Trojaner-Board - Weiterleitung auf falsche Seiten (Suchmaschinen)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Weiterleitung auf falsche Seiten (Suchmaschinen) (https://www.trojaner-board.de/114327-weiterleitung-falsche-seiten-suchmaschinen.html)

Weiterleitung auf falsche Seiten (Suchmaschinen)

Hallo,

ich werde seit einigen Monaten schon, wenn ich bei Google oder anderen Suchmaschinen suche, bei klicken auf die angezeigten Links auf andere Seiten weitergeleitet.

Vielen Dank für Hilfe!

.DDS Logfile
DDS Logfile:
DDS Logfile:
DDS Logfile:

Code:

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_23

Run by *** at 14:00:49 on 2012-04-29

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2009.1089 [GMT 2:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Programme\Synaptics\SynTP\SynTPEnh.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\CyberLink\YouCam\YouCamTray.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchospt.exe

C:\Programme\Ask.com\Updater\Updater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programme\ICQ7.6\ICQ.exe

C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Programme\Netzmanager\netzmanager.exe

C:\Programme\ICQ6Toolbar\ICQ Service.exe

C:\Programme\Avira\AntiVir Desktop\avshadow.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

C:\Programme\Cyberlink\Shared files\RichVideo.exe

C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

C:\WINDOWS\system32\svchosptd.exe

C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.t-online.de

uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll

uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll

uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\programme\conduitengine\ConduitEngin0.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll

BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Toolbar 3.0 der Telekom Browserhilfsobjekt: {c9603180-fa5c-4db0-a013-adc60309af82} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll

BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programme\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: ICQ Sparberater: {fe163f11-1919-4257-a280-ff5af8daeecb} - c:\programme\icq\internet explorer\icq.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsof2.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\programme\dvdvideosofttb\tbDVD2.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programme\windows live\toolbar\wltcore.dll

TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll

TB: Toolbar 3.0 der Telekom: {2015c8d4-8534-48db-b5fb-5c76291f080c} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ICQ] "c:\programme\icq7.6\ICQ.exe" silent loginmode=4

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [SoundMan] SOUNDMAN.EXE

mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe

mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min

mRun: [<NO NAME>] 

mRun: [YouCam Mirror Tray icon] "c:\programme\cyberlink\youcam\YouCamTray.exe" /s

mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"

mRun: [svchospt] c:\windows\system32\svchospt.exe

mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"

mRun: [ApnUpdater] "c:\programme\ask.com\updater\Updater.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\dokume~1\marina~1\startm~1\progra~1\autost~1\meined~1.lnk - c:\programme\telekom\meine dienste\StartMeineDienste.exe

StartupFolder: c:\dokume~1\marina~1\startm~1\progra~1\autost~1\netzma~1.lnk - c:\programme\netzmanager\netzmanager.exe

StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\mcafee~1.lnk - c:\programme\mcafee security scan\2.0.181\SSScheduler.exe

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\marina welsch\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm

IE: In Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\mi69df~1\office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\icq7.6\ICQ.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programme\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi69df~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi69df~1\office12\REFIEBAR.DLL

IE: {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - c:\programme\deutsche telekom\toolbar3\ToToolbar.dll

LSP: c:\programme\avira\antivir desktop\avsda.dll

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E2C6327C-ACC1-4B9B-80A3-5C0F5B76D61C} : DhcpNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\dokumente und einstellungen\marina welsch\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www3.k-tv.org/programm

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll

FF - component: c:\dokumente und einstellungen\marina welsch\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko5.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko6.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko7.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko8.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko5.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko7.dll

FF - component: c:\dokumente und einstellungen\***\anwendungsdaten\mozilla\firefox\profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko8.dll

FF - component: c:\programme\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\programme\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programme\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\programme\microsoft\office live\npOLW.dll

FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\programme\homecinema\playmovie\000.fcl [2010-4-26 41456]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2010-2-27 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-2-27 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\avira\antivir desktop\avwebgrd.exe [2011-6-28 428200]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-18 54760]

R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2011-10-28 247872]

R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\netzmanager\nminfrais2\Netzmanager_Service.exe [2011-10-24 2565632]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\homecinema\tv enhance\kernel\tv\TVECapSvc.exe [2010-4-26 290909]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\homecinema\tv enhance\kernel\tv\TVESched.exe [2010-4-26 114779]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 84240]

R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\programme\netzmanager\nminfrais2\driver\TelekomNM3.sys [2010-9-16 35040]

S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-2-27 135664]

S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-2-27 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-4-29 129976]

S3 WisLMSvc;WisLMSvc;c:\programme\launch manager\WisLMSvc.exe [2010-2-27 118784]

.

=============== Created Last 30 ================

.

2012-04-04 05:53:56        182160        ----a-w-        c:\programme\mozilla firefox\plugins\nppdf32.dll

2012-04-04 05:53:56        182160        ----a-w-        c:\programme\internet explorer\plugins\nppdf32.dll

2012-04-03 11:40:00        --------        d-----w-        c:\windows\system32\Adobe

.

==================== Find3M  ====================

.

2012-03-01 11:51:13        457336        ----a-w-        c:\windows\system32\MDS_Uninstall.exe

.

============= FINISH: 14:01:20,31 ===============

--- --- ---

--- --- ---

--- --- ---

--- --- ---

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27.02.2010 12:51:44
System Uptime: 27.04.2012 14:08:19 (48 hours ago)
.
Motherboard: FUJITSU SIEMENS | | D48
Processor: Intel Pentium III Xeon-Prozessor | U2E1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 123,028 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 29.02.2012 05:28:34 - Systemprüfpunkt
RP44: 01.03.2012 08:49:00 - Systemprüfpunkt
RP45: 08.03.2012 10:43:21 - Systemprüfpunkt
RP46: 23.03.2012 13:35:30 - Systemprüfpunkt
RP47: 03.04.2012 19:55:02 - Systemprüfpunkt
RP48: 09.04.2012 21:12:55 - Systemprüfpunkt
RP49: 10.04.2012 21:56:28 - Systemprüfpunkt
RP50: 13.04.2012 09:05:37 - Systemprüfpunkt
RP51: 15.04.2012 11:06:23 - Systemprüfpunkt
RP52: 17.04.2012 06:52:54 - Systemprüfpunkt
RP53: 19.04.2012 15:12:44 - Systemprüfpunkt
RP54: 28.04.2012 13:46:09 - Systemprüfpunkt
.
==== Installed Programs ======================
.
Adobe Acrobat 7.0 Professional - English, Français, Deutsch
Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
Alle meine Passworte 3.15
Amazon MP3-Downloader 1.0.9
AnyDVD
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
Canon CanoScan Toolbox 4.9
Canon PIXMA iP4000
Canon PIXMA iP4000R
CCleaner
CDBurnerXP
CloneCD
CloneDVD2
CyberLink YouCam
DVDVideoSoftTB Toolbar
EssentialPIM
Free Audio CD Burner version 1.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hardlock Device Driver
High Definition Audio - KB888111
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB979306)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
IBM ViaVoice Outloud Runtime - Deutsch
IBM ViaVoice Outloud Runtime - US English
ICQ Sparberater
ICQ Toolbar
ICQ7.6
ImagXpress
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 23
JMicron JMB38X Flash Media Controller
JPGCOMPRESS Version 1.0
Junk Mail filter update
Klebezettel NG (Version 2.9.5)
Launch Manager V1.4.9
MAGIX Slideshow Maker 1.0.1.3 (D)
MakeDisc
Manual CanoScan LiDE 500F
McAfee Security Scan Plus
MCE Software Encoder 1.1
MediaShow
Meine Dienste Software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (German) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Web Publishing Wizard 1.53
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
neroxml
Netzmanager
OmniPage SE
PhotoNow! 1.0
PL-2303 USB-to-Serial
Play Movie
PowerDirector
PowerDVD
PowerProducer
ProcessStudio
PT-TMX Converter
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978706)
Skype Click to Call
Skype™ 5.5
softonic-de3 Toolbar
SQL Server System CLR Types
swMSM
Synaptics Pointing Device Driver
SystemDiagnostics
Toolbar 3.0 der Telekom
TV Enhance
UBitMenuDE
Uniblue RegistryBooster
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB978506)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows XP Service Pack 3
WinFACT 98
XML Paper Specification Shared Components Language Pack 1.0
.
==== End Of File ===========================

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-29 17:33:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC64G
Running: 8ojxje1e.exe; Driver: C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys

---- System - GMER 1.0.15 ----

SSDT BA6C25F6 ZwCreateKey
SSDT BA6C25EC ZwCreateThread
SSDT BA6C25FB ZwDeleteKey
SSDT BA6C2605 ZwDeleteValueKey
SSDT BA6C260A ZwLoadKey
SSDT BA6C25D8 ZwOpenProcess
SSDT BA6C25DD ZwOpenThread
SSDT BA6C2614 ZwReplaceKey
SSDT BA6C260F ZwRestoreKey
SSDT BA6C2600 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA71F8400, 0x6EB98, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7282C20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7282C20]
.protectÿÿÿÿhardlockunknown last code section [0xA7282A00, 0x50CA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA7282A00, 0x50CA, 0xE0000020]
C:\Programme\HomeCinema\PlayMovie\000.fcl entry point in "" section [0xA6EA3000]
.clc C:\Programme\HomeCinema\PlayMovie\000.fcl unknown last section [0xA6EA4000, 0x1000, 0x00000000]
C:\Programme\HomeCinema\PowerDVD\000.fcl entry point in "" section [0xA6EA3000]
.clc C:\Programme\HomeCinema\PowerDVD\000.fcl unknown last section [0xA6EA4000, 0x1000, 0x00000000]
? C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Ganz herzlichen Dank!
Ich habe mal begonnen mit dem Vollscan mit malewarebytes (Rest folgt später):

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Code:

Datenbank Version: v2012.04.30.07
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Marina Welsch :: MARINA_NB [Administrator]
 

30.04.2012 20:27:08

mbam-log-2012-04-30 (20-27-08).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 302761

Laufzeit: 2 Stunde(n), 36 Minute(n), 7 Sekunde(n)
 

Infizierte Speicherprozesse: 1

C:\WINDOWS\system32\svchosptd.exe (Trojan.Agent) -> 2380 -> Löschen bei Neustart.
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\WINDOWS\system32\svchosptd.exe (Trojan.Agent) -> Löschen bei Neustart.

