| |
| |||||||
Log-Analyse und Auswertung: TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauberWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.05.2013, 21:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber Log ist unvollständig! Außerdem bat ich darum, alle Logs in CODE-Tags zu posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2013, 22:03
| #17 |
 | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber sorry
__________________ich kopiere die datei c:\\combofix.txt nocheinmal Combofix Logfile: Code:
ATTFilter ComboFix 13-05-12.01 - Sabine 12.05.2013 22:32:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1180 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sabine\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Cisye
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Cisye\xyetv.exe
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Fubum
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Fubum\ahca.etw
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\ie_util.exe
c:\dokumente und einstellungen\Sabine\Eigene Dateien\Readiris.DUS
c:\dokumente und einstellungen\Sabine\WINDOWS
c:\programme\Incredibar.com
c:\programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\programme\Incredibar.com\incredibar\1.5.3.27\inCRedibartlbr.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
C:\Thumbs.db
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1b1a02f32eabe431.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\60b4723a05bff086.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\914c066758c44ddc.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cf17c55ed9f25a5d.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\ctl3d32.dll.tmp
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\roboot.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.exe
c:\windows\system32\Thumbs.db
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-12 bis 2013-05-12 ))))))))))))))))))))))))))))))
.
.
2013-05-08 18:14 . 2013-05-08 18:14 -------- d-----w- c:\programme\CleanUp!
2013-05-08 12:35 . 2013-05-08 12:35 -------- d-----w- c:\dokumente und einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\PDF24
2013-05-06 10:33 . 2013-05-12 20:27 -------- d-----w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Midaz
2013-05-06 10:33 . 2013-05-06 10:33 -------- d-----w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Rylu
2013-04-24 05:27 . 2013-04-24 05:27 -------- d-----w- c:\windows\system32\Color
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-12 17:42 . 2013-01-31 16:58 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-07 09:18 . 2010-01-08 11:03 1080 -c--a-w- c:\windows\AUTOLNCH.REG
2013-03-14 12:25 . 2012-05-17 21:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 12:25 . 2012-05-17 21:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 07:48 . 2013-03-12 07:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 07:48 . 2012-05-16 05:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 07:48 . 2013-03-12 07:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 07:48 . 2011-12-19 09:04 782240 -c--a-w- c:\windows\system32\deployJava1.dll
2013-02-18 21:34 . 2012-11-28 13:36 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-14 16:40 . 2013-04-14 16:40 263064 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 -c--a-w- c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 21:34 1929392 ----a-w- c:\programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Driver Updater"="c:\programme\Carambis\Driver Updater\dupdater.exe" [2009-10-01 4805632]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"SSC Service Utility"="c:\programme\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"TkBellExe"="c:\programme\Real\RealPlayer\update\realsched.exe" [2010-12-20 274608]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Ocs_SM"="c:\dokumente und einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe" [2012-11-28 106496]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"Advanced System Protector_startup"="c:\programme\Advanced System Protector\AdvancedSystemProtector.exe" [2012-10-31 6381496]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Sabine\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
UltimateZip Quick Start.lnk - c:\programme\UltimateZip 2007\uzqkst.exe [2009-2-8 834048]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Audible Download Manager.lnk - c:\programme\Audible\Bin\AudibleDownloadHelper.exe [N/A]
EPSON Scanner Monitor.lnk - c:\windows\twain_32\EPEM\EPSONEM.EXE [2009-2-8 44032]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK.EXE [2008-11-10 525664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Dokumente und Einstellungen\\Sabine\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.11.2008 16:56 162640]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [28.11.2012 15:36 33112]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [23.02.2013 17:54 805752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.11.2008 16:56 19024]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [18.02.2013 23:34 968880]
R2 WajamUpdater;WajamUpdater;c:\programme\Wajam\Updater\WajamUpdater.exe [05.10.2012 17:08 109064]
S2 SearchAnonymizer;SearchAnonymizer;c:\dokumente und einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [28.11.2012 15:35 40960]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 17:48 235216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 14:53 1642448 ----a-w- c:\programme\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 12:25]
.
2013-05-12 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 20:48]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-26 07:48]
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-26 07:48]
.
2013-05-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-838170752-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2013-05-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-838170752-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2013-05-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-02-08 13:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1124670
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={2F2F2864-3A2E-11E2-A226-002215B583A5}
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BD659856-C28E-49DA-A7AA-FC4D6E62E1BB}: NameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: !HIDDEN! 2010-12-17 14:33; smartwebprinting@hp.com; c:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2012-01-30 12:00; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\programme\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2012-11-28 14:36; firejump@firejump.net; c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\firejump@firejump.net
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{94817c02-feac-4aa8-99d8-1cb47bf4d4c0} - c:\programme\Spesoft\prxtbSpes.dll
BHO-{94817c02-feac-4aa8-99d8-1cb47bf4d4c0} - c:\programme\Spesoft\prxtbSpes.dll
Toolbar-10 - (no file)
Toolbar-{94817c02-feac-4aa8-99d8-1cb47bf4d4c0} - c:\programme\Spesoft\prxtbSpes.dll
HKCU-Run-EPSON Stylus C86 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
HKCU-Run-Akamai NetSession Interface - c:\dokumente und einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
HKCU-Run-DriverTurbo - c:\programme\DriverTurbo\DriverTurbo.exe
HKCU-Run-Aquzpal - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Cisye\xyetv.exe
HKCU-Run-IExplorer Util - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\ie_util.exe
HKLM-Run-EPSON Stylus C86 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
AddRemove-Adobe PhotoDeluxe Business Edition 1.0 - c:\windows\UNIN0407.EXE
AddRemove-EH_101Verm - c:\windows\IsUn0407.exe
AddRemove-EPSON TWAIN - c:\windows\unin0407.exe
AddRemove-HP PrecisionScan LTX - c:\windows\IsUn0407.exe
AddRemove-incredibar - c:\programme\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
AddRemove-Spesoft Toolbar - c:\programme\Spesoft\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-12 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C86 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"??????? ???Z???n????????????????I7~????????????????`????????????????????J7~????`???????+???8?????????????8~????`?????????8~`??????????????|???????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2013-05-12 22:44:11
ComboFix-quarantined-files.txt 2013-05-12 20:44
.
Vor Suchlauf: 13 Verzeichnis(se), 11.861.123.072 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 17.729.187.840 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - DB065E68DD3CF9B313BD2B6BA6AFFD16
mfg milla2012 |
|
12.05.2013, 22:07
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber Ok, viel besser
__________________Combofix-Skript
__________________ |
|
16.05.2013, 19:50
| #19 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber hallo cosinus alles so ausgeführt wie beschríeben. hier die ComboFix.txt ich habe alles im editor markiert, kopiert und hier eingesetzt. "Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein." ich weiß nicht was der #-Button des Editors ist grüße milla2012 Combofix Logfile: Code:
ATTFilter ComboFix 13-05-16.02 - Sabine 16.05.2013 20:17:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1091 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sabine\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Sabine\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Midaz
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Rylu
c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Rylu\irikg.ifw
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-16 bis 2013-05-16 ))))))))))))))))))))))))))))))
.
.
2013-05-08 18:14 . 2013-05-08 18:14 -------- d-----w- c:\programme\CleanUp!
2013-05-08 12:35 . 2013-05-08 12:35 -------- d-----w- c:\dokumente und einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\PDF24
2013-04-24 05:27 . 2013-04-24 05:27 -------- d-----w- c:\windows\system32\Color
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 17:43 . 2013-01-31 16:58 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-07 09:18 . 2010-01-08 11:03 1080 -c--a-w- c:\windows\AUTOLNCH.REG
2013-03-12 07:48 . 2013-03-12 07:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-12 07:48 . 2012-05-16 05:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-12 07:48 . 2013-03-12 07:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-12 07:48 . 2011-12-19 09:04 782240 -c--a-w- c:\windows\system32\deployJava1.dll
2013-02-18 21:34 . 2012-11-28 13:36 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-04-14 16:40 . 2013-04-14 16:40 263064 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 -c--a-w- c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-18 21:34 1929392 ----a-w- c:\programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Driver Updater"="c:\programme\Carambis\Driver Updater\dupdater.exe" [2009-10-01 4805632]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 39408]
"Aquzpal"="c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Cisye\xyetv.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"SSC Service Utility"="c:\programme\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"TkBellExe"="c:\programme\Real\RealPlayer\update\realsched.exe" [2010-12-20 274608]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Ocs_SM"="c:\dokumente und einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe" [2012-11-28 106496]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"Advanced System Protector_startup"="c:\programme\Advanced System Protector\AdvancedSystemProtector.exe" [2012-10-31 6381496]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 16858112]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
"PDFPrint"="c:\programme\pdf24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Sabine\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
UltimateZip Quick Start.lnk - c:\programme\UltimateZip 2007\uzqkst.exe [2009-2-8 834048]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Audible Download Manager.lnk - c:\programme\Audible\Bin\AudibleDownloadHelper.exe [N/A]
EPSON Scanner Monitor.lnk - c:\windows\twain_32\EPEM\EPSONEM.EXE [2009-2-8 44032]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK.EXE [2008-11-10 525664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Dokumente und Einstellungen\\Sabine\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09.11.2008 16:56 162640]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [28.11.2012 15:36 33112]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [23.02.2013 17:54 805752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09.11.2008 16:56 19024]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [18.02.2013 23:34 968880]
R2 WajamUpdater;WajamUpdater;c:\programme\Wajam\Updater\WajamUpdater.exe [05.10.2012 17:08 109064]
S2 SearchAnonymizer;SearchAnonymizer;c:\dokumente und einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe [28.11.2012 15:35 40960]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 17:48 235216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 14:53 1642448 ----a-w- c:\programme\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-16 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 20:48]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-26 07:48]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-26 07:48]
.
2013-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-484763869-838170752-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2013-05-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-838170752-725345543-1003.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1124670
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={2F2F2864-3A2E-11E2-A226-002215B583A5}
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{BD659856-C28E-49DA-A7AA-FC4D6E62E1BB}: NameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - ExtSQL: !HIDDEN! 2010-12-17 14:33; smartwebprinting@hp.com; c:\programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF - ExtSQL: !HIDDEN! 2012-01-30 12:00; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\programme\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2012-11-28 14:36; firejump@firejump.net; c:\dokumente und einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\firejump@firejump.net
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-16 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-16 20:26:32
ComboFix-quarantined-files.txt 2013-05-16 18:26
ComboFix2.txt 2013-05-12 20:44
.
Vor Suchlauf: 15 Verzeichnis(se), 15.534.096.384 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 17.481.916.416 Bytes frei
.
