0640 4264 [ 82B14C51DE76825EC769A6374E4C57D6 ] s125mgmt C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
22:02:20.0656 4264 s125mgmt - ok
22:02:20.0671 4264 [ BEDFC5707C356FD073BF1A4AFE442D91 ] s125obex C:\WINDOWS\system32\DRIVERS\s125obex.sys
22:02:20.0687 4264 s125obex - ok
22:02:20.0718 4264 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:02:20.0843 4264 SamSs - ok
22:02:20.0890 4264 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:02:21.0031 4264 SCardSvr - ok
22:02:21.0046 4264 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:02:21.0187 4264 Schedule - ok
22:02:21.0218 4264 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:02:21.0359 4264 sdbus - ok
22:02:21.0390 4264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:02:21.0515 4264 Secdrv - ok
22:02:21.0531 4264 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:02:21.0671 4264 seclogon - ok
22:02:21.0703 4264 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:02:21.0843 4264 SENS - ok
22:02:21.0875 4264 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:02:22.0015 4264 Serial - ok
22:02:22.0046 4264 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:02:22.0187 4264 sffdisk - ok
22:02:22.0203 4264 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:02:22.0343 4264 sffp_sd - ok
22:02:22.0375 4264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:02:22.0515 4264 Sfloppy - ok
22:02:22.0546 4264 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:02:22.0687 4264 SharedAccess - ok
22:02:22.0703 4264 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:02:22.0750 4264 ShellHWDetection - ok
22:02:22.0765 4264 Simbad - ok
22:02:22.0796 4264 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:02:22.0906 4264 sisagp - ok
22:02:22.0984 4264 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
22:02:23.0015 4264 SkypeUpdate - ok
22:02:23.0046 4264 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:02:23.0187 4264 SLIP - ok
22:02:23.0218 4264 [ 5052DBAFC8F4E4507E6AD0D467DD3529 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
22:02:23.0234 4264 snapman ( UnsignedFile.Multi.Generic ) - warning
22:02:23.0234 4264 snapman - detected UnsignedFile.Multi.Generic (1)
22:02:23.0593 4264 [ 6008DB6459E53E5D734DC4236EDA1BFE ] SNPSTD3 C:\WINDOWS\system32\DRIVERS\snpstd3.sys
22:02:24.0265 4264 SNPSTD3 - ok
22:02:24.0312 4264 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:02:24.0390 4264 Sparrow - ok
22:02:24.0406 4264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:02:24.0531 4264 splitter - ok
22:02:24.0562 4264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:02:24.0609 4264 Spooler - ok
22:02:24.0640 4264 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:02:24.0765 4264 sr - ok
22:02:24.0812 4264 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
22:02:24.0968 4264 srservice - ok
22:02:25.0000 4264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:02:25.0062 4264 Srv - ok
22:02:25.0093 4264 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:02:25.0234 4264 SSDPSRV - ok
22:02:25.0265 4264 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:02:25.0453 4264 stisvc - ok
22:02:25.0484 4264 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:02:25.0609 4264 streamip - ok
22:02:25.0656 4264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:02:25.0796 4264 swenum - ok
22:02:25.0812 4264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:02:25.0937 4264 swmidi - ok
22:02:25.0953 4264 SwPrv - ok
22:02:26.0000 4264 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:02:26.0140 4264 symc810 - ok
22:02:26.0187 4264 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:02:26.0343 4264 symc8xx - ok
22:02:26.0343 4264 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:02:26.0484 4264 sym_hi - ok
22:02:26.0500 4264 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:02:26.0640 4264 sym_u3 - ok
22:02:26.0671 4264 [ E295FFFFF3AAF9A6A40B29497901908F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:02:26.0734 4264 SynTP - ok
22:02:26.0750 4264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:02:26.0875 4264 sysaudio - ok
22:02:26.0906 4264 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:02:27.0046 4264 SysmonLog - ok
22:02:27.0093 4264 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:02:27.0265 4264 TapiSrv - ok
22:02:27.0296 4264 [ 74D4299CDC4CF748EFEF725C2206E135 ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
22:02:27.0312 4264 tbhsd - ok
22:02:27.0359 4264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:02:27.0390 4264 Tcpip - ok
22:02:27.0421 4264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:02:27.0562 4264 TDPIPE - ok
22:02:27.0593 4264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:27.0734 4264 TDTCP - ok
22:02:27.0750 4264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:27.0890 4264 TermDD - ok