C:\WINDOWS\system32\FM20ENUD.dll (Trojan.FakeMS.VxGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Ich führe egrade den ESET-Scan durch, aber möchte schonmal anmerken, dass das Problem bereits behoben scheint. Bei Google werden wieder die richtigen Seiten angezeigt...

Vielen Dank schonmal!!!

Hier das Ergebnis vom ESET-Scan.
Problem ist aber bereits behoben.
Eine Anmerkung noch: Im Ergebnis vom malewarebytes oben wird mein vollständiger Name angezeigt, was ich leider erst zu spät bemerkt habe. Wäre super, wenn Du den Nachnamen vielleicht unkenntlich machen könntest...? Vielen Dank!

Also:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fa8d7f3944651542946c5c5d6e744e4e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-01 07:47:21

# local_time=2012-05-01 09:47:21 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775165 100 94 2709 101333544 56311 0

# compatibility_mode=8192 67108863 100 0 337 337 0 0

# scanned=102389

# found=11

# cleaned=11

# scan_time=6694

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader37850.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader75706.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader84394.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_parents-friend.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_windows-live-movie-maker.exe        a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21655.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21698.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21699.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21700.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21701.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21706.exe        Win32/RegistryBooster application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

Zitat:

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\SoftonicDownloader_fuer_windows-live-movie-maker.exe a variant of Win32/SoftonicDownloader.A application

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Zitat:

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21655.exe Win32/RegistryBooster application (cleaned by deleting - quarantined)

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo!

Also, nach meinem laienhaften Auge zufolge läuft alles normal.
Jetzt, wo ich schaue: Ja, bei "Alle Programme" sind leere Ordner:

Windows Press
Windows Visual Studio
PL-2303 USB-Serial Driver
Microsoft Web Publishing

Ach ja, seit gestern funktioniert mein W-Lan-Schalter nicht mehr (nachdem mein Notebook abgestürzt ist), irgendwann kam dann eine Meldung "Netzwerkhardware entfernt", aber der Netzwerkadapter wird jetzt wieder als erkannt angezeigt. Es wird aber kein Netzwerk gefunden, obwohl natürlich welche da sind. Und der W-Lan-Schalter leuchtet nicht mehr und geht auch mit der normalen Taste nicht mehr an...
Naja, vielleicht gehört das nicht in dieses Forum... ist zufälligerweise auch erst seit gestern.

Ich bin jetzt vorerst 7-10 Tage nicht da.

Grüße!

P.S. Ich weiß gar nicht, was ein "Registry Cleaner" ist :rolleyes:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 30.05.2012 14:45:37 - Run 2

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,96 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 55,75% Memory free

3,25 Gb Paging File | 2,52 Gb Available in Paging File | 77,48% Paging File free

Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 122,33 Gb Free Space | 82,08% Space Free | Partition Type: NTFS

Drive D: | 86,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: MARINA_NB | User Name: Marina *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.30 14:42:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\OTL(1).exe

PRC - [2011.11.10 17:30:05 | 014,000,128 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe

PRC - [2011.10.28 19:16:21 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.6\ICQ.exe

PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe

PRC - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

PRC - [2011.06.28 20:11:11 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.06.28 20:11:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.05.09 14:48:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.07.08 21:58:26 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Programme\Cyberlink\YouCam\YouCamTray.exe

PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

PRC - [2009.02.01 14:36:46 | 000,954,368 | -H-- | M] (FK2) -- C:\WINDOWS\system32\svchospt.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

PRC - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

PRC - [2006.07.21 16:14:36 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe

PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

MOD - [2010.10.19 09:31:39 | 000,159,744 | ---- | M] () -- C:\Programme\Netzmanager\NMInfraIS2\Driver\SoftPlugLib.dll

MOD - [2010.02.27 19:24:42 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll

MOD - [2010.02.27 19:24:34 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll

MOD - [2010.02.27 19:24:34 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll

MOD - [2010.02.27 19:24:28 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll

MOD - [2010.02.27 19:24:25 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll

MOD - [2010.02.27 19:23:34 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll

MOD - [2010.02.27 19:23:31 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll

MOD - [2010.02.27 19:23:23 | 000,255,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll

MOD - [2010.02.27 19:23:18 | 017,313,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll

MOD - [2010.02.27 19:22:57 | 002,338,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll

MOD - [2010.02.27 19:22:53 | 001,056,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll

MOD - [2010.02.27 17:27:56 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll

MOD - [2010.02.27 17:27:47 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll

MOD - [2010.02.27 17:27:32 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll

MOD - [2010.02.27 17:27:20 | 006,614,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll

MOD - [2010.02.27 17:27:15 | 002,294,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll

MOD - [2010.02.27 17:27:08 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll

MOD - [2010.02.27 17:27:06 | 014,320,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll

MOD - [2010.02.27 17:26:50 | 012,213,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll

MOD - [2010.02.27 17:26:38 | 003,311,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll

MOD - [2010.02.27 17:26:32 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll

MOD - [2010.02.27 17:26:26 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll

MOD - [2010.02.27 17:24:54 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.02.27 17:24:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll

MOD - [2010.02.27 17:24:53 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll

MOD - [2010.02.27 17:24:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2010.02.27 17:21:57 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010.02.27 17:21:54 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2010.02.27 17:21:52 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2010.01.28 12:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

MOD - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

MOD - [2007.10.15 21:57:56 | 000,339,968 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll

MOD - [2007.10.15 21:57:56 | 000,094,208 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchRecordMonitor.dll

MOD - [2007.10.15 21:57:36 | 000,245,858 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll

MOD - [2007.10.15 21:57:36 | 000,114,780 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll

MOD - [2007.10.15 21:57:36 | 000,032,768 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll

MOD - [2006.01.12 22:20:48 | 001,265,664 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\adistres.DEU

MOD - [2005.11.27 21:07:30 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\CoolXPCombo.ocx

MOD - [2005.11.27 21:07:12 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\CoolXPButton.ocx

MOD - [2005.11.27 21:06:54 | 000,360,448 | ---- | M] () -- C:\WINDOWS\system32\CoolXPLabel.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)

SRV - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2011.06.28 20:11:11 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2011.06.28 20:11:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.05.09 14:48:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.02.27 18:10:28 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)

SRV - [2008.04.14 04:22:32 | 000,080,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)

SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2007.10.15 21:58:02 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)

SRV - [2007.10.15 21:58:02 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))

SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2011.06.28 20:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)

DRV - [2010.04.28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2010.04.05 11:25:03 | 000,019,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2009.12.17 07:10:54 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

DRV - [2009.12.17 07:10:52 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)

DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.06.27 16:40:18 | 001,315,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008.04.11 17:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2008.03.26 18:37:26 | 004,713,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008.01.03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007.10.11 12:21:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2007.10.09 16:14:56 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})

DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2005.05.03 17:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2004.09.29 00:40:58 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2004.08.04 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2004.08.04 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

 

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}: "URL" = hxxp://dict.leo.org/frde?lp=frde&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}: "URL" = hxxp://dict.leo.org/esde?lp=esde&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}: "URL" = hxxp://dict.leo.org/ende?lp=ende&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}: "URL" = hxxp://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www3.k-tv.org/programm"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.9

FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.667

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442

FF - prefs.js..extensions.enabledItems: totbff01@telekom.de:3.0.38

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.29 12:07:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.29 12:03:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2012.05.30 13:33:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins

 

[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Extensions

[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}

[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions

[2012.04.29 18:04:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.08.02 21:33:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.05.21 09:21:57 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2012.01.12 10:49:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com

[2012.03.21 09:42:34 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de

[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions

[2012.03.21 10:07:31 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml

[2011.02.11 20:11:22 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml

[2010.10.03 07:25:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml

[2012.03.21 10:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml

[2012.05.26 15:44:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml

[2011.11.24 08:46:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml

[2012.01.12 10:50:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml

[2012.03.21 10:54:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml

[2012.04.29 12:08:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml

[2011.11.15 02:26:15 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml

[2012.03.21 10:07:31 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\leo-franzsisch.xml