- - End Of File - - 6C02EAB2480D9EC8542D13EA618C6661
|
|
16.05.2013, 21:20
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 08:05
| #21 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber hallo mal zwischendurch: vielen dank für die hilfe. nach dem cleanup, dass erfolgreich abgeschlossen wurde, gab es keinen automatischen neustart. ich habe dann den rechner manuell neugestartet und die mbar.exe erneut gestartet. beim zweiten mal wurde nichts gefunden ud es musste kein cleanup gemacht werden. hier das logfile Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.17.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Sabine :: DAMMTOR2 [administrator]
17.05.2013 07:47:03
mbar-log-2013-05-17 (07-47-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27314
Time elapsed: 7 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 1
HKCU\SOFTWARE\CROSSRIDER|215AppVerifier (Adware.GamePlayLab) -> Data: a8e796b9af16468f1621670f845fc47e -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
17.05.2013, 13:13
| #23 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber ich befolge die anweisungen ganz genau, scheinbar zu genau , sorry Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-16 23:15:48
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000062 Hitachi_HDP725050GLA360 rev.GM4OA52A 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Sabine\LOKALE~1\Temp\fxrdapod.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB40C6BBC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB40C6A78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB40C702C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB40C6F56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB40C664E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB40C6B52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB40C658E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB40C65F2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB40C6C72]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB40C70FA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB40C6C32]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB40C6DB2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB40D3322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB40D314C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB40D3280]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B40D3284 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP B40D3150 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC51E 5 Bytes JMP B40CF594 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA2 5 Bytes JMP B40D0866 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1142 7 Bytes JMP B40D3326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB95FE360, 0x32DEFD, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Real\RealPlayer\update\realsched.exe[260] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\SearchIndexer.exe[4040] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 6000 E609a Series@ChangeID 6946578
---- EOF - GMER 2.1 ----
|
|
17.05.2013, 13:15
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 22:51
| #25 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber gemacht. hier die beiden log-files Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-17 23:14:24
-----------------------------
23:14:24.812 OS Version: Windows 5.1.2600 Service Pack 3
23:14:24.812 Number of processors: 2 586 0x6B02
23:14:24.812 ComputerName: DAMMTOR2 UserName: Sabine
23:14:25.078 Initialize success
23:14:25.515 AVAST engine defs: 10022401
23:15:15.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
23:15:15.796 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
23:15:15.921 Disk 0 MBR read successfully
23:15:15.921 Disk 0 MBR scan
23:15:15.921 Disk 0 Windows XP default MBR code
23:15:15.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
23:15:15.921 Disk 0 Partition - 00 0F Extended LBA 426930 MB offset 102398310
23:15:15.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 213998 MB offset 102398373
23:15:15.937 Disk 0 Partition - 00 05 Extended 212931 MB offset 540667575
23:15:15.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 212931 MB offset 540667638
23:15:15.953 Disk 0 scanning sectors +976752000
23:15:16.015 Disk 0 scanning C:\WINDOWS\system32\drivers
23:15:23.328 Service scanning
23:15:34.062 Modules scanning
23:15:38.031 Disk 0 trace - called modules:
23:15:38.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
23:15:38.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a572ab8]
23:15:38.046 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a51ceb0]
23:15:38.046 5 ACPI.sys[ba77e620] -> nt!IofCallDriver -> \Device\00000062[0x8a568030]
23:15:38.312 AVAST engine scan C:\WINDOWS
23:15:44.015 AVAST engine scan C:\WINDOWS\system32
23:17:07.375 AVAST engine scan C:\WINDOWS\system32\drivers
23:17:16.265 AVAST engine scan C:\Dokumente und Einstellungen\Sabine
23:23:25.140 AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:25:06.625 Scan finished successfully
23:42:22.890 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat"
23:42:22.890 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-17 23:14:24
-----------------------------
23:14:24.812 OS Version: Windows 5.1.2600 Service Pack 3
23:14:24.812 Number of processors: 2 586 0x6B02
23:14:24.812 ComputerName: DAMMTOR2 UserName: Sabine
23:14:25.078 Initialize success
23:14:25.515 AVAST engine defs: 10022401
23:15:15.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
23:15:15.796 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
23:15:15.921 Disk 0 MBR read successfully
23:15:15.921 Disk 0 MBR scan
23:15:15.921 Disk 0 Windows XP default MBR code
23:15:15.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
23:15:15.921 Disk 0 Partition - 00 0F Extended LBA 426930 MB offset 102398310
23:15:15.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 213998 MB offset 102398373
23:15:15.937 Disk 0 Partition - 00 05 Extended 212931 MB offset 540667575
23:15:15.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 212931 MB offset 540667638
23:15:15.953 Disk 0 scanning sectors +976752000
23:15:16.015 Disk 0 scanning C:\WINDOWS\system32\drivers
23:15:23.328 Service scanning
23:15:34.062 Modules scanning
23:15:38.031 Disk 0 trace - called modules:
23:15:38.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
23:15:38.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a572ab8]
23:15:38.046 3 CLASSPNP.SYS[ba8e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a51ceb0]
23:15:38.046 5 ACPI.sys[ba77e620] -> nt!IofCallDriver -> \Device\00000062[0x8a568030]
23:15:38.312 AVAST engine scan C:\WINDOWS
23:15:44.015 AVAST engine scan C:\WINDOWS\system32
23:17:07.375 AVAST engine scan C:\WINDOWS\system32\drivers
23:17:16.265 AVAST engine scan C:\Dokumente und Einstellungen\Sabine
23:23:25.140 AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:25:06.625 Scan finished successfully
23:42:22.890 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat"
23:42:22.890 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.txt"
23:42:44.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat"
23:42:44.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.txt"
Code:
ATTFilter 23:45:09.0750 4192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:45:09.0968 4192 ============================================================
23:45:09.0968 4192 Current date / time: 2013/05/17 23:45:09.0968
23:45:09.0968 4192 SystemInfo:
23:45:09.0968 4192
23:45:09.0968 4192 OS Version: 5.1.2600 ServicePack: 3.0
23:45:09.0968 4192 Product type: Workstation
23:45:09.0968 4192 ComputerName: DAMMTOR2
23:45:09.0968 4192 UserName: Sabine
23:45:09.0968 4192 Windows directory: C:\WINDOWS
23:45:09.0968 4192 System windows directory: C:\WINDOWS
23:45:09.0968 4192 Processor architecture: Intel x86
23:45:09.0968 4192 Number of processors: 2
23:45:09.0968 4192 Page size: 0x1000
23:45:09.0968 4192 Boot type: Normal boot
23:45:09.0968 4192 ============================================================
23:45:10.0250 4192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:45:10.0250 4192 ============================================================
23:45:10.0250 4192 \Device\Harddisk0\DR0:
23:45:10.0250 4192 MBR partitions:
23:45:10.0250 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
23:45:10.0265 4192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x1A1F7512
23:45:10.0281 4192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2039EEF6, BlocksNum 0x19FE1E8A
23:45:10.0281 4192 ============================================================
23:45:10.0312 4192 C: <-> \Device\Harddisk0\DR0\Partition1
23:45:10.0375 4192 E: <-> \Device\Harddisk0\DR0\Partition2
23:45:10.0437 4192 F: <-> \Device\Harddisk0\DR0\Partition3
23:45:10.0453 4192 ============================================================
23:45:10.0453 4192 Initialize success
23:45:10.0453 4192 ============================================================
23:45:34.0015 4072 ============================================================
23:45:34.0015 4072 Scan started
23:45:34.0015 4072 Mode: Manual; SigCheck; TDLFS;
23:45:34.0015 4072 ============================================================
23:45:34.0546 4072 ================ Scan system memory ========================
23:45:35.0421 4072 System memory - ok
23:45:35.0421 4072 ================ Scan services =============================
23:45:35.0515 4072 [ 5244202C1F781664A2ADEA690DF15C91 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:45:35.0593 4072 Aavmker4 - ok
23:45:35.0593 4072 Abiosdsk - ok
23:45:35.0609 4072 abp480n5 - ok
23:45:35.0640 4072 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:45:35.0812 4072 ACPI - ok
23:45:35.0843 4072 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:45:35.0953 4072 ACPIEC - ok
23:45:35.0953 4072 adpu160m - ok
23:45:36.0000 4072 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:45:36.0093 4072 aec - ok
23:45:36.0125 4072 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:45:36.0156 4072 AFD - ok
23:45:36.0156 4072 Aha154x - ok
23:45:36.0171 4072 aic78u2 - ok
23:45:36.0187 4072 aic78xx - ok
23:45:36.0218 4072 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:45:36.0328 4072 Alerter - ok
23:45:36.0343 4072 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
23:45:36.0437 4072 ALG - ok
23:45:36.0453 4072 AliIde - ok
23:45:36.0484 4072 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:45:36.0515 4072 AmdK8 - ok
23:45:36.0515 4072 amsint - ok
23:45:36.0609 4072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:45:36.0609 4072 Apple Mobile Device - ok
23:45:36.0656 4072 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Programme\Application Updater\ApplicationUpdater.exe
23:45:36.0687 4072 Application Updater - ok
23:45:36.0718 4072 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:45:36.0828 4072 AppMgmt - ok
23:45:36.0828 4072 asc - ok
23:45:36.0843 4072 asc3350p - ok
23:45:36.0859 4072 asc3550 - ok
23:45:36.0937 4072 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:45:36.0953 4072 aspnet_state - ok
23:45:36.0984 4072 [ 1AFFA79D25FAB98E4FB5D7D278F23381 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:45:37.0000 4072 aswFsBlk - ok
23:45:37.0000 4072 [ 7D17C2E0834D964FA430713C1CCEA7ED ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:45:37.0015 4072 aswMon2 - ok
23:45:37.0031 4072 [ B868FFF3E3370340AD2D53BCA6E7870C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:45:37.0031 4072 aswRdr - ok
23:45:37.0046 4072 [ 11A68F123BDE9A65CCCADE64D1F1304B ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:45:37.0062 4072 aswSP - ok
23:45:37.0078 4072 [ 5C1BE10A74D8ECE548AFF6067D007E27 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:45:37.0078 4072 aswTdi - ok
23:45:37.0093 4072 aswUpdSv - ok
23:45:37.0125 4072 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:45:37.0218 4072 AsyncMac - ok
23:45:37.0250 4072 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:45:37.0343 4072 atapi - ok
23:45:37.0359 4072 Atdisk - ok
23:45:37.0375 4072 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:45:37.0468 4072 Atmarpc - ok
23:45:37.0500 4072 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:45:37.0609 4072 AudioSrv - ok
23:45:37.0640 4072 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:45:37.0734 4072 audstub - ok
23:45:37.0781 4072 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:45:37.0781 4072 avast! Antivirus - ok
23:45:37.0796 4072 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Mail Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:45:37.0796 4072 avast! Mail Scanner - ok
23:45:37.0812 4072 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Web Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:45:37.0812 4072 avast! Web Scanner - ok
23:45:37.0828 4072 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:45:37.0843 4072 avgtp - ok
23:45:37.0859 4072 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:45:37.0984 4072 Beep - ok
23:45:38.0031 4072 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
23:45:38.0125 4072 BITS - ok
23:45:38.0187 4072 [ CAC67471B17D80DCD6770011539D706C ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
23:45:38.0203 4072 Bonjour Service - ok
23:45:38.0234 4072 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
23:45:38.0359 4072 Browser - ok
23:45:38.0421 4072 catchme - ok
23:45:38.0437 4072 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:45:38.0562 4072 cbidf2k - ok
23:45:38.0593 4072 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:45:38.0687 4072 CCDECODE - ok
23:45:38.0703 4072 cd20xrnt - ok
23:45:38.0734 4072 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:45:38.0859 4072 Cdaudio - ok
23:45:38.0890 4072 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:45:38.0984 4072 Cdfs - ok
23:45:39.0000 4072 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:45:39.0093 4072 Cdrom - ok
23:45:39.0093 4072 Changer - ok
23:45:39.0125 4072 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:45:39.0218 4072 CiSvc - ok
23:45:39.0234 4072 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:45:39.0343 4072 ClipSrv - ok
23:45:39.0375 4072 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:39.0484 4072 clr_optimization_v2.0.50727_32 - ok
23:45:39.0500 4072 CmdIde - ok
23:45:39.0500 4072 COMSysApp - ok
23:45:39.0531 4072 Cpqarray - ok
23:45:39.0531 4072 Crypkey License - ok
23:45:39.0562 4072 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:45:39.0656 4072 CryptSvc - ok
23:45:39.0671 4072 dac2w2k - ok
23:45:39.0671 4072 dac960nt - ok
23:45:39.0718 4072 [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:45:39.0843 4072 DcomLaunch - ok
23:45:39.0875 4072 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:45:39.0968 4072 Dhcp - ok
23:45:39.0984 4072 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:45:40.0078 4072 Disk - ok
23:45:40.0078 4072 dmadmin - ok
23:45:40.0125 4072 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:45:40.0234 4072 dmboot - ok
23:45:40.0250 4072 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:45:40.0328 4072 dmio - ok
23:45:40.0359 4072 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:45:40.0468 4072 dmload - ok
23:45:40.0500 4072 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:45:40.0593 4072 dmserver - ok
23:45:40.0609 4072 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:45:40.0703 4072 DMusic - ok
23:45:40.0718 4072 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:45:40.0796 4072 Dnscache - ok
23:45:40.0843 4072 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:45:40.0937 4072 Dot3svc - ok
23:45:40.0937 4072 dpti2o - ok
23:45:40.0984 4072 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:45:41.0062 4072 drmkaud - ok
23:45:41.0078 4072 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:45:41.0171 4072 EapHost - ok
23:45:41.0218 4072 [ 5F933159FA1E72C233905CDF25CC254A ] EPSON_PM_RPCV2_02 C:\WINDOWS\system32\E_S00RP2.EXE
23:45:41.0265 4072 EPSON_PM_RPCV2_02 - ok
23:45:41.0281 4072 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:45:41.0375 4072 ERSvc - ok
23:45:41.0421 4072 [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog C:\WINDOWS\system32\services.exe
23:45:41.0531 4072 Eventlog - ok
23:45:41.0578 4072 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
23:45:41.0609 4072 EventSystem - ok
23:45:41.0640 4072 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:45:41.0734 4072 Fastfat - ok