22:02:27.0921 4264 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:02:28.0078 4264 TermService - ok
22:02:28.0109 4264 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:02:28.0140 4264 Themes - ok
22:02:28.0203 4264 [ 78213F01CE781F93180BEF5EB5B3AD81 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
22:02:28.0250 4264 tifm21 - ok
22:02:28.0281 4264 [ EBECC585BDC49D2571188312AAAA4264 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
22:02:28.0312 4264 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
22:02:28.0312 4264 tifsfilter - detected UnsignedFile.Multi.Generic (1)
22:02:28.0328 4264 [ B84D0154FAF7AF24DC3D0E4503C699E8 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
22:02:28.0375 4264 timounter ( UnsignedFile.Multi.Generic ) - warning
22:02:28.0375 4264 timounter - detected UnsignedFile.Multi.Generic (1)
22:02:28.0406 4264 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:02:28.0546 4264 TlntSvr - ok
22:02:28.0562 4264 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:02:28.0703 4264 TosIde - ok
22:02:28.0750 4264 [ B58E17EC1A91A3753D56C03BC2D5F8E2 ] TridVid C:\WINDOWS\system32\DRIVERS\TridVid.sys
22:02:28.0812 4264 TridVid - ok
22:02:28.0843 4264 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:02:28.0968 4264 TrkWks - ok
22:02:29.0000 4264 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\WINDOWS\system32\drivers\UBHelper.sys
22:02:29.0015 4264 UBHelper ( UnsignedFile.Multi.Generic ) - warning
22:02:29.0015 4264 UBHelper - detected UnsignedFile.Multi.Generic (1)
22:02:29.0015 4264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:02:29.0156 4264 Udfs - ok
22:02:29.0171 4264 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:02:29.0265 4264 ultra - ok
22:02:29.0312 4264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:02:29.0484 4264 Update - ok
22:02:29.0531 4264 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:02:29.0687 4264 upnphost - ok
22:02:29.0703 4264 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:02:29.0843 4264 UPS - ok
22:02:29.0875 4264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:02:30.0015 4264 usbccgp - ok
22:02:30.0031 4264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:02:30.0171 4264 usbehci - ok
22:02:30.0203 4264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:02:30.0328 4264 usbhub - ok
22:02:30.0343 4264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:02:30.0468 4264 usbprint - ok
22:02:30.0515 4264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:02:30.0640 4264 usbscan - ok
22:02:30.0671 4264 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:02:30.0796 4264 usbstor - ok
22:02:30.0828 4264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:02:30.0953 4264 usbuhci - ok
22:02:30.0984 4264 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:02:31.0125 4264 usbvideo - ok
22:02:31.0218 4264 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Programme\Windows Live\Messenger\usnsvc.exe
22:02:31.0234 4264 usnjsvc - ok
22:02:31.0265 4264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:02:31.0390 4264 VgaSave - ok
22:02:31.0406 4264 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:02:31.0546 4264 viaagp - ok
22:02:31.0562 4264 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:02:31.0703 4264 ViaIde - ok
22:02:31.0718 4264 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:02:31.0843 4264 VolSnap - ok
22:02:31.0890 4264 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:02:32.0046 4264 VSS - ok
22:02:32.0078 4264 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
22:02:32.0218 4264 W32Time - ok
22:02:32.0234 4264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:02:32.0359 4264 Wanarp - ok
22:02:32.0421 4264 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:02:32.0468 4264 Wdf01000 - ok
22:02:32.0484 4264 WDICA - ok
22:02:32.0500 4264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:02:32.0656 4264 wdmaud - ok
22:02:32.0687 4264 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:02:32.0828 4264 WebClient - ok
22:02:32.0875 4264 [ 307D248F97835B6879BDD361086924FE ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:02:32.0953 4264 winachsf - ok
22:02:33.0015 4264 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:02:33.0156 4264 winmgmt - ok
22:02:33.0218 4264 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Programme\Windows Live\installer\WLSetupSvc.exe
22:02:33.0312 4264 WLSetupSvc - ok
22:02:33.0343 4264 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:02:33.0421 4264 WmdmPmSN - ok
22:02:33.0468 4264 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:02:33.0531 4264 Wmi - ok
22:02:33.0578 4264 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:02:33.0703 4264 WmiAcpi - ok
22:02:33.0750 4264 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:02:33.0890 4264 WmiApSrv - ok
22:02:33.0968 4264 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