[2012.03.21 10:07:31 | 000,002,099 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\leo-spanisch.xml

[2012.03.21 10:07:38 | 000,001,207 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\t-onlinede-portalsuche.xml

[2012.03.21 10:07:38 | 000,001,810 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\t-onlinede-websuche.xml

[2012.04.29 12:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.02 14:32:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\3.0.40624.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: ICQ Sparberater = C:\Dokumente und Einstellungen\Marina Welsch\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.667_0\

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)

O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [svchospt] C:\WINDOWS\system32\svchospt.exe (FK2)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Programme\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-861567501-1757981266-839522115-1004..\Run: [ICQ] C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

O4 - Startup: C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

O4 - Startup: C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00  [binary data]

O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office 2007\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 2007\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office 2007\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99CFDFD7-37D7-4892-94D2-FEF25CB31700}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010.02.27 13:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell - "" = AutoRun

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - Services: "NMSAccessU"

MsConfig - Services: "Nero BackItUp Scheduler 4.0"

MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\eigene Programme\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {76073383-6B8B-2C8F-D8EF-0D796F78F2A4} - Vektorgrafik-Rendering (VML)

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.30 13:33:12 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Sunbird

[2012.05.26 08:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Armut im Geiste

[2012.05.20 06:06:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.05.12 08:30:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Faustinum

[2012.05.01 07:50:12 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2012.04.30 20:23:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Malwarebytes

[2012.04.30 20:22:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012.04.30 20:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2012.04.30 20:22:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.04.30 20:22:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2012.04.30 20:07:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software

[2012.04.30 20:04:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2012.04.30 20:03:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.04.30 20:03:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.30 13:37:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012.05.30 13:33:19 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Sunbird.lnk

[2012.05.30 12:59:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.29 13:59:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.29 08:53:11 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\tasks\ammet.job

[2012.05.29 08:53:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.05.29 08:53:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.05.29 08:53:05 | 2106,466,304 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.26 13:04:06 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2012.05.20 11:11:52 | 000,001,739 | ---- | M] () -- C:\WINDOWS\WINCMD.INI

[2012.05.16 14:30:34 | 000,063,490 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Infos_Klausurenk_2Ex.pdf

[2012.05.16 14:22:25 | 000,116,066 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\S+UAusschnitt_1112_2011.pdf

[2012.05.02 13:57:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.04.30 20:22:57 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.30 13:33:19 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Sunbird.lnk

[2012.05.16 14:30:34 | 000,063,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\Infos_Klausurenk_2Ex.pdf

[2012.05.16 14:22:25 | 000,116,066 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Desktop\S+UAusschnitt_1112_2011.pdf

[2012.04.30 20:22:57 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.21 19:55:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011.02.12 22:05:40 | 000,000,023 | ---- | C] () -- C:\WINDOWS\PTSPEECH.INI

[2010.11.18 15:09:36 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2010.11.18 14:29:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2010.08.14 16:19:34 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Marina ***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.12 21:44:30 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll

[2010.08.12 21:44:30 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll

[2010.07.04 07:08:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.06.30 20:04:09 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

 
 ========== LOP Check ==========

 

[2010.02.27 17:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited

[2012.04.30 20:03:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[2011.10.28 19:17:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2010.11.18 15:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX

[2012.03.21 10:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager

[2010.10.30 18:42:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2010.06.30 20:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir

[2010.06.30 20:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard

[2010.02.28 06:13:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp

[2012.04.30 20:08:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2010.05.02 20:45:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}

[2012.04.30 20:03:39 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2010.11.18 15:05:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6DAA3B20-D487-4FA2-81D5-50404CCB868D}

[2012.03.21 09:40:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}

[2010.08.01 16:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Amazon

[2011.11.17 09:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar

[2010.02.27 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canneverbe Limited

[2010.06.30 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canon

[2010.07.01 16:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.08.26 07:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\EssentialPIM

[2010.11.18 15:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\GetRightToGo

[2011.12.01 08:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ICQ

[2010.08.01 22:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\IrfanView

[2010.11.18 15:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\MAGIX

[2010.11.12 08:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong

[2010.06.30 20:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ScanSoft

[2012.04.30 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software

[2011.03.25 20:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu

[2010.11.18 15:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Uniblue

[2010.11.18 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Windows Live Writer

[2012.05.29 08:53:11 | 000,000,326 | -HS- | M] () -- C:\WINDOWS\Tasks\ammet.job

[2012.05.30 13:37:02 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.08.22 06:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Adobe

[2010.02.27 18:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AdobeUM

[2010.08.01 16:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Amazon

[2010.08.14 16:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Apple Computer

[2010.08.08 13:28:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ArcSoft

[2011.11.17 09:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar

[2011.02.11 19:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Avira

[2010.02.27 17:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canneverbe Limited

[2010.06.30 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Canon

[2010.04.26 16:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\CyberLink

[2010.07.01 16:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.08.26 07:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\EssentialPIM

[2010.11.18 15:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\GetRightToGo

[2010.02.27 17:06:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Google

[2010.05.01 11:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Help

[2011.12.01 08:19:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ICQ

[2012.03.22 12:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Identities

[2010.02.27 14:06:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\InstallShield

[2010.08.01 22:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\IrfanView

[2010.02.27 17:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Macromedia

[2010.11.18 15:10:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\MAGIX

[2012.04.30 20:23:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Malwarebytes

[2011.10.06 05:06:11 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft

[2012.05.30 13:33:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla

[2010.02.27 16:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Nero

[2010.11.12 08:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong

[2010.06.30 20:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\ScanSoft

[2012.04.28 09:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Skype

[2010.07.04 07:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Sun

[2012.04.30 20:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\TuneUp Software

[2010.05.15 10:03:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3

[2011.03.25 20:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu

[2010.11.18 15:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Uniblue

[2010.11.18 14:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Windows Live Writer

 
 < %APPDATA%\*.exe /s >

[2012.03.21 09:41:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2010.04.05 11:47:06 | 000,007,168 | R--- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Microsoft\Installer\{F53BC604-907D-11D4-8247-00C04F26F310}\IconF53BC604.exe

[2012.01.12 07:22:13 | 003,904,680 | ---- | M] (Ask) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe

[2008.08.26 18:49:54 | 000,110,592 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\cleanup.exe

[2008.08.26 18:37:56 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\Launchpad Removal.exe

[2009.01.14 12:13:30 | 004,636,672 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\Launchpad.exe

[2008.08.26 19:10:04 | 000,054,584 | ---- | M] (U3 LLC) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\40549109CAD0CA01\U3AccessGrant.exe

[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\temp\cleanup.exe

[2008.08.26 18:37:56 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\U3\temp\Launchpad Removal.exe

[2011.03.25 20:40:38 | 000,696,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\UBitMenu\unins000.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010.02.27 15:40:50 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2010.02.27 15:40:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2010.02.27 15:40:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2010.02.27 15:40:59 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

 
 <  >

 
 <     Schliesse bitte nun alle Programme. (Wicht >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

MOD - [2011.08.17 11:04:36 | 000,247,872 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}: "URL" = http://dict.leo.org/frde?lp=frde&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tonline-browser_toolbar3_search-21&index=blended&linkCode=ur2

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}: "URL" = http://dict.leo.org/esde?lp=esde&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}: "URL" = http://rover.ebay.com/rover/1/707-1403-9414-51/4?satitle={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=tweb&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=tportal&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}: "URL" = http://suche.t-online.de/fast-cgi/tsc?sr=twiki&q={searchTerms}&dia=tie8

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}: "URL" = http://dict.leo.org/ende?lp=ende&search={searchTerms}

IE - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}: "URL" = http://preisvergleich.t-online.de/angebote/{searchTerms}?soid=42534758

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q="

FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.667

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q="

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

[2012.04.29 18:04:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.05.30 09:06:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.08.02 21:33:51 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.05.21 09:21:57 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2012.01.12 10:49:08 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com

[2012.03.21 09:42:34 | 000,000,000 | ---D | M] (Telekom Toolbar 3.0) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de

[2012.05.30 13:33:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions

[2012.03.21 10:07:31 | 000,002,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml

[2011.02.11 20:11:22 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml

[2010.10.03 07:25:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml

[2012.03.21 10:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml

[2012.05.26 15:44:28 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml

[2011.11.24 08:46:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml

[2012.01.12 10:50:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml

[2012.03.21 10:54:29 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml

[2012.04.29 12:08:03 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml

[2011.11.15 02:26:15 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Marina Welsch\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)

O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof2.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-861567501-1757981266-839522115-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})

O4 - HKLM..\Run: [svchospt] C:\WINDOWS\system32\svchospt.exe (FK2)

O32 - AutoRun File - [2010.02.27 13:50:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell - "" = AutoRun

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\Shell\AutoRun\command - "" = Programs\nu2menu\nu2menu.exe

:Files

C:\WINDOWS\tasks\ammet.job

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong

C:\WINDOWS\system32\svchospt.exe

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\Softonic*.*

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004

C:\Programme\Ask.com

C:\Programme\ICQ6Toolbar

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:



All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

C:\Programme\DVDVideoSoftTB\tbDVD2.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.