23:45:41.0765 4072 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:45:41.0859 4072 FastUserSwitchingCompatibility - ok
23:45:41.0875 4072 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:45:41.0953 4072 Fdc - ok
23:45:41.0968 4072 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:45:42.0062 4072 Fips - ok
23:45:42.0078 4072 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:45:42.0156 4072 Flpydisk - ok
23:45:42.0203 4072 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:45:42.0281 4072 FltMgr - ok
23:45:42.0359 4072 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
23:45:42.0375 4072 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
23:45:42.0375 4072 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
23:45:42.0390 4072 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:45:42.0500 4072 Fs_Rec - ok
23:45:42.0515 4072 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:45:42.0625 4072 Ftdisk - ok
23:45:42.0656 4072 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:45:42.0656 4072 GEARAspiWDM - ok
23:45:42.0687 4072 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
23:45:42.0703 4072 giveio ( UnsignedFile.Multi.Generic ) - warning
23:45:42.0703 4072 giveio - detected UnsignedFile.Multi.Generic (1)
23:45:42.0734 4072 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:45:42.0812 4072 Gpc - ok
23:45:42.0890 4072 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
23:45:42.0906 4072 gupdate - ok
23:45:42.0906 4072 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
23:45:42.0921 4072 gupdatem - ok
23:45:42.0953 4072 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
23:45:42.0968 4072 gusvc - ok
23:45:43.0015 4072 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:45:43.0093 4072 HDAudBus - ok
23:45:43.0156 4072 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:45:43.0234 4072 helpsvc - ok
23:45:43.0250 4072 HidServ - ok
23:45:43.0265 4072 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:45:43.0359 4072 HidUsb - ok
23:45:43.0390 4072 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:45:43.0468 4072 hkmsvc - ok
23:45:43.0484 4072 hpn - ok
23:45:43.0578 4072 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
23:45:43.0593 4072 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:45:43.0593 4072 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:45:43.0640 4072 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
23:45:43.0671 4072 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:45:43.0671 4072 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:45:43.0687 4072 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:45:43.0718 4072 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:45:43.0718 4072 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:45:43.0765 4072 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:45:43.0828 4072 HPZid412 - ok
23:45:43.0859 4072 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:45:43.0875 4072 HPZipr12 - ok
23:45:43.0906 4072 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:45:43.0937 4072 HPZius12 - ok
23:45:43.0984 4072 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:45:44.0062 4072 HTTP - ok
23:45:44.0109 4072 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:45:44.0187 4072 HTTPFilter - ok
23:45:44.0187 4072 i2omgmt - ok
23:45:44.0203 4072 i2omp - ok
23:45:44.0218 4072 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:45:44.0296 4072 i8042prt - ok
23:45:44.0359 4072 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:45:44.0359 4072 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:45:44.0359 4072 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:45:44.0375 4072 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:45:44.0453 4072 Imapi - ok
23:45:44.0500 4072 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
23:45:44.0593 4072 ImapiService - ok
23:45:44.0609 4072 ini910u - ok
23:45:44.0718 4072 [ 8998A1E6F899F790E5EFF9CD2C431A23 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:45:44.0890 4072 IntcAzAudAddService - ok
23:45:44.0890 4072 IntelIde - ok
23:45:44.0921 4072 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:45:45.0015 4072 ip6fw - ok
23:45:45.0046 4072 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:45:45.0171 4072 IpFilterDriver - ok
23:45:45.0187 4072 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:45:45.0281 4072 IpInIp - ok
23:45:45.0296 4072 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:45:45.0390 4072 IpNat - ok
23:45:45.0437 4072 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe
23:45:45.0468 4072 iPod Service - ok
23:45:45.0484 4072 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:45:45.0562 4072 IPSec - ok
23:45:45.0578 4072 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:45:45.0656 4072 IRENUM - ok
23:45:45.0687 4072 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:45:45.0765 4072 isapnp - ok
23:45:45.0859 4072 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
23:45:45.0875 4072 JavaQuickStarterService - ok
23:45:45.0906 4072 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:45:46.0000 4072 Kbdclass - ok
23:45:46.0015 4072 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:45:46.0093 4072 kmixer - ok
23:45:46.0109 4072 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:45:46.0187 4072 KSecDD - ok
23:45:46.0203 4072 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:45:46.0281 4072 lanmanserver - ok
23:45:46.0296 4072 [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:45:46.0390 4072 lanmanworkstation - ok
23:45:46.0406 4072 lbrtfdc - ok
23:45:46.0453 4072 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:45:46.0531 4072 LmHosts - ok
23:45:46.0609 4072 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe
23:45:46.0625 4072 McComponentHostService - ok
23:45:46.0640 4072 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:45:46.0718 4072 Messenger - ok
23:45:46.0781 4072 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
23:45:46.0781 4072 Microsoft Office Groove Audit Service - ok
23:45:46.0843 4072 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:45:46.0953 4072 mnmdd - ok
23:45:46.0984 4072 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:45:47.0078 4072 mnmsrvc - ok
23:45:47.0093 4072 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:45:47.0187 4072 Modem - ok
23:45:47.0203 4072 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:45:47.0281 4072 Mouclass - ok
23:45:47.0328 4072 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:45:47.0437 4072 mouhid - ok
23:45:47.0453 4072 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:45:47.0531 4072 MountMgr - ok
23:45:47.0578 4072 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:45:47.0578 4072 MozillaMaintenance - ok
23:45:47.0609 4072 [ 1AAE79A4176A957BF2BB679812F04655 ] MR97310_USB_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310c.sys
23:45:47.0656 4072 MR97310_USB_DUAL_CAMERA - ok
23:45:47.0656 4072 mraid35x - ok
23:45:47.0671 4072 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:45:47.0750 4072 MRxDAV - ok
23:45:47.0781 4072 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:45:47.0828 4072 MRxSmb - ok
23:45:47.0843 4072 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:45:47.0953 4072 MSDTC - ok
23:45:47.0968 4072 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:45:48.0046 4072 Msfs - ok
23:45:48.0062 4072 MSIServer - ok
23:45:48.0093 4072 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:45:48.0171 4072 MSKSSRV - ok
23:45:48.0203 4072 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:45:48.0265 4072 MSPCLOCK - ok
23:45:48.0281 4072 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:45:48.0375 4072 MSPQM - ok
23:45:48.0390 4072 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:45:48.0468 4072 mssmbios - ok
23:45:48.0500 4072 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:45:48.0593 4072 MSTEE - ok
23:45:48.0625 4072 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:45:48.0625 4072 MTsensor - ok
23:45:48.0640 4072 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:45:48.0718 4072 Mup - ok
23:45:48.0750 4072 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:45:48.0843 4072 NABTSFEC - ok
23:45:48.0875 4072 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
23:45:48.0968 4072 napagent - ok
23:45:49.0000 4072 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:45:49.0093 4072 NDIS - ok
23:45:49.0109 4072 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:45:49.0187 4072 NdisIP - ok
23:45:49.0187 4072 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:45:49.0281 4072 NdisTapi - ok
23:45:49.0296 4072 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:45:49.0375 4072 Ndisuio - ok
23:45:49.0390 4072 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:45:49.0468 4072 NdisWan - ok
23:45:49.0484 4072 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:45:49.0578 4072 NDProxy - ok
23:45:49.0609 4072 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
23:45:49.0625 4072 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:45:49.0625 4072 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:45:49.0656 4072 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:45:49.0734 4072 NetBIOS - ok
23:45:49.0750 4072 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:45:49.0843 4072 NetBT - ok
23:45:49.0875 4072 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
23:45:49.0968 4072 NetDDE - ok
23:45:49.0984 4072 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:45:50.0062 4072 NetDDEdsdm - ok
23:45:50.0093 4072 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:45:50.0171 4072 Netlogon - ok
23:45:50.0203 4072 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
23:45:50.0281 4072 Netman - ok
23:45:50.0312 4072 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
23:45:50.0312 4072 NetworkX ( UnsignedFile.Multi.Generic ) - warning
23:45:50.0312 4072 NetworkX - detected UnsignedFile.Multi.Generic (1)
23:45:50.0359 4072 [ ACD8BD448A74F344D46FCAF21BAB92AF ] Nla C:\WINDOWS\System32\mswsock.dll
23:45:50.0375 4072 Nla - ok
23:45:50.0453 4072 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
23:45:50.0468 4072 NMIndexingService - ok
23:45:50.0500 4072 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:45:50.0593 4072 Npfs - ok
23:45:50.0625 4072 [ F8BB9796539F8457E0D51818B7360AFF ] nSvcIp C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
23:45:50.0640 4072 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
23:45:50.0640 4072 nSvcIp - detected UnsignedFile.Multi.Generic (1)
23:45:50.0656 4072 [ A6D83894395D9A18F3CE65EDAF614271 ] nSvcLog C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
23:45:50.0656 4072 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
23:45:50.0656 4072 nSvcLog - detected UnsignedFile.Multi.Generic (1)
23:45:50.0687 4072 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:45:50.0812 4072 Ntfs - ok
23:45:50.0828 4072 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:45:50.0906 4072 NtLmSsp - ok
23:45:50.0937 4072 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:45:51.0046 4072 NtmsSvc - ok
23:45:51.0062 4072 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:45:51.0156 4072 Null - ok
23:45:51.0296 4072 [ 70CB8915895CCB92DDF23CE890C4F5BE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:45:51.0500 4072 nv - ok
23:45:51.0531 4072 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
23:45:51.0562 4072 nvata - ok
23:45:51.0593 4072 [ 24336267DF2A52E2785D50F41B9CF9B8 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:45:51.0625 4072 NVENETFD - ok
23:45:51.0656 4072 [ FEA32E16BD1DDA896A647A6E19216FCA ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:45:51.0671 4072 nvnetbus - ok
23:45:51.0718 4072 [ F96DF45CFBDC670584293E03C2AB602A ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:45:51.0750 4072 NVSvc - ok
23:45:51.0781 4072 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:45:51.0890 4072 NwlnkFlt - ok
23:45:51.0906 4072 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:45:52.0000 4072 NwlnkFwd - ok
23:45:52.0046 4072 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:45:52.0078 4072 odserv - ok
23:45:52.0109 4072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:45:52.0109 4072 ose - ok
23:45:52.0156 4072 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:45:52.0234 4072 Parport - ok
23:45:52.0250 4072 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:45:52.0328 4072 PartMgr - ok
23:45:52.0375 4072 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:45:52.0468 4072 ParVdm - ok
23:45:52.0484 4072 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:45:52.0578 4072 PCI - ok
23:45:52.0578 4072 PCIDump - ok
23:45:52.0593 4072 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:45:52.0687 4072 PCIIde - ok
23:45:52.0718 4072 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:45:52.0796 4072 Pcmcia - ok
23:45:52.0812 4072 PDCOMP - ok
23:45:52.0828 4072 PDFRAME - ok
23:45:52.0828 4072 PDRELI - ok
23:45:52.0843 4072 PDRFRAME - ok
23:45:52.0843 4072 perc2 - ok
23:45:52.0859 4072 perc2hib - ok
23:45:52.0890 4072 [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay C:\WINDOWS\system32\services.exe
23:45:52.0984 4072 PlugPlay - ok
23:45:53.0000 4072 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
23:45:53.0015 4072 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:45:53.0015 4072 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:45:53.0031 4072 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:45:53.0109 4072 PolicyAgent - ok
23:45:53.0140 4072 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:45:53.0218 4072 PptpMiniport - ok
23:45:53.0218 4072 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:45:53.0312 4072 Processor - ok
23:45:53.0312 4072 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:45:53.0390 4072 ProtectedStorage - ok
23:45:53.0406 4072 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:45:53.0500 4072 PSched - ok
23:45:53.0531 4072 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:45:53.0625 4072 Ptilink - ok
23:45:53.0671 4072 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:45:53.0671 4072 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:45:53.0671 4072 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:45:53.0687 4072 ql1080 - ok
23:45:53.0703 4072 Ql10wnt - ok
23:45:53.0703 4072 ql12160 - ok
23:45:53.0718 4072 ql1240 - ok
23:45:53.0718 4072 ql1280 - ok
23:45:53.0750 4072 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:45:53.0828 4072 RasAcd - ok
23:45:53.0875 4072 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:45:53.0953 4072 RasAuto - ok
23:45:53.0968 4072 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:45:54.0062 4072 Rasl2tp - ok
23:45:54.0093 4072 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:45:54.0187 4072 RasMan - ok
23:45:54.0187 4072 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:45:54.0265 4072 RasPppoe - ok
23:45:54.0281 4072 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:45:54.0375 4072 Raspti - ok
23:45:54.0390 4072 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:45:54.0468 4072 Rdbss - ok
23:45:54.0484 4072 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:45:54.0578 4072 RDPCDD - ok
23:45:54.0609 4072 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:45:54.0687 4072 rdpdr - ok
23:45:54.0718 4072 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:45:54.0796 4072 RDPWD - ok
23:45:54.0812 4072 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:45:54.0906 4072 RDSessMgr - ok
23:45:54.0921 4072 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:45:55.0015 4072 redbook - ok
23:45:55.0046 4072 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:45:55.0125 4072 RemoteAccess - ok
23:45:55.0140 4072 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:45:55.0218 4072 RemoteRegistry - ok
23:45:55.0250 4072 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
23:45:55.0343 4072 RpcLocator - ok
23:45:55.0359 4072 [ E970C2296916BF4A2F958680016FE312 ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:45:55.0468 4072 RpcSs - ok
23:45:55.0515 4072 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:45:55.0593 4072 RSVP - ok
23:45:55.0609 4072 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
23:45:55.0687 4072 SamSs - ok