22:02:34.0078 4264 WMPNetworkSvc - ok
22:02:34.0109 4264 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:02:34.0125 4264 WpdUsb - ok
22:02:34.0156 4264 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:02:34.0281 4264 wscsvc - ok
22:02:34.0296 4264 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:02:34.0437 4264 WSTCODEC - ok
22:02:34.0453 4264 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:02:34.0609 4264 wuauserv - ok
22:02:34.0640 4264 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:02:34.0671 4264 WudfPf - ok
22:02:34.0687 4264 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:02:34.0734 4264 WudfRd - ok
22:02:34.0750 4264 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:02:34.0781 4264 WudfSvc - ok
22:02:34.0828 4264 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:02:34.0984 4264 WZCSVC - ok
22:02:35.0015 4264 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:02:35.0171 4264 xmlprov - ok
22:02:35.0218 4264 ================ Scan global ===============================
22:02:35.0234 4264 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:02:35.0281 4264 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:02:35.0328 4264 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:02:35.0343 4264 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:02:35.0359 4264 [Global] - ok
22:02:35.0359 4264 ================ Scan MBR ==================================
22:02:35.0375 4264 [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
22:02:39.0078 4264 \Device\Harddisk0\DR0 - ok
22:02:39.0093 4264 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR4
22:02:39.0234 4264 \Device\Harddisk1\DR4 - ok
22:02:39.0234 4264 ================ Scan VBR ==================================
22:02:39.0234 4264 [ 6039A4185B4CF7DBB938899E124C6907 ] \Device\Harddisk0\DR0\Partition1
22:02:39.0250 4264 \Device\Harddisk0\DR0\Partition1 - ok
22:02:39.0265 4264 [ 5B0967739302720542577B9C5E24B97F ] \Device\Harddisk0\DR0\Partition2
22:02:39.0265 4264 \Device\Harddisk0\DR0\Partition2 - ok
22:02:39.0281 4264 [ 16D3E544CE12AEB6BE9DF17F51803969 ] \Device\Harddisk1\DR4\Partition1
22:02:39.0281 4264 \Device\Harddisk1\DR4\Partition1 - ok
22:02:39.0281 4264 ============================================================
22:02:39.0281 4264 Scan finished
22:02:39.0281 4264 ============================================================
22:02:39.0390 4876 Detected object count: 14
22:02:39.0390 4876 Actual detected object count: 14
22:03:20.0218 4876 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0218 4876 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0218 4876 agfucapi ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0218 4876 agfucapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0218 4876 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0218 4876 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0218 4876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0218 4876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0218 4876 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0218 4876 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0234 4876 DKbFltr ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0234 4876 DKbFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0234 4876 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0234 4876 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0234 4876 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0234 4876 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0234 4876 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0234 4876 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0250 4876 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0250 4876 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0250 4876 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0250 4876 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0250 4876 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0250 4876 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0250 4876 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0250 4876 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:03:20.0250 4876 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
22:03:20.0250 4876 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
Habe heute übrigens eine merkwürdige Nachricht bekommen, dass der Adobe Flash Player einen potenziell unsicheren Vorgang gestoppt hat... about:blank versucht mit static.dealply.com zu kommunizieren. Hängt das mit dem o. g. Mist zusammen oder ist das - was ich vermute - eine weitere Schei.e auf dem Rechner???? Dann müsste ich ja einen neuen Thread eröffnen...  |
|
06.02.2013, 22:17
| #8 |
| /// Malware-holic | Adserverplus hi das ist das selbe Problem. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
WARNUNG an die MITLESER: 
Linear-Darstellung