C:\Programme\softonic-de3\tbsof2.dll moved successfully.

HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{06F97638-1C31-4EEA-9892-73E17BA30056}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06F97638-1C31-4EEA-9892-73E17BA30056}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{51516FF5-06A7-4D28-B82F-57803649C00E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51516FF5-06A7-4D28-B82F-57803649C00E}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{598E4024-5543-461D-BC59-0C3808C792F8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598E4024-5543-461D-BC59-0C3808C792F8}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682DAC36-F7A4-46CE-AA9C-4C2B7495CDB9}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85351F83-7117-4F9C-8AE3-4D1A7DD14BE4}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{919DEAFF-FC80-4DDB-9E74-2F73286C9E4B}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CA694659-F67F-4581-929D-D7DD791673FE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA694659-F67F-4581-929D-D7DD791673FE}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0C4D945-EAF8-4D7B-9990-D4321C1F9235}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB8C5087-E8F0-4EE7-9447-122D9433CC97}\ not found.

Registry key HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB0D8858-ACDB-4D76-A2DC-48AC3C493947}\ not found.

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.5&q=" removed from browser.search.defaulturl

Prefs.js: ciuvo-extension@icq.de:1.3.667 removed from extensions.enabledItems

Prefs.js: toolbar@ask.com:3.14.1.100010 removed from extensions.enabledItems

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q=" removed from keyword.URL

Prefs.js: 0 removed from network.proxy.type

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\Plugins folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\logs folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\datastore folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Nov-2011-19-42-45-GMT folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-28-Feb-2012-18-51-17-GMT folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-17-Nov-2011-06-42-19-GMT folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-12-Jan-2012-08-49-08-GMT folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-08-Jan-2012-10-18-31-GMT folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\toolbar@ask.com folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\res folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\modules folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\defaults\preferences folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\defaults folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de\chrome folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\extensions\totbff01@telekom.de folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Sunbird\Profiles\mlqpsb7o.default\extensions folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\amazonde.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\bing.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\conduit.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\einkaufswelt.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\searchplugins\icqplugin.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Programme\ConduitEngine\ConduitEngin0.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9603180-FA5C-4DB0-A013-ADC60309AF82}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9603180-FA5C-4DB0-A013-ADC60309AF82}\ deleted successfully.

C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.

File C:\Programme\softonic-de3\tbsof2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE163F11-1919-4257-A280-FF5AF8DAEECB}\ deleted successfully.

C:\Programme\icq\Internet Explorer\icq.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2015C8D4-8534-48DB-B5FB-5C76291F080C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2015C8D4-8534-48DB-B5FB-5C76291F080C}\ deleted successfully.

File C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.

File de3\tbsof2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2015C8D4-8534-48DB-B5FB-5C76291F080C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2015C8D4-8534-48DB-B5FB-5C76291F080C}\ not found.

File C:\Programme\Deutsche Telekom\Toolbar3\ToToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ deleted successfully.

C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.

File C:\Programme\DVDVideoSoftTB\tbDVD2.dll not found.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.

File de3\tbsof2.dll not found.

Registry value HKEY_USERS\S-1-5-21-861567501-1757981266-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Programme\Ask.com\Updater\Updater.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchospt deleted successfully.

C:\WINDOWS\system32\svchospt.exe moved successfully.

C:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06843593-5469-11df-bc5a-701a049e000a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06843593-5469-11df-bc5a-701a049e000a}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e35dc53f-241f-11df-bc43-701a049e000a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e35dc53f-241f-11df-bc43-701a049e000a}\ not found.

File Programs\nu2menu\nu2menu.exe not found.

========== FILES ==========

C:\WINDOWS\tasks\ammet.job moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\AskToolbar folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong\Data folder moved successfully.

C:\Dokumente und Einstellungen\Marina ***\Anwendungsdaten\PriceGong folder moved successfully.

File\Folder C:\WINDOWS\system32\svchospt.exe not found.

C:\Dokumente und Einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\softonic-Deutsch.exe moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22714 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22691\Chris de Burgh folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22691 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22613 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22609 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22402 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22292 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22290 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22289 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22278 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22277 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22276 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22218 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc22059 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21712 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21649 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21638 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21609 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21565 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21560 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21559 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21551 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21514 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480\Zitate folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480\Kapitel folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21480 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21442 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21414 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21353 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21351 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21346 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21338 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21326 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21325 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21322 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21287\German folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21287 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004\Dc21282 folder moved successfully.

C:\RECYCLER\S-1-5-21-861567501-1757981266-839522115-1004 folder moved successfully.

C:\Programme\Ask.com\Updater folder moved successfully.

C:\Programme\Ask.com\assets\oobe folder moved successfully.

C:\Programme\Ask.com\assets folder moved successfully.

C:\Programme\Ask.com folder moved successfully.

C:\Programme\ICQ6Toolbar folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2574933 bytes

 

User: Marina ***

->Temp folder emptied: 14871586 bytes

->Temporary Internet Files folder emptied: 630677049 bytes

->Java cache emptied: 6778399 bytes

->FireFox cache emptied: 118055032 bytes

->Google Chrome cache emptied: 102986479 bytes

->Flash cache emptied: 74392 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Wolfgang

 

%systemdrive% .tmp files removed: 280119882 bytes

%systemroot% .tmp files removed: 2134333 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16864 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1.105,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: Marina ***

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

User: Wolfgang

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.1 log created on 05302012_164216
 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:



17:52:41.0968 1692        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

17:52:42.0078 1692        ============================================================

17:52:42.0078 1692        Current date / time: 2012/05/30 17:52:42.0078

17:52:42.0078 1692        SystemInfo:

17:52:42.0078 1692        

17:52:42.0078 1692        OS Version: 5.1.2600 ServicePack: 3.0

17:52:42.0078 1692        Product type: Workstation

17:52:42.0078 1692        ComputerName: MARINA_NB

17:52:42.0078 1692        UserName: Marina ***

17:52:42.0078 1692        Windows directory: C:\WINDOWS

17:52:42.0078 1692        System windows directory: C:\WINDOWS

17:52:42.0078 1692        Processor architecture: Intel x86

17:52:42.0078 1692        Number of processors: 1

17:52:42.0078 1692        Page size: 0x1000

17:52:42.0078 1692        Boot type: Normal boot

17:52:42.0078 1692        ============================================================

17:52:44.0234 1692        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:52:44.0234 1692        ============================================================

17:52:44.0234 1692        \Device\Harddisk0\DR0:

17:52:44.0234 1692        MBR partitions:

17:52:44.0234 1692        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1

17:52:44.0234 1692        ============================================================

17:52:44.0265 1692        C: <-> \Device\Harddisk0\DR0\Partition0

17:52:44.0265 1692        ============================================================

17:52:44.0265 1692        Initialize success

17:52:44.0265 1692        ============================================================

17:55:23.0093 0264        ============================================================

17:55:23.0093 0264        Scan started

17:55:23.0093 0264        Mode: Manual; SigCheck; TDLFS; 

17:55:23.0093 0264        ============================================================

17:55:23.0640 0264        Abiosdsk - ok

17:55:23.0640 0264        abp480n5 - ok

17:55:23.0765 0264        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:55:27.0531 0264        ACPI - ok

17:55:27.0578 0264        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:55:27.0671 0264        ACPIEC - ok

17:55:28.0015 0264        Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

17:55:28.0078 0264        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

17:55:28.0078 0264        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

17:55:28.0078 0264        adpu160m - ok

17:55:28.0156 0264        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:55:28.0296 0264        aec - ok

17:55:28.0390 0264        AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

17:55:28.0484 0264        AFD - ok

17:55:28.0484 0264        Aha154x - ok

17:55:28.0484 0264        aic78u2 - ok

17:55:28.0500 0264        aic78xx - ok

17:55:28.0625 0264        akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys

17:55:28.0750 0264        akshasp - ok

17:55:28.0796 0264        aksusb          (b06b591532bd85b1ba68f40e2f1af8ab) C:\WINDOWS\system32\DRIVERS\aksusb.sys

17:55:28.0843 0264        aksusb - ok

17:55:28.0890 0264        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

17:55:29.0000 0264        Alerter - ok

17:55:29.0046 0264        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

17:55:29.0140 0264        ALG - ok

17:55:29.0140 0264        AliIde - ok

17:55:29.0140 0264        amsint - ok

17:55:29.0265 0264        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

17:55:29.0265 0264        AntiVirSchedulerService - ok

17:55:29.0390 0264        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

17:55:29.0390 0264        AntiVirService - ok

17:55:29.0562 0264        AntiVirWebService (3f5f6d24836e9fc4f0bf2d72d2b9c036) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

17:55:29.0671 0264        AntiVirWebService - ok

17:55:29.0718 0264        AnyDVD          (4d8f9534183b823d1d84a22fb18f3473) C:\WINDOWS\system32\Drivers\AnyDVD.sys

17:55:29.0734 0264        AnyDVD ( UnsignedFile.Multi.Generic ) - warning

17:55:29.0734 0264        AnyDVD - detected UnsignedFile.Multi.Generic (1)