23:45:55.0734 4072 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:45:55.0812 4072 SCardSvr - ok
23:45:55.0859 4072 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:45:55.0937 4072 Schedule - ok
23:45:55.0984 4072 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
23:45:56.0000 4072 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
23:45:56.0000 4072 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
23:45:56.0015 4072 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:45:56.0093 4072 Secdrv - ok
23:45:56.0125 4072 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
23:45:56.0203 4072 seclogon - ok
23:45:56.0218 4072 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
23:45:56.0312 4072 SENS - ok
23:45:56.0328 4072 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:45:56.0406 4072 serenum - ok
23:45:56.0453 4072 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:45:56.0531 4072 Serial - ok
23:45:56.0546 4072 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:45:56.0625 4072 Sfloppy - ok
23:45:56.0656 4072 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:45:56.0734 4072 SharedAccess - ok
23:45:56.0765 4072 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:45:56.0843 4072 ShellHWDetection - ok
23:45:56.0859 4072 Simbad - ok
23:45:56.0875 4072 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:45:56.0968 4072 SLIP - ok
23:45:56.0968 4072 Sparrow - ok
23:45:57.0015 4072 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:45:57.0093 4072 splitter - ok
23:45:57.0125 4072 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:45:57.0203 4072 Spooler - ok
23:45:57.0218 4072 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:45:57.0312 4072 sr - ok
23:45:57.0328 4072 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
23:45:57.0406 4072 srservice - ok
23:45:57.0437 4072 [ 4F8A43ADEF66F135564085A9DCA96A26 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:45:57.0500 4072 Srv - ok
23:45:57.0515 4072 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:45:57.0593 4072 SSDPSRV - ok
23:45:57.0625 4072 [ 453811DDA054E871F8B397A38821C511 ] StatusAgent4 C:\WINDOWS\system32\SAgent4.exe
23:45:57.0640 4072 StatusAgent4 - ok
23:45:57.0687 4072 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:45:57.0796 4072 stisvc - ok
23:45:57.0828 4072 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:45:57.0906 4072 streamip - ok
23:45:57.0921 4072 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:45:58.0015 4072 swenum - ok
23:45:58.0031 4072 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:45:58.0109 4072 swmidi - ok
23:45:58.0109 4072 SwPrv - ok
23:45:58.0125 4072 symc810 - ok
23:45:58.0140 4072 symc8xx - ok
23:45:58.0140 4072 sym_hi - ok
23:45:58.0156 4072 sym_u3 - ok
23:45:58.0171 4072 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:45:58.0250 4072 sysaudio - ok
23:45:58.0265 4072 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:45:58.0343 4072 SysmonLog - ok
23:45:58.0359 4072 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:45:58.0468 4072 TapiSrv - ok
23:45:58.0500 4072 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:45:58.0531 4072 Tcpip - ok
23:45:58.0578 4072 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:45:58.0640 4072 TDPIPE - ok
23:45:58.0656 4072 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:45:58.0734 4072 TDTCP - ok
23:45:58.0750 4072 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:45:58.0828 4072 TermDD - ok
23:45:58.0875 4072 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
23:45:58.0984 4072 TermService - ok
23:45:59.0015 4072 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:45:59.0093 4072 Themes - ok
23:45:59.0125 4072 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:45:59.0203 4072 TlntSvr - ok
23:45:59.0218 4072 TosIde - ok
23:45:59.0234 4072 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:45:59.0312 4072 TrkWks - ok
23:45:59.0343 4072 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:45:59.0437 4072 Udfs - ok
23:45:59.0453 4072 ultra - ok
23:45:59.0468 4072 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:45:59.0593 4072 Update - ok
23:45:59.0625 4072 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:45:59.0718 4072 upnphost - ok
23:45:59.0765 4072 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
23:45:59.0843 4072 UPS - ok
23:45:59.0875 4072 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:45:59.0875 4072 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:45:59.0875 4072 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:45:59.0921 4072 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:46:00.0000 4072 usbccgp - ok
23:46:00.0015 4072 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:46:00.0093 4072 usbehci - ok
23:46:00.0125 4072 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:46:00.0218 4072 usbhub - ok
23:46:00.0234 4072 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:46:00.0312 4072 usbohci - ok
23:46:00.0343 4072 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:46:00.0421 4072 usbprint - ok
23:46:00.0453 4072 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:46:00.0531 4072 usbscan - ok
23:46:00.0562 4072 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:46:00.0656 4072 USBSTOR - ok
23:46:00.0671 4072 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:46:00.0750 4072 usb_rndisx - ok
23:46:00.0781 4072 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:46:00.0859 4072 VgaSave - ok
23:46:00.0875 4072 ViaIde - ok
23:46:00.0906 4072 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:46:00.0984 4072 VolSnap - ok
23:46:01.0015 4072 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
23:46:01.0125 4072 VSS - ok
23:46:01.0187 4072 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
23:46:01.0218 4072 vToolbarUpdater14.2.0 - ok
23:46:01.0250 4072 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
23:46:01.0343 4072 W32Time - ok
23:46:01.0375 4072 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Programme\Wajam\Updater\WajamUpdater.exe
23:46:01.0390 4072 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
23:46:01.0390 4072 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
23:46:01.0421 4072 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:46:01.0515 4072 Wanarp - ok
23:46:01.0531 4072 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:46:01.0578 4072 wceusbsh - ok
23:46:01.0593 4072 WDICA - ok
23:46:01.0625 4072 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:46:01.0703 4072 wdmaud - ok
23:46:01.0750 4072 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:46:01.0828 4072 WebClient - ok
23:46:01.0890 4072 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:46:01.0984 4072 winmgmt - ok
23:46:02.0031 4072 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:46:02.0062 4072 WmdmPmSN - ok
23:46:02.0078 4072 [ 53E1CCF332A2F40B5E08476921CD8B44 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:46:02.0171 4072 Wmi - ok
23:46:02.0203 4072 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:46:02.0296 4072 WmiApSrv - ok
23:46:02.0375 4072 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
23:46:02.0421 4072 WMPNetworkSvc - ok
23:46:02.0453 4072 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:46:02.0562 4072 WS2IFSL - ok
23:46:02.0578 4072 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:46:02.0671 4072 wscsvc - ok
23:46:02.0671 4072 WSearch - ok
23:46:02.0703 4072 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:46:02.0781 4072 WSTCODEC - ok
23:46:02.0812 4072 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:46:02.0890 4072 wuauserv - ok
23:46:02.0921 4072 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:46:02.0953 4072 WudfPf - ok
23:46:02.0968 4072 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:46:03.0000 4072 WudfRd - ok
23:46:03.0015 4072 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:46:03.0015 4072 WudfSvc - ok
23:46:03.0062 4072 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:46:03.0140 4072 WZCSVC - ok
23:46:03.0171 4072 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:46:03.0265 4072 xmlprov - ok
23:46:03.0281 4072 ================ Scan global ===============================
23:46:03.0312 4072 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:46:03.0328 4072 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
23:46:03.0328 4072 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
23:46:03.0359 4072 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINDOWS\system32\services.exe
23:46:03.0359 4072 [Global] - ok
23:46:03.0359 4072 ================ Scan MBR ==================================
23:46:03.0375 4072 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
23:46:03.0609 4072 \Device\Harddisk0\DR0 - ok
23:46:03.0609 4072 ================ Scan VBR ==================================
23:46:03.0625 4072 [ F4E3C99277F8DDB4C7281EC302BBB993 ] \Device\Harddisk0\DR0\Partition1
23:46:03.0625 4072 \Device\Harddisk0\DR0\Partition1 - ok
23:46:03.0625 4072 [ BBDD5777D139B4E81C37F97A33795A05 ] \Device\Harddisk0\DR0\Partition2
23:46:03.0656 4072 \Device\Harddisk0\DR0\Partition2 - ok
23:46:03.0703 4072 [ 113C7123A980BB46541FC850B86EEE17 ] \Device\Harddisk0\DR0\Partition3
23:46:03.0703 4072 \Device\Harddisk0\DR0\Partition3 - ok
23:46:03.0703 4072 ============================================================
23:46:03.0703 4072 Scan finished
23:46:03.0703 4072 ============================================================
23:46:03.0828 4508 Detected object count: 15
23:46:03.0828 4508 Actual detected object count: 15
23:47:00.0078 4508 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0078 4508 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0078 4508 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0078 4508 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0078 4508 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0078 4508 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0093 4508 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0093 4508 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0093 4508 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0093 4508 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0093 4508 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0093 4508 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0093 4508 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0093 4508 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0109 4508 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0109 4508 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0125 4508 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0125 4508 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:00.0125 4508 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
23:47:00.0125 4508 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:47:22.0578 6088 ============================================================
23:47:22.0578 6088 Scan started
23:47:22.0578 6088 Mode: Manual; SigCheck; TDLFS;
23:47:22.0578 6088 ============================================================
23:47:23.0093 6088 ================ Scan system memory ========================
23:47:23.0234 6088 System memory - ok
23:47:23.0250 6088 ================ Scan services =============================
23:47:23.0312 6088 [ 5244202C1F781664A2ADEA690DF15C91 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
23:47:23.0328 6088 Aavmker4 - ok
23:47:23.0343 6088 Abiosdsk - ok
23:47:23.0343 6088 abp480n5 - ok
23:47:23.0375 6088 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:47:23.0468 6088 ACPI - ok
23:47:23.0500 6088 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
23:47:23.0609 6088 ACPIEC - ok
23:47:23.0625 6088 adpu160m - ok
23:47:23.0656 6088 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:47:23.0750 6088 aec - ok
23:47:23.0781 6088 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:47:23.0796 6088 AFD - ok
23:47:23.0796 6088 Aha154x - ok
23:47:23.0812 6088 aic78u2 - ok
23:47:23.0828 6088 aic78xx - ok
23:47:23.0859 6088 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:47:23.0937 6088 Alerter - ok
23:47:23.0953 6088 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
23:47:24.0031 6088 ALG - ok
23:47:24.0031 6088 AliIde - ok
23:47:24.0078 6088 [ 58BE3C2F1AA041EA56F7305A6463035C ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:47:24.0093 6088 AmdK8 - ok
23:47:24.0109 6088 amsint - ok
23:47:24.0187 6088 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:47:24.0203 6088 Apple Mobile Device - ok
23:47:24.0234 6088 [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Programme\Application Updater\ApplicationUpdater.exe
23:47:24.0265 6088 Application Updater - ok
23:47:24.0296 6088 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:47:24.0390 6088 AppMgmt - ok
23:47:24.0390 6088 asc - ok
23:47:24.0406 6088 asc3350p - ok
23:47:24.0421 6088 asc3550 - ok
23:47:24.0484 6088 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:47:24.0500 6088 aspnet_state - ok
23:47:24.0515 6088 [ 1AFFA79D25FAB98E4FB5D7D278F23381 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:47:24.0531 6088 aswFsBlk - ok
23:47:24.0531 6088 [ 7D17C2E0834D964FA430713C1CCEA7ED ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
23:47:24.0546 6088 aswMon2 - ok
23:47:24.0578 6088 [ B868FFF3E3370340AD2D53BCA6E7870C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
23:47:24.0578 6088 aswRdr - ok
23:47:24.0625 6088 [ 11A68F123BDE9A65CCCADE64D1F1304B ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
23:47:24.0625 6088 aswSP - ok
23:47:24.0640 6088 [ 5C1BE10A74D8ECE548AFF6067D007E27 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
23:47:24.0656 6088 aswTdi - ok
23:47:24.0671 6088 aswUpdSv - ok
23:47:24.0687 6088 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:47:24.0781 6088 AsyncMac - ok
23:47:24.0796 6088 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:47:24.0890 6088 atapi - ok
23:47:24.0890 6088 Atdisk - ok
23:47:24.0906 6088 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:47:24.0984 6088 Atmarpc - ok
23:47:25.0015 6088 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:47:25.0109 6088 AudioSrv - ok
23:47:25.0140 6088 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:47:25.0250 6088 audstub - ok
23:47:25.0281 6088 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Antivirus C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:47:25.0281 6088 avast! Antivirus - ok
23:47:25.0296 6088 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Mail Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:47:25.0296 6088 avast! Mail Scanner - ok
23:47:25.0296 6088 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Web Scanner C:\Programme\Alwil Software\Avast5\AvastSvc.exe
23:47:25.0312 6088 avast! Web Scanner - ok
23:47:25.0328 6088 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
23:47:25.0343 6088 avgtp - ok
23:47:25.0359 6088 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:47:25.0468 6088 Beep - ok
23:47:25.0515 6088 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
23:47:25.0625 6088 BITS - ok
23:47:25.0703 6088 [ CAC67471B17D80DCD6770011539D706C ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
23:47:25.0703 6088 Bonjour Service - ok
23:47:25.0750 6088 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
23:47:25.0828 6088 Browser - ok
23:47:25.0890 6088 catchme - ok
23:47:25.0906 6088 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:47:26.0000 6088 cbidf2k - ok
23:47:26.0031 6088 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:47:26.0125 6088 CCDECODE - ok
23:47:26.0125 6088 cd20xrnt - ok
23:47:26.0171 6088 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:47:26.0281 6088 Cdaudio - ok
23:47:26.0312 6088 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:47:26.0390 6088 Cdfs - ok
23:47:26.0406 6088 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:47:26.0500 6088 Cdrom - ok
23:47:26.0500 6088 Changer - ok
23:47:26.0531 6088 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:47:26.0609 6088 CiSvc - ok
23:47:26.0625 6088 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:47:26.0718 6088 ClipSrv - ok
23:47:26.0750 6088 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:47:26.0750 6088 clr_optimization_v2.0.50727_32 - ok
23:47:26.0765 6088 CmdIde - ok
23:47:26.0765 6088 COMSysApp - ok
23:47:26.0781 6088 Cpqarray - ok
23:47:26.0796 6088 Crypkey License - ok
23:47:26.0812 6088 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:47:26.0890 6088 CryptSvc - ok
23:47:26.0906 6088 dac2w2k - ok
23:47:26.0906 6088 dac960nt - ok
23:47:26.0968 6088 [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:47:27.0046 6088 DcomLaunch - ok
23:47:27.0078 6088 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:47:27.0156 6088 Dhcp - ok
23:47:27.0171 6088 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:47:27.0250 6088 Disk - ok
23:47:27.0250 6088 dmadmin - ok
23:47:27.0281 6088 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:47:27.0390 6088 dmboot - ok
23:47:27.0406 6088 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:47:27.0484 6088 dmio - ok
23:47:27.0500 6088 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:47:27.0578 6088 dmload - ok
23:47:27.0609 6088 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:47:27.0687 6088 dmserver - ok
23:47:27.0703 6088 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:47:27.0781 6088 DMusic - ok
23:47:27.0796 6088 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:47:27.0875 6088 Dnscache - ok
23:47:27.0906 6088 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:47:27.0984 6088 Dot3svc - ok
23:47:28.0000 6088 dpti2o - ok
23:47:28.0031 6088 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:47:28.0109 6088 drmkaud - ok
23:47:28.0125 6088 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:47:28.0218 6088 EapHost - ok
23:47:28.0250 6088 [ 5F933159FA1E72C233905CDF25CC254A ] EPSON_PM_RPCV2_02 C:\WINDOWS\system32\E_S00RP2.EXE
23:47:28.0265 6088 EPSON_PM_RPCV2_02 - ok
23:47:28.0281 6088 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:47:28.0343 6088 ERSvc - ok
23:47:28.0390 6088 [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog C:\WINDOWS\system32\services.exe
23:47:28.0468 6088 Eventlog - ok
23:47:28.0500 6088 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
23:47:28.0531 6088 EventSystem - ok
23:47:28.0562 6088 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:47:28.0640 6088 Fastfat - ok
23:47:28.0671 6088 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:47:28.0750 6088 FastUserSwitchingCompatibility - ok
23:47:28.0765 6088 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:47:28.0843 6088 Fdc - ok
23:47:28.0859 6088 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:47:28.0937 6088 Fips - ok
23:47:28.0953 6088 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:47:29.0031 6088 Flpydisk - ok
23:47:29.0078 6088 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
23:47:29.0156 6088 FltMgr - ok
23:47:29.0234 6088 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
23:47:29.0250 6088 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
23:47:29.0250 6088 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
23:47:29.0265 6088 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:47:29.0359 6088 Fs_Rec - ok
23:47:29.0375 6088 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:47:29.0468 6088 Ftdisk - ok
23:47:29.0500 6088 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:47:29.0500 6088 GEARAspiWDM - ok
23:47:29.0531 6088 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
23:47:29.0546 6088 giveio ( UnsignedFile.Multi.Generic ) - warning
23:47:29.0546 6088 giveio - detected UnsignedFile.Multi.Generic (1)
23:47:29.0593 6088 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:47:29.0671 6088 Gpc - ok
23:47:29.0750 6088 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
23:47:29.0765 6088 gupdate - ok
23:47:29.0765 6088 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
23:47:29.0781 6088 gupdatem - ok
23:47:29.0812 6088 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
23:47:29.0828 6088 gusvc - ok
23:47:29.0875 6088 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:47:29.0953 6088 HDAudBus - ok
23:47:30.0015 6088 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:47:30.0093 6088 helpsvc - ok
23:47:30.0093 6088 HidServ - ok
23:47:30.0125 6088 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:47:30.0203 6088 HidUsb - ok
23:47:30.0234 6088 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:47:30.0312 6088 hkmsvc - ok
23:47:30.0328 6088 hpn - ok
23:47:30.0406 6088 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
23:47:30.0406 6088 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:47:30.0406 6088 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:47:30.0453 6088 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
23:47:30.0453 6088 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:47:30.0453 6088 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:47:30.0484 6088 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:47:30.0531 6088 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:47:30.0531 6088 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:47:30.0562 6088 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:47:30.0578 6088 HPZid412 - ok
23:47:30.0609 6088 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:47:30.0640 6088 HPZipr12 - ok
23:47:30.0671 6088 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:47:30.0687 6088 HPZius12 - ok
23:47:30.0734 6088 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:47:30.0828 6088 HTTP - ok
23:47:30.0859 6088 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:47:30.0937 6088 HTTPFilter - ok
23:47:30.0937 6088 i2omgmt - ok
23:47:30.0953 6088 i2omp - ok
23:47:30.0968 6088 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:47:31.0046 6088 i8042prt - ok
23:47:31.0109 6088 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:47:31.0125 6088 IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:47:31.0125 6088 IDriverT - detected UnsignedFile.Multi.Generic (1)
23:47:31.0140 6088 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:47:31.0218 6088 Imapi - ok
23:47:31.0250 6088 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
23:47:31.0343 6088 ImapiService - ok
23:47:31.0343 6088 ini910u - ok
23:47:31.0468 6088 [ 8998A1E6F899F790E5EFF9CD2C431A23 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:47:31.0593 6088 IntcAzAudAddService - ok
23:47:31.0609 6088 IntelIde - ok
23:47:31.0625 6088 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
23:47:31.0718 6088 ip6fw - ok
23:47:31.0750 6088 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:47:31.0828 6088 IpFilterDriver - ok
23:47:31.0843 6088 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:47:31.0921 6088 IpInIp - ok
23:47:31.0953 6088 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:47:32.0031 6088 IpNat - ok
23:47:32.0078 6088 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Programme\iPod\bin\iPodService.exe
23:47:32.0109 6088 iPod Service - ok
23:47:32.0125 6088 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:47:32.0203 6088 IPSec - ok
23:47:32.0218 6088 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:47:32.0312 6088 IRENUM - ok
23:47:32.0328 6088 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:47:32.0421 6088 isapnp - ok
23:47:32.0515 6088 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
23:47:32.0515 6088 JavaQuickStarterService - ok
23:47:32.0546 6088 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:47:32.0640 6088 Kbdclass - ok
23:47:32.0656 6088 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:47:32.0750 6088 kmixer - ok
23:47:32.0765 6088 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:47:32.0843 6088 KSecDD - ok
23:47:32.0875 6088 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
23:47:32.0953 6088 lanmanserver - ok
23:47:32.0968 6088 [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:47:33.0062 6088 lanmanworkstation - ok
23:47:33.0062 6088 lbrtfdc - ok
23:47:33.0093 6088 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:47:33.0187 6088 LmHosts - ok
23:47:33.0250 6088 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe
23:47:33.0265 6088 McComponentHostService - ok
23:47:33.0281 6088 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:47:33.0359 6088 Messenger - ok
23:47:33.0421 6088 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
23:47:33.0421 6088 Microsoft Office Groove Audit Service - ok
23:47:33.0453 6088 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:47:33.0546 6088 mnmdd - ok
23:47:33.0578 6088 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
23:47:33.0656 6088 mnmsrvc - ok
23:47:33.0687 6088 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:47:33.0765 6088 Modem - ok
23:47:33.0781 6088 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:47:33.0875 6088 Mouclass - ok
23:47:33.0906 6088 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:47:34.0015 6088 mouhid - ok
23:47:34.0031 6088 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:47:34.0109 6088 MountMgr - ok
23:47:34.0140 6088 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:47:34.0140 6088 MozillaMaintenance - ok
23:47:34.0171 6088 [ 1AAE79A4176A957BF2BB679812F04655 ] MR97310_USB_DUAL_CAMERA C:\WINDOWS\system32\DRIVERS\mr97310c.sys
23:47:34.0187 6088 MR97310_USB_DUAL_CAMERA - ok
23:47:34.0203 6088 mraid35x - ok
23:47:34.0218 6088 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:47:34.0296 6088 MRxDAV - ok
23:47:34.0312 6088 [ 60AE98742484E7AB80C3C1450E708148 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:47:34.0328 6088 MRxSmb - ok
23:47:34.0359 6088 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
23:47:34.0437 6088 MSDTC - ok
23:47:34.0453 6088 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:47:34.0546 6088 Msfs - ok
23:47:34.0562 6088 MSIServer - ok
23:47:34.0578 6088 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:47:34.0671 6088 MSKSSRV - ok
23:47:34.0687 6088 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:47:34.0750 6088 MSPCLOCK - ok
23:47:34.0765 6088 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:47:34.0859 6088 MSPQM - ok
23:47:34.0875 6088 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:47:34.0953 6088 mssmbios - ok
23:47:34.0968 6088 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:47:35.0062 6088 MSTEE - ok
23:47:35.0078 6088 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:47:35.0093 6088 MTsensor - ok
23:47:35.0109 6088 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:47:35.0187 6088 Mup - ok
23:47:35.0218 6088 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:47:35.0312 6088 NABTSFEC - ok
23:47:35.0343 6088 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
23:47:35.0421 6088 napagent - ok
23:47:35.0453 6088 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:47:35.0546 6088 NDIS - ok
23:47:35.0562 6088 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:47:35.0656 6088 NdisIP - ok
23:47:35.0671 6088 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:47:35.0750 6088 NdisTapi - ok
23:47:35.0781 6088 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:47:35.0859 6088 Ndisuio - ok
23:47:35.0859 6088 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:47:35.0953 6088 NdisWan - ok
23:47:35.0968 6088 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:47:36.0046 6088 NDProxy - ok
23:47:36.0078 6088 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\System32\HPZinw12.dll
23:47:36.0093 6088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:47:36.0093 6088 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:47:36.0109 6088 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:47:36.0187 6088 NetBIOS - ok
23:47:36.0203 6088 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:47:36.0281 6088 NetBT - ok
23:47:36.0312 6088 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
23:47:36.0406 6088 NetDDE - ok
23:47:36.0406 6088 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:47:36.0484 6088 NetDDEdsdm - ok
23:47:36.0515 6088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:47:36.0593 6088 Netlogon - ok
23:47:36.0625 6088 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
23:47:36.0703 6088 Netman - ok
23:47:36.0734 6088 [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX C:\WINDOWS\system32\ckldrv.sys
23:47:36.0750 6088 NetworkX ( UnsignedFile.Multi.Generic ) - warning
23:47:36.0750 6088 NetworkX - detected UnsignedFile.Multi.Generic (1)
23:47:36.0796 6088 [ ACD8BD448A74F344D46FCAF21BAB92AF ] Nla C:\WINDOWS\System32\mswsock.dll
23:47:36.0812 6088 Nla - ok
23:47:36.0890 6088 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
23:47:36.0906 6088 NMIndexingService - ok
23:47:36.0937 6088 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:47:37.0015 6088 Npfs - ok
23:47:37.0062 6088 [ F8BB9796539F8457E0D51818B7360AFF ] nSvcIp C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
23:47:37.0062 6088 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
23:47:37.0062 6088 nSvcIp - detected UnsignedFile.Multi.Generic (1)
23:47:37.0078 6088 [ A6D83894395D9A18F3CE65EDAF614271 ] nSvcLog C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
23:47:37.0078 6088 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
23:47:37.0078 6088 nSvcLog - detected UnsignedFile.Multi.Generic (1)
23:47:37.0109 6088 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:47:37.0218 6088 Ntfs - ok
23:47:37.0234 6088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
23:47:37.0312 6088 NtLmSsp - ok
23:47:37.0343 6088 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:47:37.0437 6088 NtmsSvc - ok
23:47:37.0468 6088 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:47:37.0546 6088 Null - ok
23:47:37.0671 6088 [ 70CB8915895CCB92DDF23CE890C4F5BE ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:47:37.0828 6088 nv - ok
23:47:37.0859 6088 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
23:47:37.0875 6088 nvata - ok
23:47:37.0906 6088 [ 24336267DF2A52E2785D50F41B9CF9B8 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:47:37.0921 6088 NVENETFD - ok
23:47:37.0921 6088 [ FEA32E16BD1DDA896A647A6E19216FCA ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:47:37.0953 6088 nvnetbus - ok
23:47:37.0984 6088 [ F96DF45CFBDC670584293E03C2AB602A ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:47:38.0000 6088 NVSvc - ok
23:47:38.0031 6088 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:47:38.0140 6088 NwlnkFlt - ok
23:47:38.0156 6088 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:47:38.0234 6088 NwlnkFwd - ok
23:47:38.0328 6088 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:47:38.0343 6088 odserv - ok
23:47:38.0375 6088 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:47:38.0390 6088 ose - ok
23:47:38.0437 6088 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
23:47:38.0515 6088 Parport - ok
23:47:38.0546 6088 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:47:38.0640 6088 PartMgr - ok
23:47:38.0671 6088 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:47:38.0750 6088 ParVdm - ok
23:47:38.0765 6088 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:47:38.0859 6088 PCI - ok
23:47:38.0859 6088 PCIDump - ok
23:47:38.0875 6088 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:47:38.0968 6088 PCIIde - ok
23:47:38.0984 6088 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:47:39.0078 6088 Pcmcia - ok
23:47:39.0078 6088 PDCOMP - ok
23:47:39.0093 6088 PDFRAME - ok
23:47:39.0093 6088 PDRELI - ok
23:47:39.0109 6088 PDRFRAME - ok
23:47:39.0125 6088 perc2 - ok
23:47:39.0125 6088 perc2hib - ok
23:47:39.0171 6088 [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay C:\WINDOWS\system32\services.exe
23:47:39.0250 6088 PlugPlay - ok
23:47:39.0265 6088 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\System32\HPZipm12.dll
23:47:39.0265 6088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:47:39.0265 6088 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:47:39.0281 6088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:47:39.0359 6088 PolicyAgent - ok
23:47:39.0390 6088 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:47:39.0468 6088 PptpMiniport - ok
23:47:39.0484 6088 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
23:47:39.0562 6088 Processor - ok
23:47:39.0562 6088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:47:39.0640 6088 ProtectedStorage - ok
23:47:39.0671 6088 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:47:39.0750 6088 PSched - ok
23:47:39.0781 6088 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:47:39.0875 6088 Ptilink - ok
23:47:39.0906 6088 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:47:39.0906 6088 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