17:55:29.0750 0264        AppMgmt - ok

17:55:30.0343 0264        AR5416          (1ba565f1e58e271c6ad6b21a4f181ca4) C:\WINDOWS\system32\DRIVERS\athw.sys

17:55:31.0328 0264        AR5416 - ok

17:55:31.0390 0264        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:55:31.0500 0264        Arp1394 - ok

17:55:31.0500 0264        asc - ok

17:55:31.0515 0264        asc3350p - ok

17:55:31.0515 0264        asc3550 - ok

17:55:31.0640 0264        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:55:31.0687 0264        aspnet_state - ok

17:55:31.0703 0264        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:55:31.0781 0264        AsyncMac - ok

17:55:31.0843 0264        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:55:31.0968 0264        atapi - ok

17:55:31.0968 0264        Atdisk - ok

17:55:32.0031 0264        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:55:32.0140 0264        Atmarpc - ok

17:55:32.0203 0264        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

17:55:32.0296 0264        AudioSrv - ok

17:55:32.0343 0264        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:55:32.0437 0264        audstub - ok

17:55:32.0515 0264        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:55:32.0546 0264        avipbb - ok

17:55:32.0578 0264        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:55:32.0687 0264        Beep - ok

17:55:32.0953 0264        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

17:55:33.0296 0264        BITS - ok

17:55:33.0359 0264        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

17:55:33.0468 0264        Browser - ok

17:55:33.0500 0264        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:55:33.0593 0264        cbidf2k - ok

17:55:33.0640 0264        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:55:33.0734 0264        CCDECODE - ok

17:55:33.0734 0264        cd20xrnt - ok

17:55:33.0781 0264        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:55:33.0875 0264        Cdaudio - ok

17:55:33.0921 0264        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:55:34.0031 0264        Cdfs - ok

17:55:34.0078 0264        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:55:34.0218 0264        Cdrom - ok

17:55:34.0218 0264        Changer - ok

17:55:34.0250 0264        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

17:55:34.0328 0264        CiSvc - ok

17:55:34.0375 0264        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

17:55:34.0484 0264        ClipSrv - ok

17:55:34.0546 0264        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:55:34.0609 0264        clr_optimization_v2.0.50727_32 - ok

17:55:34.0640 0264        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:55:34.0734 0264        CmBatt - ok

17:55:34.0734 0264        CmdIde - ok

17:55:34.0765 0264        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:55:34.0859 0264        Compbatt - ok

17:55:34.0875 0264        COMSysApp - ok

17:55:34.0875 0264        Cpqarray - ok

17:55:34.0937 0264        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

17:55:35.0031 0264        CryptSvc - ok

17:55:35.0046 0264        dac2w2k - ok

17:55:35.0046 0264        dac960nt - ok

17:55:35.0281 0264        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:55:35.0578 0264        DcomLaunch - ok

17:55:35.0656 0264        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

17:55:35.0796 0264        Dhcp - ok

17:55:35.0843 0264        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:55:35.0953 0264        Disk - ok

17:55:35.0953 0264        dmadmin - ok

17:55:36.0296 0264        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:55:36.0937 0264        dmboot - ok

17:55:37.0015 0264        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:55:37.0156 0264        dmio - ok

17:55:37.0187 0264        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:55:37.0265 0264        dmload - ok

17:55:37.0312 0264        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

17:55:37.0406 0264        dmserver - ok

17:55:37.0437 0264        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:55:37.0562 0264        DMusic - ok

17:55:37.0609 0264        Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll

17:55:37.0937 0264        Dnscache - ok

17:55:38.0015 0264        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

17:55:38.0156 0264        Dot3svc - ok

17:55:38.0156 0264        dpti2o - ok

17:55:38.0171 0264        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:55:38.0265 0264        drmkaud - ok

17:55:38.0312 0264        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

17:55:38.0406 0264        EapHost - ok

17:55:38.0453 0264        ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

17:55:38.0468 0264        ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning

17:55:38.0468 0264        ElbyCDFL - detected UnsignedFile.Multi.Generic (1)

17:55:38.0484 0264        ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

17:55:38.0484 0264        ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning

17:55:38.0484 0264        ElbyCDIO - detected UnsignedFile.Multi.Generic (1)

17:55:38.0500 0264        ElbyDelay       (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

17:55:38.0500 0264        ElbyDelay ( UnsignedFile.Multi.Generic ) - warning

17:55:38.0500 0264        ElbyDelay - detected UnsignedFile.Multi.Generic (1)

17:55:38.0546 0264        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

17:55:38.0640 0264        ERSvc - ok

17:55:38.0734 0264        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:55:38.0750 0264        Eventlog - ok

17:55:38.0859 0264        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

17:55:38.0984 0264        EventSystem - ok

17:55:39.0046 0264        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:55:39.0187 0264        Fastfat - ok

17:55:39.0281 0264        FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:55:39.0437 0264        FastUserSwitchingCompatibility - ok

17:55:39.0484 0264        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:55:39.0562 0264        Fdc - ok

17:55:39.0593 0264        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:55:39.0671 0264        Fips - ok

17:55:39.0687 0264        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:55:39.0781 0264        Flpydisk - ok

17:55:39.0859 0264        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:55:39.0984 0264        FltMgr - ok

17:55:40.0078 0264        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:55:40.0093 0264        FontCache3.0.0.0 - ok

17:55:40.0140 0264        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

17:55:40.0156 0264        fssfltr - ok

17:55:40.0640 0264        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

17:55:41.0140 0264        fsssvc - ok

17:55:41.0171 0264        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:55:41.0265 0264        Fs_Rec - ok

17:55:41.0343 0264        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:55:41.0468 0264        Ftdisk - ok

17:55:41.0531 0264        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:55:41.0625 0264        Gpc - ok

17:55:41.0734 0264        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

17:55:41.0734 0264        gupdate - ok

17:55:41.0734 0264        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

17:55:41.0750 0264        gupdatem - ok

17:55:41.0828 0264        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

17:55:41.0906 0264        gusvc - ok

17:55:42.0171 0264        hardlock        (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys

17:55:42.0531 0264        hardlock - ok

17:55:42.0609 0264        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:55:42.0703 0264        HDAudBus - ok

17:55:42.0796 0264        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:55:42.0921 0264        helpsvc - ok

17:55:42.0921 0264        HidServ - ok

17:55:42.0968 0264        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:55:43.0062 0264        hidusb - ok

17:55:43.0109 0264        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

17:55:43.0203 0264        hkmsvc - ok

17:55:43.0250 0264        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys

17:55:43.0281 0264        Hotkey ( UnsignedFile.Multi.Generic ) - warning

17:55:43.0281 0264        Hotkey - detected UnsignedFile.Multi.Generic (1)

17:55:43.0281 0264        hpn - ok

17:55:43.0390 0264        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

17:55:43.0578 0264        HTTP - ok

17:55:43.0609 0264        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

17:55:43.0687 0264        HTTPFilter - ok

17:55:43.0687 0264        i2omgmt - ok

17:55:43.0703 0264        i2omp - ok

17:55:43.0750 0264        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:55:43.0875 0264        i8042prt - ok

17:55:46.0421 0264        ialm            (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

17:55:51.0390 0264        ialm - ok

17:55:51.0437 0264        ICQ Service - ok

17:55:51.0906 0264        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:55:52.0578 0264        idsvc - ok

17:55:52.0843 0264        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:55:52.0953 0264        Imapi - ok

17:55:53.0046 0264        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

17:55:53.0140 0264        ImapiService - ok

17:55:53.0156 0264        ini910u - ok

17:55:55.0234 0264        IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:55:57.0218 0264        IntcAzAudAddService - ok

17:55:57.0500 0264        IntelIde - ok

17:55:57.0531 0264        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:55:57.0625 0264        intelppm - ok

17:55:57.0671 0264        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:55:57.0765 0264        Ip6Fw - ok

17:55:57.0812 0264        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:55:57.0953 0264        IpFilterDriver - ok

17:55:57.0984 0264        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:55:58.0078 0264        IpInIp - ok

17:55:58.0156 0264        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:55:58.0296 0264        IpNat - ok

17:55:58.0343 0264        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:55:58.0468 0264        IPSec - ok

17:55:58.0484 0264        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:55:58.0578 0264        IRENUM - ok

17:55:58.0609 0264        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:55:58.0687 0264        isapnp - ok

17:55:58.0890 0264        JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Programme\Java\jre6\bin\jqs.exe

17:55:58.0890 0264        JavaQuickStarterService - ok

17:55:58.0984 0264        JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys

17:55:59.0078 0264        JMCR - ok

17:55:59.0093 0264        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:55:59.0187 0264        Kbdclass - ok

17:55:59.0281 0264        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:55:59.0437 0264        kmixer - ok

17:55:59.0500 0264        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:55:59.0593 0264        KSecDD - ok

17:55:59.0671 0264        lanmanserver    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll

17:55:59.0796 0264        lanmanserver - ok

17:55:59.0906 0264        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

17:56:00.0000 0264        lanmanworkstation - ok

17:56:00.0000 0264        lbrtfdc - ok

17:56:00.0031 0264        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

17:56:00.0093 0264        LmHosts - ok

17:56:00.0109 0264        MBAMSwissArmy - ok

17:56:00.0265 0264        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

17:56:00.0390 0264        McComponentHostService - ok

17:56:00.0578 0264        MDM             (81eb1700d75f1ce13d4dba0133222072) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