23:47:39.0906 6088 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
23:47:39.0921 6088 ql1080 - ok
23:47:39.0937 6088 Ql10wnt - ok
23:47:39.0937 6088 ql12160 - ok
23:47:39.0953 6088 ql1240 - ok
23:47:39.0968 6088 ql1280 - ok
23:47:39.0968 6088 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:47:40.0062 6088 RasAcd - ok
23:47:40.0093 6088 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:47:40.0171 6088 RasAuto - ok
23:47:40.0187 6088 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:47:40.0281 6088 Rasl2tp - ok
23:47:40.0312 6088 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:47:40.0406 6088 RasMan - ok
23:47:40.0406 6088 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:47:40.0484 6088 RasPppoe - ok
23:47:40.0500 6088 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:47:40.0578 6088 Raspti - ok
23:47:40.0609 6088 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:47:40.0687 6088 Rdbss - ok
23:47:40.0703 6088 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:47:40.0781 6088 RDPCDD - ok
23:47:40.0812 6088 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:47:40.0890 6088 rdpdr - ok
23:47:40.0921 6088 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:47:41.0000 6088 RDPWD - ok
23:47:41.0015 6088 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:47:41.0109 6088 RDSessMgr - ok
23:47:41.0125 6088 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:47:41.0218 6088 redbook - ok
23:47:41.0250 6088 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:47:41.0312 6088 RemoteAccess - ok
23:47:41.0343 6088 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:47:41.0437 6088 RemoteRegistry - ok
23:47:41.0453 6088 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
23:47:41.0546 6088 RpcLocator - ok
23:47:41.0578 6088 [ E970C2296916BF4A2F958680016FE312 ] RpcSs C:\WINDOWS\System32\rpcss.dll
23:47:41.0656 6088 RpcSs - ok
23:47:41.0671 6088 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
23:47:41.0765 6088 RSVP - ok
23:47:41.0781 6088 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
23:47:41.0859 6088 SamSs - ok
23:47:41.0890 6088 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:47:41.0984 6088 SCardSvr - ok
23:47:42.0015 6088 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:47:42.0093 6088 Schedule - ok
23:47:42.0156 6088 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
23:47:42.0156 6088 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
23:47:42.0156 6088 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
23:47:42.0187 6088 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:47:42.0265 6088 Secdrv - ok
23:47:42.0281 6088 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
23:47:42.0359 6088 seclogon - ok
23:47:42.0390 6088 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
23:47:42.0468 6088 SENS - ok
23:47:42.0500 6088 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
23:47:42.0578 6088 serenum - ok
23:47:42.0625 6088 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
23:47:42.0703 6088 Serial - ok
23:47:42.0718 6088 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:47:42.0796 6088 Sfloppy - ok
23:47:42.0828 6088 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:47:42.0921 6088 SharedAccess - ok
23:47:42.0937 6088 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:47:43.0015 6088 ShellHWDetection - ok
23:47:43.0031 6088 Simbad - ok
23:47:43.0046 6088 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:47:43.0125 6088 SLIP - ok
23:47:43.0140 6088 Sparrow - ok
23:47:43.0171 6088 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:47:43.0250 6088 splitter - ok
23:47:43.0296 6088 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:47:43.0375 6088 Spooler - ok
23:47:43.0390 6088 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:47:43.0484 6088 sr - ok
23:47:43.0500 6088 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
23:47:43.0578 6088 srservice - ok
23:47:43.0609 6088 [ 4F8A43ADEF66F135564085A9DCA96A26 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:47:43.0640 6088 Srv - ok
23:47:43.0656 6088 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:47:43.0734 6088 SSDPSRV - ok
23:47:43.0781 6088 [ 453811DDA054E871F8B397A38821C511 ] StatusAgent4 C:\WINDOWS\system32\SAgent4.exe
23:47:43.0796 6088 StatusAgent4 - ok
23:47:43.0812 6088 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:47:43.0906 6088 stisvc - ok
23:47:43.0921 6088 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:47:44.0000 6088 streamip - ok
23:47:44.0015 6088 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:47:44.0093 6088 swenum - ok
23:47:44.0109 6088 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:47:44.0187 6088 swmidi - ok
23:47:44.0203 6088 SwPrv - ok
23:47:44.0218 6088 symc810 - ok
23:47:44.0218 6088 symc8xx - ok
23:47:44.0234 6088 sym_hi - ok
23:47:44.0250 6088 sym_u3 - ok
23:47:44.0250 6088 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:47:44.0328 6088 sysaudio - ok
23:47:44.0375 6088 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:47:44.0468 6088 SysmonLog - ok
23:47:44.0484 6088 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:47:44.0578 6088 TapiSrv - ok
23:47:44.0609 6088 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:47:44.0640 6088 Tcpip - ok
23:47:44.0671 6088 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:47:44.0734 6088 TDPIPE - ok
23:47:44.0750 6088 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:47:44.0828 6088 TDTCP - ok
23:47:44.0843 6088 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:47:44.0937 6088 TermDD - ok
23:47:44.0953 6088 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
23:47:45.0031 6088 TermService - ok
23:47:45.0046 6088 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:47:45.0125 6088 Themes - ok
23:47:45.0156 6088 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
23:47:45.0234 6088 TlntSvr - ok
23:47:45.0250 6088 TosIde - ok
23:47:45.0281 6088 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:47:45.0375 6088 TrkWks - ok
23:47:45.0406 6088 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:47:45.0484 6088 Udfs - ok
23:47:45.0515 6088 ultra - ok
23:47:45.0531 6088 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:47:45.0640 6088 Update - ok
23:47:45.0671 6088 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:47:45.0765 6088 upnphost - ok
23:47:45.0781 6088 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
23:47:45.0859 6088 UPS - ok
23:47:45.0890 6088 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:47:45.0890 6088 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:47:45.0890 6088 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:47:45.0921 6088 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:47:46.0000 6088 usbccgp - ok
23:47:46.0046 6088 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:47:46.0109 6088 usbehci - ok
23:47:46.0125 6088 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:47:46.0218 6088 usbhub - ok
23:47:46.0234 6088 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:47:46.0312 6088 usbohci - ok
23:47:46.0343 6088 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:47:46.0421 6088 usbprint - ok
23:47:46.0437 6088 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:47:46.0531 6088 usbscan - ok
23:47:46.0546 6088 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:47:46.0640 6088 USBSTOR - ok
23:47:46.0656 6088 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:47:46.0734 6088 usb_rndisx - ok
23:47:46.0765 6088 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:47:46.0843 6088 VgaSave - ok
23:47:46.0859 6088 ViaIde - ok
23:47:46.0890 6088 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:47:46.0968 6088 VolSnap - ok
23:47:47.0015 6088 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
23:47:47.0109 6088 VSS - ok
23:47:47.0171 6088 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
23:47:47.0203 6088 vToolbarUpdater14.2.0 - ok
23:47:47.0218 6088 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
23:47:47.0312 6088 W32Time - ok
23:47:47.0343 6088 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Programme\Wajam\Updater\WajamUpdater.exe
23:47:47.0343 6088 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
23:47:47.0343 6088 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
23:47:47.0375 6088 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:47:47.0468 6088 Wanarp - ok
23:47:47.0500 6088 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
23:47:47.0515 6088 wceusbsh - ok
23:47:47.0531 6088 WDICA - ok
23:47:47.0562 6088 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:47:47.0656 6088 wdmaud - ok
23:47:47.0703 6088 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:47:47.0781 6088 WebClient - ok
23:47:47.0843 6088 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:47:47.0921 6088 winmgmt - ok
23:47:47.0968 6088 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:47:47.0968 6088 WmdmPmSN - ok
23:47:48.0000 6088 [ 53E1CCF332A2F40B5E08476921CD8B44 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:47:48.0093 6088 Wmi - ok
23:47:48.0109 6088 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:47:48.0203 6088 WmiApSrv - ok
23:47:48.0265 6088 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
23:47:48.0312 6088 WMPNetworkSvc - ok
23:47:48.0343 6088 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:47:48.0453 6088 WS2IFSL - ok
23:47:48.0468 6088 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:47:48.0562 6088 wscsvc - ok
23:47:48.0562 6088 WSearch - ok
23:47:48.0593 6088 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:47:48.0671 6088 WSTCODEC - ok
23:47:48.0703 6088 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:47:48.0781 6088 wuauserv - ok
23:47:48.0812 6088 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:47:48.0843 6088 WudfPf - ok
23:47:48.0859 6088 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:47:48.0875 6088 WudfRd - ok
23:47:48.0890 6088 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:47:48.0906 6088 WudfSvc - ok
23:47:48.0953 6088 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:47:49.0031 6088 WZCSVC - ok
23:47:49.0062 6088 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:47:49.0140 6088 xmlprov - ok
23:47:49.0156 6088 ================ Scan global ===============================
23:47:49.0187 6088 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:47:49.0203 6088 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
23:47:49.0218 6088 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
23:47:49.0234 6088 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINDOWS\system32\services.exe
23:47:49.0234 6088 [Global] - ok
23:47:49.0234 6088 ================ Scan MBR ==================================
23:47:49.0250 6088 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
23:47:49.0468 6088 \Device\Harddisk0\DR0 - ok
23:47:49.0468 6088 ================ Scan VBR ==================================
23:47:49.0468 6088 [ F4E3C99277F8DDB4C7281EC302BBB993 ] \Device\Harddisk0\DR0\Partition1
23:47:49.0468 6088 \Device\Harddisk0\DR0\Partition1 - ok
23:47:49.0484 6088 [ BBDD5777D139B4E81C37F97A33795A05 ] \Device\Harddisk0\DR0\Partition2
23:47:49.0484 6088 \Device\Harddisk0\DR0\Partition2 - ok
23:47:49.0515 6088 [ 113C7123A980BB46541FC850B86EEE17 ] \Device\Harddisk0\DR0\Partition3
23:47:49.0515 6088 \Device\Harddisk0\DR0\Partition3 - ok
23:47:49.0515 6088 ============================================================
23:47:49.0515 6088 Scan finished
23:47:49.0515 6088 ============================================================
23:47:49.0531 5428 Detected object count: 15
23:47:49.0531 5428 Actual detected object count: 15
23:48:11.0968 5428 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0968 5428 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0968 5428 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0968 5428 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0968 5428 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0968 5428 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0968 5428 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0968 5428 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0984 5428 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0984 5428 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0984 5428 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0984 5428 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0984 5428 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0984 5428 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:11.0984 5428 NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:11.0984 5428 NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0000 5428 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0000 5428 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0000 5428 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0000 5428 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0000 5428 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0000 5428 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0000 5428 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0000 5428 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0000 5428 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0000 5428 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0015 5428 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0015 5428 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:12.0015 5428 WajamUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:12.0015 5428 WajamUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:26.0687 2948 Deinitialize success
|
|
17.05.2013, 23:29
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2013, 09:11
| #27 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber alles nacheinander gemacht alle vier logfiles haben zusammen zuviele zeichen deshalb in dieser antwort die ersten beiden 2 x otl folgen Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Sabine on 18.05.2013 at 9:29:17,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\advanced system protector_startup
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\datamngr
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetim
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sweetpacks communicator
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.incredibaresrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajam
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\i
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\incredibarapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sim-packages
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajambho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1124670
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1124670
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"
Successfully deleted: [File] "C:\end"
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\babylon"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\babylontoolbar"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\drivercure"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\incredibar.com"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\pdfforge"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\search settings"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\searchquband"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\searchqutoolbar"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\systweak"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Sabine\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Programme\advanced system protector"
Successfully deleted: [Folder] "C:\Programme\application updater"
Successfully deleted: [Folder] "C:\Programme\conduit"
Successfully deleted: [Folder] "C:\Programme\conduitengine"
Successfully deleted: [Folder] "C:\Programme\optimizer pro"
Successfully deleted: [Folder] "C:\Programme\pdfforge toolbar"
Failed to delete: [Folder] "C:\Programme\sweetim"
Successfully deleted: [Folder] "C:\Programme\wajam"
Successfully deleted: [Folder] "C:\Programme\windows ilivid toolbar"
Failed to delete: [Folder] "C:\Programme\Gemeinsame Dateien\spigot"
Failed to delete: [Folder] "C:\Programme\sweetim"
Successfully deleted: [Folder] "C:\Programme\Gemeinsame Dateien\spigot"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Programme\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Programme\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\user.js
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\browsemngr.xml
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\softonic.xml
Successfully deleted: [File] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchplugins\sweetim.xml
Failed to delete: [Folder] "C:\Programme\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\searchqutoolbar
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\extensions\ffxtlbra@softonic.com
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted the following from C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\prefs.js
user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={2F2F2864-3A2E-11E2-A226-002215B583A5}");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "Ask.com");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "7c014ff2000000000000002215b583a5");
user_pref("extensions.BabylonToolbar.instlDay", "15672");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7c014ff2000000000000002215b583a5&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:55:49");
user_pref("extensions.crossrider.bic", "13d08c74113929d446d2d6aa683bc88d");
user_pref("extensions.softonic_i.aflt", "orgnl");
user_pref("extensions.softonic_i.dfltLng", "");
user_pref("extensions.softonic_i.excTlbr", false);
user_pref("extensions.softonic_i.id", "7c014ff2000000000000002215b583a5");
user_pref("extensions.softonic_i.instlDay", "15713");
user_pref("extensions.softonic_i.instlRef", "MON00001");
user_pref("extensions.softonic_i.newTab", false);
user_pref("extensions.softonic_i.prdct", "softonic");
user_pref("extensions.softonic_i.prtnrId", "softonic");
user_pref("extensions.softonic_i.smplGrp", "eng7");
user_pref("extensions.softonic_i.tlbrId", "eng7");
user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");
user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
user_pref("extensions.softonic_i.vrsnTs", "1.5.11.510:16:34");
user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "hide");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "true");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history", "Hilmer%20%26%20Sattler%20und%20Albrecht%20berlin,%22almuth%20lahmann%22");
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{2F2F2864-3A2E-11E2-A226-002215B583A5}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\mozilla\firefox\profiles\ib66viuk.default\minidumps [5 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2013 at 9:31:03,53
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 18/05/2013 um 09:35:20 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Sabine - DAMMTOR2
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Sabine\desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
Gestoppt & Gelöscht : vToolbarUpdater14.2.0
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage
Datei Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage-journal
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Gelöscht mit Neustart : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ask
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ParetoLogic
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Premium
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Advanced System Protector
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\DesktopIconForAmazon
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\{94817c02-feac-4aa8-99d8-1cb47bf4d4c0}
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\OCS
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\ParetoLogic
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Ilivid Player
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\PackageAware
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Spesoft
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Wajam
Ordner Gelöscht : C:\Dokumente und Einstellungen\Sabine\Startmenü\Programme\Wajam
Ordner Gelöscht : C:\Programme\~BabylonToolbar
Ordner Gelöscht : C:\Programme\AVG Secure Search
Ordner Gelöscht : C:\Programme\Gemeinsame Dateien\AVG Secure Search
Ordner Gelöscht : C:\Programme\SweetIM
Ordner Gelöscht : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5c55ded8b06aba43
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BFlix
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Spesoft
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9859B910-2404-4E09-AB88-A3B221EF13AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E570101E-9BFC-46CA-A373-E1904A65CBAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\6D5877EBF540BF441A4EF35A55784451
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\6D5877EBF540BF441A4EF35A55784451
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F0356CB6-4AB7-425B-A31C-0369E0CB5E81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2487784C-3D2D-4D7D-8F6D-484C3D46D175}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEE0097C-3394-4FD7-B768-DCC7CB525DBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Spesoft Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E570101E-9BFC-46CA-A373-E1904A65CBAA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D5877EBF540BF441A4EF35A55784451
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Spesoft
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16762
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.29] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.32] : keyword = "ask.com",
Gelöscht [l.36] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=8A[...]
Gelöscht [l.37] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
*************************
AdwCleaner[S1].txt - [34100 octets] - [18/05/2013 09:35:20]
########## EOF - C:\AdwCleaner[S1].txt - [34161 octets] ##########
|
|
18.05.2013, 09:13
| #28 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber hier otl Code:
ATTFilter OTL logfile created on: 18.05.2013 09:44:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sabine\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,24% Memory free 3,85 Gb Paging File | 3,12 Gb Available in Paging File | 81,04% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS Drive E: | 208,98 Gb Total Space | 166,07 Gb Free Space | 79,47% Space Free | Partition Type: NTFS Drive F: | 207,94 Gb Total Space | 168,30 Gb Free Space | 80,94% Space Free | Partition Type: NTFS Computer Name: DAMMTOR2 | User Name: Sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Sabine\desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Programme\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.) PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\SSC Service Utility\ssc_serv.exe (SSC Localization Group) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) PRC - C:\Programme\UltimateZip 2007\uzqkst.exe (SWE von Schleusen) PRC - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION) PRC - C:\WINDOWS\system32\E_S00RP2.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Alwil Software\Avast5\defs\10022401\algo.dll () MOD - C:\Programme\Carambis\Driver Updater\duManager.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\MEshim.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\areaifdll.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESEmail.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocESEmail.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\kpries40.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll () MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so () MOD - C:\Programme\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx () MOD - C:\Programme\Kodak\Kodak EasyShare software\AddIn\VPCD.dll () MOD - C:\Programme\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) SRV - (nSvcLog) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) SRV - (ForcewareWebInterface) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (StatusAgent4) -- C:\WINDOWS\system32\SAgent4.exe (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV2_02) -- C:\WINDOWS\system32\E_S00RP2.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Sabine\LOKALE~1\Temp\catchme.sys File not found DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software) DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys () DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (MR97310_USB_DUAL_CAMERA) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{265EBA9A-C130-4BAA-8F6F-014B60FBF00E}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{382A92C5-E530-43A9-A2B1-53716E6D528F}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{77B5D489-AA1E-46F3-B829-0894F603CA57}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826696C633D313226747970653D33303233393826703D7B7365617263685465726D737D&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{87FBA927-1747-4E71-AE54-38B1ED6A01CE}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{8D93257B-F430-4DB9-982D-75B8B551F11C}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D314937475045415F6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{B54CFBAD-DB0B-474B-8CE8-EC1A517E947C}: "URL" = hxxp://ecosia.org.anonymize-me.de/?anonymto=687474703A2F2F65636F7369612E6F72672F7365617263682E7068703F713D7B7365617263685465726D737D266164646F6E3D6F70656E736561726368&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{B88F97D3-11C3-47EF-8A88-6F354CE70E95}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{C7F8243B-4CA7-49F4-BB4C-54EBD0C5C249}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\SearchScopes\{D9183F89-762A-4DE8-B258-835DF5804C4F}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=46e1322e-c60c-454f-a851-642a56ac0c80&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.12.17 15:33:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.20 14:59:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.14 18:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.16 14:17:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.12.17 15:33:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\extension@preispilot.com [2012.01.30 13:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Extensions [2013.05.18 09:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions [2012.11.29 09:59:06 | 000,111,107 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\extension@preispilot.com.xpi [2013.05.08 21:02:01 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.28 15:36:02 | 000,002,188 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\searchplugins\{2E3635DB-0AAE-4AA0-AF73-BF691D1E7C53}.xml [2012.11.28 15:36:02 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\searchplugins\{9219D445-284D-4B48-B558-B1B2FA504057}.xml [2012.11.28 15:36:02 | 000,002,077 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\ib66viuk.default\searchplugins\{EEC9D11B-334F-4739-A80E-434010CB8B91}.xml [2013.05.18 09:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.14 18:40:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2013.01.11 10:33:30 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.11 10:33:30 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.11 10:33:30 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.11.28 14:04:34 | 000,001,567 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\glarysearch.xml [2013.01.11 10:33:30 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.11 10:33:30 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.11 10:33:30 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll CHR - plugin: Wajam (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: SweetIM GC Helper (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ CHR - Extension: AVG Security Toolbar = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ CHR - Extension: AVG Security Toolbar = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\ O1 HOSTS File: ([2013.05.16 20:24:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-484763869-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SSC Service Utility] C:\Programme\SSC Service Utility\ssc_serv.exe (SSC Localization Group) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-484763869-838170752-725345543-1003..\Run: [Aquzpal] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Cisye\xyetv.exe" File not found O4 - HKU\S-1-5-21-484763869-838170752-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-484763869-838170752-725345543-1003..\Run: [Driver Updater] C:\Programme\Carambis\Driver Updater\dupdater.exe (Media Fog Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audible Download Manager.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Scanner Monitor.lnk = C:\WINDOWS\twain_32\EPEM\EPSONEM.EXE (SEIKO EPSON CORP.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) O4 - Startup: C:\Dokumente und Einstellungen\Sabine\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Sabine\Startmenü\Programme\Autostart\UltimateZip Quick Start.lnk = C:\Programme\UltimateZip 2007\uzqkst.exe (SWE von Schleusen) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-484763869-838170752-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD659856-C28E-49DA-A7AA-FC4D6E62E1BB}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.09 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.18 08:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.05.18 08:42:33 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.18 08:39:51 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Sabine\Desktop\JRT.exe [2013.05.17 23:43:19 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Sabine\Desktop\tdsskiller.exe [2013.05.17 23:11:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.exe [2013.05.17 07:38:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.05.16 21:58:41 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.16 21:58:41 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.16 20:16:26 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.16 20:05:11 | 005,066,411 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Sabine\Desktop\ComboFix.exe [2013.05.12 22:28:14 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.05.12 22:25:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.05.12 22:25:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.05.12 22:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.05.12 22:25:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.05.12 22:25:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.12 22:24:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.05.08 20:14:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sabine\Startmenü\Programme\CleanUp! [2013.05.08 20:14:25 | 000,000,000 | ---D | C] -- C:\Programme\CleanUp! [2013.05.08 14:35:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\PDF24 [2013.05.08 14:34:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\pdf24 [2013.05.08 08:50:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sabine\Desktop\OTL.exe [2013.05.07 19:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sabine\Desktop\Neuer Ordner [2013.04.24 07:27:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuarkXPress Passport [2013.04.24 07:27:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Color [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.18 09:43:47 | 000,495,021 | ---- | M] () -- C:\logfile [2013.05.18 09:38:21 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-838170752-725345543-1003.job [2013.05.18 09:38:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-838170752-725345543-1003.job [2013.05.18 09:38:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.05.18 09:37:45 | 000,193,759 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.05.18 09:37:44 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.05.18 09:37:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.05.18 09:34:09 | 000,632,031 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\adwcleaner.exe [2013.05.18 08:58:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.05.18 08:39:51 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Sabine\Desktop\JRT.exe [2013.05.17 23:43:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Sabine\Desktop\tdsskiller.exe [2013.05.17 23:42:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat [2013.05.17 23:12:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.exe [2013.05.17 19:43:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat [2013.05.17 16:34:03 | 000,184,798 | ---- | M] () -- C:\WINDOWS\System32\AdobeFnt.lst [2013.05.17 14:31:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013.05.17 