17:56:00.0609 0264        MDM ( UnsignedFile.Multi.Generic ) - warning

17:56:00.0609 0264        MDM - detected UnsignedFile.Multi.Generic (1)

17:56:00.0656 0264        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

17:56:00.0750 0264        Messenger - ok

17:56:00.0796 0264        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:56:00.0906 0264        mnmdd - ok

17:56:00.0953 0264        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

17:56:01.0046 0264        mnmsrvc - ok

17:56:01.0093 0264        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:56:01.0187 0264        Modem - ok

17:56:01.0218 0264        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:56:01.0312 0264        Mouclass - ok

17:56:01.0359 0264        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:56:01.0468 0264        mouhid - ok

17:56:01.0500 0264        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:56:01.0593 0264        MountMgr - ok

17:56:01.0671 0264        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

17:56:01.0734 0264        MozillaMaintenance - ok

17:56:01.0734 0264        mraid35x - ok

17:56:01.0828 0264        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:56:01.0984 0264        MRxDAV - ok

17:56:02.0171 0264        MRxSmb          (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:56:02.0484 0264        MRxSmb - ok

17:56:02.0515 0264        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

17:56:02.0593 0264        MSDTC - ok

17:56:02.0625 0264        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:56:02.0718 0264        Msfs - ok

17:56:02.0734 0264        MSIServer - ok

17:56:02.0781 0264        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:56:02.0843 0264        MSKSSRV - ok

17:56:02.0875 0264        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:56:02.0968 0264        MSPCLOCK - ok

17:56:03.0000 0264        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:56:03.0093 0264        MSPQM - ok

17:56:03.0109 0264        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:56:03.0187 0264        mssmbios - ok

17:56:03.0218 0264        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:56:03.0312 0264        MSTEE - ok

17:56:03.0375 0264        Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

17:56:03.0484 0264        Mup - ok

17:56:03.0531 0264        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:56:03.0656 0264        NABTSFEC - ok

17:56:03.0781 0264        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

17:56:04.0000 0264        napagent - ok

17:56:04.0078 0264        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:56:04.0234 0264        NDIS - ok

17:56:04.0265 0264        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:56:04.0359 0264        NdisIP - ok

17:56:04.0375 0264        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:56:04.0468 0264        NdisTapi - ok

17:56:04.0500 0264        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:56:04.0578 0264        Ndisuio - ok

17:56:04.0625 0264        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:56:04.0734 0264        NdisWan - ok

17:56:04.0765 0264        NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

17:56:04.0890 0264        NDProxy - ok

17:56:04.0984 0264        Nero BackItUp Scheduler 4.0 - ok

17:56:05.0015 0264        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:56:05.0109 0264        NetBIOS - ok

17:56:05.0203 0264        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:56:05.0406 0264        NetBT - ok

17:56:05.0468 0264        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:56:05.0593 0264        NetDDE - ok

17:56:05.0593 0264        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:56:05.0671 0264        NetDDEdsdm - ok

17:56:05.0703 0264        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:56:05.0781 0264        Netlogon - ok

17:56:05.0953 0264        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

17:56:06.0125 0264        Netman - ok

17:56:06.0265 0264        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:56:06.0312 0264        NetTcpPortSharing - ok

17:56:07.0406 0264        Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

17:56:09.0421 0264        Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning

17:56:09.0421 0264        Netzmanager Service - detected UnsignedFile.Multi.Generic (1)

17:56:09.0765 0264        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:56:09.0906 0264        NIC1394 - ok

17:56:10.0046 0264        Nla             (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll

17:56:10.0171 0264        Nla - ok

17:56:10.0312 0264        NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe

17:56:10.0343 0264        NMSAccessU - ok

17:56:10.0390 0264        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:56:10.0515 0264        Npfs - ok

17:56:10.0750 0264        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:56:11.0171 0264        Ntfs - ok

17:56:11.0218 0264        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:56:11.0296 0264        NtLmSsp - ok

17:56:11.0484 0264        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

17:56:11.0843 0264        NtmsSvc - ok

17:56:11.0968 0264        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:56:12.0062 0264        Null - ok

17:56:12.0109 0264        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:56:12.0218 0264        NwlnkFlt - ok

17:56:12.0234 0264        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:56:12.0312 0264        NwlnkFwd - ok

17:56:12.0609 0264        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

17:56:12.0890 0264        odserv - ok

17:56:12.0953 0264        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:56:13.0062 0264        ohci1394 - ok

17:56:13.0156 0264        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

17:56:13.0218 0264        ose - ok

17:56:13.0265 0264        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

17:56:13.0375 0264        Parport - ok

17:56:13.0390 0264        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:56:13.0468 0264        PartMgr - ok

17:56:13.0500 0264        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:56:13.0593 0264        ParVdm - ok

17:56:13.0671 0264        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:56:13.0781 0264        PCI - ok

17:56:13.0781 0264        PCIDump - ok

17:56:13.0812 0264        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:56:13.0906 0264        PCIIde - ok

17:56:13.0968 0264        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:56:14.0078 0264        Pcmcia - ok

17:56:14.0093 0264        PDCOMP - ok

17:56:14.0093 0264        PDFRAME - ok

17:56:14.0093 0264        PDRELI - ok

17:56:14.0109 0264        PDRFRAME - ok

17:56:14.0109 0264        perc2 - ok

17:56:14.0109 0264        perc2hib - ok

17:56:14.0203 0264        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:56:14.0218 0264        PlugPlay - ok

17:56:14.0234 0264        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:56:14.0312 0264        PolicyAgent - ok

17:56:14.0359 0264        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:56:14.0468 0264        PptpMiniport - ok

17:56:14.0468 0264        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:56:14.0531 0264        ProtectedStorage - ok

17:56:14.0562 0264        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:56:14.0671 0264        PSched - ok

17:56:14.0703 0264        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:56:14.0796 0264        Ptilink - ok

17:56:14.0796 0264        ql1080 - ok

17:56:14.0812 0264        Ql10wnt - ok

17:56:14.0812 0264        ql12160 - ok

17:56:14.0812 0264        ql1240 - ok

17:56:14.0828 0264        ql1280 - ok

17:56:14.0859 0264        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:56:14.0937 0264        RasAcd - ok

17:56:15.0000 0264        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

17:56:15.0125 0264        RasAuto - ok

17:56:15.0156 0264        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:56:15.0250 0264        Rasl2tp - ok

17:56:15.0359 0264        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

17:56:15.0562 0264        RasMan - ok

17:56:15.0578 0264        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:56:15.0687 0264        RasPppoe - ok

17:56:15.0703 0264        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:56:15.0781 0264        Raspti - ok

17:56:15.0875 0264        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:56:16.0031 0264        Rdbss - ok

17:56:16.0062 0264        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:56:16.0171 0264        RDPCDD - ok

17:56:16.0250 0264        RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

17:56:16.0375 0264        RDPWD - ok

17:56:16.0453 0264        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

17:56:16.0593 0264        RDSessMgr - ok

17:56:16.0640 0264        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:56:16.0750 0264        redbook - ok

17:56:16.0812 0264        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

17:56:16.0953 0264        RemoteAccess - ok

17:56:17.0140 0264        RichVideo       (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Programme\Cyberlink\Shared files\RichVideo.exe

17:56:17.0156 0264        RichVideo - ok

17:56:17.0218 0264        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

17:56:17.0328 0264        RpcLocator - ok

17:56:17.0515 0264        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:56:17.0656 0264        RpcSs - ok

17:56:17.0734 0264        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:56:18.0078 0264        RSVP - ok

17:56:18.0156 0264        RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:56:18.0265 0264        RTLE8023xp - ok

17:56:18.0296 0264        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:56:18.0359 0264        SamSs - ok

17:56:18.0453 0264        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

17:56:18.0578 0264        SCardSvr - ok

17:56:18.0671 0264        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

17:56:18.0828 0264        Schedule - ok

17:56:18.0890 0264        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:56:19.0000 0264        sdbus - ok

17:56:19.0187 0264        SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

17:56:19.0203 0264        SeaPort - ok

17:56:19.0234 0264        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:56:19.0312 0264        Secdrv - ok

17:56:19.0343 0264        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

17:56:19.0421 0264        seclogon - ok

17:56:19.0437 0264        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

17:56:19.0531 0264        SENS - ok

17:56:19.0578 0264        Ser2pl          (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

17:56:19.0640 0264        Ser2pl - ok

17:56:19.0671 0264        Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:56:19.0750 0264        Serenum - ok

17:56:19.0796 0264        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

17:56:19.0937 0264        Serial - ok

17:56:19.0968 0264        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:56:20.0062 0264        Sfloppy - ok

17:56:20.0234 0264        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

17:56:20.0562 0264        SharedAccess - ok

17:56:20.0640 0264        ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:56:20.0718 0264        ShellHWDetection - ok

17:56:20.0734 0264        Simbad - ok

17:56:20.0765 0264        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:56:20.0843 0264        SLIP - ok