07:34:41 | 012,917,756 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\mbar-1.05.0.1001.zip [2013.05.17 05:34:29 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p10].bmp [2013.05.17 05:34:26 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p09].bmp [2013.05.17 05:34:22 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p08].bmp [2013.05.17 05:34:18 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p07].bmp [2013.05.17 05:34:14 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p06].bmp [2013.05.17 05:34:11 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p05].bmp [2013.05.17 05:34:07 | 002,529,622 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p04].bmp [2013.05.16 22:34:59 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\gmer_2.1.19163.exe [2013.05.16 21:58:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.05.16 21:58:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.05.16 20:24:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.05.16 20:05:39 | 005,066,411 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Sabine\Desktop\ComboFix.exe [2013.05.14 19:31:48 | 000,440,160 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.05.14 19:31:48 | 000,400,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.05.14 19:31:48 | 000,083,462 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.05.14 19:31:48 | 000,060,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.05.12 22:28:17 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2013.05.09 07:13:47 | 005,976,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\kunstoffen_2013flyer_vp.pdf [2013.05.08 20:13:35 | 000,339,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\CleanUp452.exe [2013.05.08 14:35:00 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk [2013.05.08 14:35:00 | 000,001,480 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk [2013.05.08 08:50:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sabine\Desktop\OTL.exe [2013.05.07 19:26:44 | 000,001,892 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.07 19:26:44 | 000,001,821 | ---- | M] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\Avira DE-Cleaner.lnk [2013.05.07 11:18:10 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2013.05.07 11:14:44 | 000,000,020 | ---- | M] () -- C:\WINDOWS\hppsapp.INI [2013.04.24 07:27:54 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuarkXPress 5.0.lnk [2013.04.19 11:36:29 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.18 09:34:09 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\adwcleaner.exe [2013.05.17 23:42:22 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat [2013.05.17 07:34:24 | 012,917,756 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\mbar-1.05.0.1001.zip [2013.05.17 05:34:27 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p10].bmp [2013.05.17 05:34:24 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p09].bmp [2013.05.17 05:34:21 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p08].bmp [2013.05.17 05:34:16 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p07].bmp [2013.05.17 05:34:13 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p06].bmp [2013.05.17 05:34:10 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p05].bmp [2013.05.17 05:34:06 | 002,529,622 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\[j0002]-[p04].bmp [2013.05.16 22:34:59 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\gmer_2.1.19163.exe [2013.05.12 22:28:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2013.05.12 22:28:14 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.05.12 22:25:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.05.12 22:25:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.05.12 22:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.05.12 22:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.05.12 22:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.05.09 07:13:47 | 005,976,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\kunstoffen_2013flyer_vp.pdf [2013.05.08 20:13:35 | 000,339,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\CleanUp452.exe [2013.05.08 14:35:00 | 000,001,495 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk [2013.05.08 14:35:00 | 000,001,480 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Fax.lnk [2013.05.07 19:26:44 | 000,001,892 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.07 19:26:44 | 000,001,821 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\Avira DE-Cleaner.lnk [2013.04.24 07:27:54 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuarkXPress 5.0.lnk [2013.04.08 21:03:16 | 000,010,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\99098886_elster_2048.pfx [2013.03.03 11:29:01 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.11.29 15:57:16 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe [2012.11.29 00:04:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat [2012.11.29 00:03:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2012.11.29 00:03:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2012.11.29 00:03:31 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2012.11.29 00:03:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2012.11.29 00:03:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2012.11.29 00:03:28 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll [2012.11.28 15:36:17 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2012.11.01 18:05:16 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini [2012.06.16 09:41:19 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2010.12.17 10:05:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\$_hpcst$.hpc [2010.01.08 13:31:43 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2008.12.31 11:42:22 | 007,652,285 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\2009 [2008.12.10 06:55:44 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2008.11.12 20:50:28 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\default.pls [2008.11.09 18:47:29 | 000,053,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.11.09 18:08:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2008.04.14 08:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.05.2013 09:44:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sabine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,24% Memory free
3,85 Gb Paging File | 3,12 Gb Available in Paging File | 81,04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 15,39 Gb Free Space | 31,52% Space Free | Partition Type: NTFS
Drive E: | 208,98 Gb Total Space | 166,07 Gb Free Space | 79,47% Space Free | Partition Type: NTFS
Drive F: | 207,94 Gb Total Space | 168,30 Gb Free Space | 80,94% Space Free | Partition Type: NTFS
Computer Name: DAMMTOR2 | User Name: Sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Programme\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05E11ACD-08F9-4A49-8FF8-697144DDC3DE}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1CE8E6EB-3077-4E90-9C53-28B7015231D9}" = Google SketchUp Pro 8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388887F6-0661-4C80-B272-A6A23EFC7A31}" = MY CAMERA
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext
"{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series
"{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced File Optimizer_is1" = Advanced File Optimizer
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast5" = avast! Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1212
"CleanUp!" = CleanUp!
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"ElsterFormular" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC86 Softwarehandbuch" = ESC86 Softwarehandbuch
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Spesoft Image Converter_is1" = Spesoft Image Converter 2.70
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair
"UltimateZip 2007_is1" = UltimateZip 2007
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E97552A-D0D2-47E3-B4A0-82E5A57A4198}_is1" = Bild Albelli Fotoservice
"Dropbox" = Dropbox
"JDownloader Download Manager Packages" = JDownloader Download Manager Packages
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 11.03.2009 09:30:16 | Computer Name = DAMMTOR2 | Source = avast! | ID = 33554522
Description =
Error - 27.08.2009 04:27:09 | Computer Name = DAMMTOR2 | Source = avast! | ID = 33554522
Description =
Error - 20.01.2010 06:48:27 | Computer Name = DAMMTOR2 | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 08:31:01 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 09:58:40 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 17.05.2013 09:48:57 | Computer Name = DAMMTOR2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.16762, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ Application Events ]
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:07 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 05:13:08 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 08:31:01 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 14.05.2013 09:58:40 | Computer Name = DAMMTOR2 | Source = nview_info | ID = 11141121
Description =
Error - 17.05.2013 09:48:57 | Computer Name = DAMMTOR2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.16762, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ OSession Events ]
Error - 19.01.2009 17:53:40 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 55000
seconds with 300 seconds of active time. This session ended with a crash.
Error - 01.04.2009 17:17:16 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11494
seconds with 240 seconds of active time. This session ended with a crash.
Error - 20.07.2011 17:10:48 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 19928 seconds with 420 seconds of active time. This session ended with a
crash.
Error - 20.07.2011 17:11:28 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39425
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.09.2011 15:54:23 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2033
seconds with 60 seconds of active time. This session ended with a crash.
Error - 17.08.2012 10:12:42 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19177
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.01.2013 11:56:55 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 39293
seconds with 3120 seconds of active time. This session ended with a crash.
Error - 18.05.2013 02:43:20 | Computer Name = DAMMTOR2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8545
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.05.2013 07:36:24 | Computer Name = DAMMTOR2 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Office Outlook - Memoformat, im Besitz von
Sabine, konnte nicht auf dem Drucker HP Officejet 6000 E609a Series gedruckt werden.
Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 55072. Anzahl der
gedruckten Bytes: 55072. Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten
Seiten: 4. Clientcomputer: \\DAMMTOR2. Vom Druckprozessor zurückgelieferter Win32-Fehlercode:
0 (0x0).
Error - 16.05.2013 11:11:21 | Computer Name = DAMMTOR2 | Source = SideBySide | ID = 16842784
Description = Abhängige Assemblierung "Microsoft.VC90.DebugCRT" konnte nicht gefunden
werden. "Last Error": Die referenzierte Assemblierung ist nicht auf dem Computer
installiert.
Error - 16.05.2013 11:11:21 | Computer Name = DAMMTOR2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.VC90.DebugCRT fehlgeschlagen.
Referenzfehlermeldung:
Die referenzierte Assemblierung ist nicht auf dem Computer installiert. .
Error - 16.05.2013 11:11:21 | Computer Name = DAMMTOR2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Real\RealPlayer\plugins\rmxrend.dll
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 16.05.2013 11:43:56 | Computer Name = DAMMTOR2 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Office Outlook - Memoformat, im Besitz von
Sabine, konnte nicht auf dem Drucker HP Officejet 6000 E609a Series gedruckt werden.
Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 327680. Anzahl
der gedruckten Bytes: 327680. Gesamtanzahl der Seiten des Dokuments: 5. Anzahl der
gedruckten Seiten: 10. Clientcomputer: \\DAMMTOR2. Vom Druckprozessor zurückgelieferter
Win32-Fehlercode: 0 (0x0).
Error - 16.05.2013 14:16:16 | Computer Name = DAMMTOR2 | Source = Service Control Manager | ID = 7034
Description = Dienst "SearchAnonymizer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.05.2013 14:17:57 | Computer Name = DAMMTOR2 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "EPSON V3 Service2(02)" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 16.05.2013 23:34:52 | Computer Name = DAMMTOR2 | Source = Print | ID = 6161
Description = Das Dokument Microsoft Office Outlook - Memoformat, im Besitz von
Sabine, konnte nicht auf dem Drucker HP Officejet 6000 E609a Series gedruckt werden.
Datentyp: NT EMF 1.008. Größe der Warteschlangendatei in Bytes: 327680. Anzahl
der gedruckten Bytes: 327680. Gesamtanzahl der Seiten des Dokuments: 10. Anzahl
der gedruckten Seiten: 20. Clientcomputer: \\DAMMTOR2. Vom Druckprozessor zurückgelieferter
Win32-Fehlercode: 0 (0x0).
Error - 18.05.2013 02:43:01 | Computer Name = DAMMTOR2 | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Updater" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 18.05.2013 02:44:51 | Computer Name = DAMMTOR2 | Source = Service Control Manager | ID = 7034
Description = Dienst "WajamUpdater" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report >
|
|
19.05.2013, 01:46
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauberFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>;*.local
O4 - HKU\S-1-5-21-484763869-838170752-725345543-1003..\Run: [Aquzpal] "C:\Dokumente und Einstellungen\Sabine\Anwendungsdaten\Cisye\xyetv.exe" File not found
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll
CHR - plugin: Wajam (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
[2013.05.17 23:12:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Sabine\Desktop\aswMBR.exe
[2013.05.18 09:34:09 | 000,632,031 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\adwcleaner.exe
[2013.05.17 23:42:22 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\MBR.dat
[2013.05.17 07:34:24 | 012,917,756 | ---- | C] () -- C:\Dokumente und Einstellungen\Sabine\Desktop\mbar-1.05.0.1001.zip
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2013, 05:39
| #30 |
| | TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber habe ich gemacht Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-484763869-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Aquzpal deleted successfully.
File C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll not found.
File C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.
File C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll not found.
C:\Dokumente und Einstellungen\Sabine\desktop\aswMBR.exe moved successfully.
C:\Dokumente und Einstellungen\Sabine\desktop\adwcleaner.exe moved successfully.
C:\Dokumente und Einstellungen\Sabine\desktop\MBR.dat moved successfully.
C:\Dokumente und Einstellungen\Sabine\desktop\mbar-1.05.0.1001.zip moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Sabine\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Sabine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119137 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Sabine
->Temp folder emptied: 732872571 bytes
->Temporary Internet Files folder emptied: 20469307 bytes
->Java cache emptied: 175537 bytes
->FireFox cache emptied: 156513583 bytes
->Google Chrome cache emptied: 40206032 bytes
->Apple Safari cache emptied: 1662976 bytes
->Flash cache emptied: 25393162 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 14939776 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 179483 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 947,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05192013_063140
Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Sabine\Lokale Einstellungen\Temp\WCESLog.log moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu TR/Dropper.gen5 durch avira gefunden und gelöscht. ist mein rechner jetzt sauber |
| .dll, avast, avira, browser, e-banking, einstellungen, explorer.exe, lsass.exe, modul, namen, pdf, programm, prozesse, registry, rundll, scan, services.exe, starten, svchost.exe, temp, tr/dropper.gen, trojaner, virus, windows, winlogon.exe |
Textbox. 
Linear-Darstellung