17:56:20.0859 0264        Sparrow - ok

17:56:20.0890 0264        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:56:21.0000 0264        splitter - ok

17:56:21.0031 0264        Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe

17:56:21.0109 0264        Spooler - ok

17:56:21.0156 0264        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:56:21.0250 0264        sr - ok

17:56:21.0343 0264        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

17:56:21.0500 0264        srservice - ok

17:56:21.0656 0264        Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

17:56:21.0953 0264        Srv - ok

17:56:22.0015 0264        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

17:56:22.0109 0264        SSDPSRV - ok

17:56:22.0156 0264        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:56:22.0171 0264        ssmdrv - ok

17:56:22.0203 0264        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

17:56:22.0218 0264        StarOpen ( UnsignedFile.Multi.Generic ) - warning

17:56:22.0218 0264        StarOpen - detected UnsignedFile.Multi.Generic (1)

17:56:22.0390 0264        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

17:56:22.0703 0264        stisvc - ok

17:56:22.0750 0264        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:56:22.0843 0264        streamip - ok

17:56:22.0875 0264        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:56:22.0968 0264        swenum - ok

17:56:23.0015 0264        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:56:23.0125 0264        swmidi - ok

17:56:23.0125 0264        SwPrv - ok

17:56:23.0140 0264        symc810 - ok

17:56:23.0140 0264        symc8xx - ok

17:56:23.0140 0264        sym_hi - ok

17:56:23.0156 0264        sym_u3 - ok

17:56:23.0281 0264        SynTP           (86692a9116559222bd2d62633ddc352d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:56:23.0406 0264        SynTP - ok

17:56:23.0453 0264        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:56:23.0546 0264        sysaudio - ok

17:56:23.0625 0264        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

17:56:23.0734 0264        SysmonLog - ok

17:56:23.0859 0264        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

17:56:24.0031 0264        TapiSrv - ok

17:56:24.0218 0264        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:56:24.0468 0264        Tcpip - ok

17:56:24.0500 0264        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:56:24.0593 0264        TDPIPE - ok

17:56:24.0625 0264        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:56:24.0718 0264        TDTCP - ok

17:56:24.0859 0264        TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys

17:56:24.0859 0264        TelekomNM3 - ok

17:56:24.0906 0264        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:56:25.0000 0264        TermDD - ok

17:56:25.0156 0264        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

17:56:25.0359 0264        TermService - ok

17:56:25.0593 0264        TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

17:56:25.0703 0264        TestHandler - ok

17:56:25.0781 0264        Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:56:25.0859 0264        Themes - ok

17:56:25.0937 0264        TosIde - ok

17:56:26.0031 0264        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

17:56:26.0171 0264        TrkWks - ok

17:56:26.0421 0264        TVECapSvc       (dec8acebd9cd1f3dd6f4f3a6308d8b94) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

17:56:26.0453 0264        TVECapSvc ( UnsignedFile.Multi.Generic ) - warning

17:56:26.0453 0264        TVECapSvc - detected UnsignedFile.Multi.Generic (1)

17:56:26.0500 0264        TVESched        (7a5a6987397f78b1606bdb5c407d3574) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

17:56:26.0515 0264        TVESched ( UnsignedFile.Multi.Generic ) - warning

17:56:26.0515 0264        TVESched - detected UnsignedFile.Multi.Generic (1)

17:56:26.0562 0264        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:56:26.0640 0264        Udfs - ok

17:56:26.0656 0264        ultra - ok

17:56:26.0828 0264        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:56:27.0187 0264        Update - ok

17:56:27.0281 0264        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

17:56:27.0421 0264        upnphost - ok

17:56:27.0437 0264        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

17:56:27.0515 0264        UPS - ok

17:56:27.0578 0264        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:56:27.0671 0264        usbccgp - ok

17:56:27.0703 0264        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:56:27.0796 0264        usbehci - ok

17:56:27.0828 0264        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:56:28.0187 0264        usbhub - ok

17:56:28.0218 0264        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:56:28.0312 0264        usbprint - ok

17:56:28.0343 0264        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:56:28.0437 0264        usbscan - ok

17:56:28.0468 0264        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:56:28.0546 0264        USBSTOR - ok

17:56:28.0578 0264        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:56:28.0687 0264        usbuhci - ok

17:56:28.0765 0264        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:56:28.0937 0264        usbvideo - ok

17:56:28.0984 0264        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:56:29.0062 0264        VgaSave - ok

17:56:29.0062 0264        ViaIde - ok

17:56:29.0109 0264        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:56:29.0203 0264        VolSnap - ok

17:56:29.0328 0264        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

17:56:29.0515 0264        VSS - ok

17:56:29.0625 0264        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

17:56:29.0781 0264        W32Time - ok

17:56:29.0812 0264        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:56:29.0953 0264        Wanarp - ok

17:56:29.0953 0264        WDICA - ok

17:56:30.0015 0264        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:56:30.0125 0264        wdmaud - ok

17:56:30.0187 0264        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

17:56:30.0312 0264        WebClient - ok

17:56:30.0453 0264        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:56:30.0609 0264        winmgmt - ok

17:56:30.0750 0264        WisLMSvc        (b0e6faa0f0ead4772c545a3737efb47f) C:\Programme\Launch Manager\WisLMSvc.exe

17:56:30.0796 0264        WisLMSvc ( UnsignedFile.Multi.Generic ) - warning

17:56:30.0796 0264        WisLMSvc - detected UnsignedFile.Multi.Generic (1)

17:56:30.0859 0264        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

17:56:30.0984 0264        WmdmPmSN - ok

17:56:31.0031 0264        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:56:31.0109 0264        WmiAcpi - ok

17:56:31.0187 0264        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:56:31.0265 0264        WmiApSrv - ok

17:56:31.0296 0264        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:56:31.0390 0264        WS2IFSL - ok

17:56:31.0453 0264        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

17:56:31.0562 0264        wscsvc - ok

17:56:31.0593 0264        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:56:31.0671 0264        WSTCODEC - ok

17:56:31.0703 0264        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

17:56:31.0796 0264        wuauserv - ok

17:56:32.0062 0264        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

17:56:32.0437 0264        WZCSVC - ok

17:56:32.0546 0264        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

17:56:32.0671 0264        xmlprov - ok

17:56:32.0812 0264        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PlayMovie\000.fcl

17:56:32.0828 0264        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok

17:56:32.0921 0264        {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PowerDVD\000.fcl

17:56:32.0921 0264        {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok

17:56:32.0968 0264        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:56:33.0500 0264        \Device\Harddisk0\DR0 - ok

17:56:33.0500 0264        Boot (0x1200)   (1ffc0a734d9502c406ab4afba1c2a60e) \Device\Harddisk0\DR0\Partition0

17:56:33.0500 0264        \Device\Harddisk0\DR0\Partition0 - ok

17:56:33.0500 0264        ============================================================

17:56:33.0500 0264        Scan finished

17:56:33.0500 0264        ============================================================

17:56:33.0609 3120        Detected object count: 12

17:56:33.0609 3120        Actual detected object count: 12

17:58:01.0718 3120        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        ElbyDelay ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        MDM ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0718 3120        Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0718 3120        Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0734 3120        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0734 3120        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0734 3120        TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0734 3120        TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0734 3120        TVESched ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0734 3120        TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:01.0734 3120        WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:58:01.0734 3120        WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:58:14.0078 3528        ============================================================

17:58:14.0078 3528        Scan started

17:58:14.0078 3528        Mode: Manual; SigCheck; TDLFS; 

17:58:14.0078 3528        ============================================================

17:58:14.0312 3528        Abiosdsk - ok

17:58:14.0312 3528        abp480n5 - ok

17:58:14.0421 3528        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:58:14.0531 3528        ACPI - ok

17:58:14.0562 3528        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

17:58:14.0640 3528        ACPIEC - ok

17:58:14.0734 3528        Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

17:58:14.0765 3528        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

17:58:14.0765 3528        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

17:58:14.0765 3528        adpu160m - ok

17:58:14.0843 3528        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:58:14.0921 3528        aec - ok

17:58:15.0015 3528        AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

17:58:15.0046 3528        AFD - ok

17:58:15.0046 3528        Aha154x - ok

17:58:15.0062 3528        aic78u2 - ok

17:58:15.0062 3528        aic78xx - ok

17:58:15.0203 3528        akshasp         (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys

17:58:15.0218 3528        akshasp - ok

17:58:15.0250 3528        aksusb          (b06b591532bd85b1ba68f40e2f1af8ab) C:\WINDOWS\system32\DRIVERS\aksusb.sys

17:58:15.0265 3528        aksusb - ok

17:58:15.0296 3528        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

17:58:15.0375 3528        Alerter - ok

17:58:15.0406 3528        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

17:58:15.0500 3528        ALG - ok

17:58:15.0500 3528        AliIde - ok

17:58:15.0500 3528        amsint - ok

17:58:15.0625 3528        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

17:58:15.0640 3528        AntiVirSchedulerService - ok

17:58:15.0765 3528        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

17:58:15.0765 3528        AntiVirService - ok

17:58:16.0015 3528        AntiVirWebService (3f5f6d24836e9fc4f0bf2d72d2b9c036) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

17:58:16.0125 3528        AntiVirWebService - ok

17:58:16.0187 3528        AnyDVD          (4d8f9534183b823d1d84a22fb18f3473) C:\WINDOWS\system32\Drivers\AnyDVD.sys

17:58:16.0218 3528        AnyDVD ( UnsignedFile.Multi.Generic ) - warning

17:58:16.0218 3528        AnyDVD - detected UnsignedFile.Multi.Generic (1)

17:58:16.0218 3528        AppMgmt - ok

17:58:16.0781 3528        AR5416          (1ba565f1e58e271c6ad6b21a4f181ca4) C:\WINDOWS\system32\DRIVERS\athw.sys

17:58:17.0250 3528        AR5416 - ok

17:58:17.0296 3528        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

17:58:17.0390 3528        Arp1394 - ok

17:58:17.0390 3528        asc - ok

17:58:17.0390 3528        asc3350p - ok

17:58:17.0406 3528        asc3550 - ok

17:58:17.0515 3528        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:58:17.0531 3528        aspnet_state - ok

17:58:17.0562 3528        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:58:17.0625 3528        AsyncMac - ok

17:58:17.0687 3528        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:58:17.0765 3528        atapi - ok

17:58:17.0765 3528        Atdisk - ok

17:58:17.0828 3528        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:58:17.0921 3528        Atmarpc - ok

17:58:18.0218 3528        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

17:58:18.0312 3528        AudioSrv - ok

17:58:18.0343 3528        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:58:18.0437 3528        audstub - ok

17:58:18.0531 3528        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:58:18.0546 3528        avipbb - ok

17:58:18.0578 3528        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:58:18.0671 3528        Beep - ok

17:58:18.0875 3528        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

17:58:19.0062 3528        BITS - ok

17:58:19.0140 3528        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

17:58:19.0234 3528        Browser - ok

17:58:19.0265 3528        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:58:19.0359 3528        cbidf2k - ok

17:58:19.0390 3528        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:58:19.0484 3528        CCDECODE - ok

17:58:19.0484 3528        cd20xrnt - ok

17:58:19.0515 3528        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:58:19.0593 3528        Cdaudio - ok

17:58:19.0640 3528        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:58:19.0718 3528        Cdfs - ok

17:58:19.0765 3528        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:58:19.0859 3528        Cdrom - ok

17:58:19.0875 3528        Changer - ok

17:58:19.0906 3528        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

17:58:19.0984 3528        CiSvc - ok

17:58:20.0015 3528        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

17:58:20.0078 3528        ClipSrv - ok

17:58:20.0187 3528        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:58:20.0187 3528        clr_optimization_v2.0.50727_32 - ok

17:58:20.0234 3528        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

17:58:20.0312 3528        CmBatt - ok

17:58:20.0312 3528        CmdIde - ok

17:58:20.0343 3528        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

17:58:20.0406 3528        Compbatt - ok

17:58:20.0421 3528        COMSysApp - ok

17:58:20.0421 3528        Cpqarray - ok

17:58:20.0468 3528        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

17:58:20.0546 3528        CryptSvc - ok

17:58:20.0562 3528        dac2w2k - ok

17:58:20.0562 3528        dac960nt - ok

17:58:20.0765 3528        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:58:20.0890 3528        DcomLaunch - ok

17:58:20.0984 3528        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

17:58:21.0078 3528        Dhcp - ok

17:58:21.0093 3528        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:58:21.0187 3528        Disk - ok

17:58:21.0187 3528        dmadmin - ok

17:58:21.0531 3528        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:58:21.0843 3528        dmboot - ok

17:58:21.0921 3528        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:58:22.0000 3528        dmio - ok

17:58:22.0031 3528        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:58:22.0109 3528        dmload - ok

17:58:22.0171 3528        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

17:58:22.0265 3528        dmserver - ok

17:58:22.0296 3528        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:58:22.0390 3528        DMusic - ok

17:58:22.0437 3528        Dnscache        (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll

17:58:22.0500 3528        Dnscache - ok

17:58:22.0593 3528        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

17:58:22.0656 3528        Dot3svc - ok

17:58:22.0656 3528        dpti2o - ok

17:58:22.0687 3528        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:58:22.0750 3528        drmkaud - ok

17:58:22.0796 3528        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

17:58:22.0875 3528        EapHost - ok

17:58:22.0937 3528        ElbyCDFL        (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

17:58:22.0953 3528        ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning

17:58:22.0953 3528        ElbyCDFL - detected UnsignedFile.Multi.Generic (1)

17:58:22.0984 3528        ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

17:58:22.0984 3528        ElbyCDIO ( UnsignedFile.Multi.Generic ) - warning

17:58:22.0984 3528        ElbyCDIO - detected UnsignedFile.Multi.Generic (1)

17:58:22.0984 3528        ElbyDelay       (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

17:58:23.0015 3528        ElbyDelay ( UnsignedFile.Multi.Generic ) - warning

17:58:23.0015 3528        ElbyDelay - detected UnsignedFile.Multi.Generic (1)

17:58:23.0062 3528        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

17:58:23.0156 3528        ERSvc - ok

17:58:23.0234 3528        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:58:23.0234 3528        Eventlog - ok

17:58:23.0343 3528        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

17:58:23.0359 3528        EventSystem - ok

17:58:23.0437 3528        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:58:23.0500 3528        Fastfat - ok

17:58:23.0593 3528        FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:58:23.0671 3528        FastUserSwitchingCompatibility - ok

17:58:23.0718 3528        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:58:23.0781 3528        Fdc - ok

17:58:23.0812 3528        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:58:23.0906 3528        Fips - ok

17:58:23.0921 3528        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:58:24.0000 3528        Flpydisk - ok

17:58:24.0062 3528        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:58:24.0156 3528        FltMgr - ok

17:58:24.0265 3528        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:58:24.0281 3528        FontCache3.0.0.0 - ok

17:58:24.0359 3528        fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

17:58:24.0359 3528        fssfltr - ok

17:58:24.0796 3528        fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe

17:58:25.0031 3528        fsssvc - ok

17:58:25.0062 3528        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:58:25.0156 3528        Fs_Rec - ok

17:58:25.0234 3528        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:58:25.0312 3528        Ftdisk - ok

17:58:25.0359 3528        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:58:25.0421 3528        Gpc - ok

17:58:25.0531 3528        gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

17:58:25.0531 3528        gupdate - ok

17:58:25.0531 3528        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe

17:58:25.0546 3528        gupdatem - ok

17:58:25.0625 3528        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

17:58:25.0640 3528        gusvc - ok

17:58:25.0921 3528        hardlock        (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys

17:58:26.0109 3528        hardlock - ok

17:58:26.0218 3528        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:58:26.0296 3528        HDAudBus - ok

17:58:26.0390 3528        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:58:26.0468 3528        helpsvc - ok

17:58:26.0468 3528        HidServ - ok

17:58:26.0515 3528        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:58:26.0625 3528        hidusb - ok

17:58:26.0687 3528        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

17:58:26.0750 3528        hkmsvc - ok

17:58:26.0796 3528        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys

17:58:26.0812 3528        Hotkey ( UnsignedFile.Multi.Generic ) - warning

17:58:26.0812 3528        Hotkey - detected UnsignedFile.Multi.Generic (1)

17:58:26.0828 3528        hpn - ok

17:58:26.0953 3528        HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

17:58:27.0046 3528        HTTP - ok

17:58:27.0062 3528        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

17:58:27.0156 3528        HTTPFilter - ok

17:58:27.0156 3528        i2omgmt - ok

17:58:27.0156 3528        i2omp - ok

17:58:27.0203 3528        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:58:27.0312 3528        i8042prt - ok

17:58:30.0093 3528        ialm            (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

17:58:32.0515 3528        ialm - ok

17:58:32.0578 3528        ICQ Service - ok

17:58:33.0046 3528        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:58:33.0375 3528        idsvc - ok

17:58:33.0656 3528        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:58:33.0750 3528        Imapi - ok

17:58:33.0843 3528        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

17:58:33.0921 3528        ImapiService - ok

17:58:33.0921 3528        ini910u - ok

17:58:35.0937 3528        IntcAzAudAddService (1824c4894aa438cd06c976e44b9e7353) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:58:37.0843 3528        IntcAzAudAddService - ok

17:58:38.0343 3528        IntelIde - ok

17:58:38.0375 3528        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:58:38.0468 3528        intelppm - ok

17:58:38.0500 3528        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:58:38.0578 3528        Ip6Fw - ok

17:58:38.0625 3528        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:58:38.0718 3528        IpFilterDriver - ok

17:58:38.0765 3528        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:58:38.0859 3528        IpInIp - ok

17:58:38.0937 3528        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:58:39.0031 3528        IpNat - ok

17:58:39.0078 3528        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:58:39.0187 3528        IPSec - ok

17:58:39.0203 3528        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:58:39.0296 3528        IRENUM - ok

17:58:39.0343 3528        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:58:39.0406 3528        isapnp - ok

17:58:39.0593 3528        JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Programme\Java\jre6\bin\jqs.exe

17:58:39.0593 3528        JavaQuickStarterService - ok

17:58:39.0671 3528        JMCR            (dedb6cc1b166928a8f3f68def1766db0) C:\WINDOWS\system32\DRIVERS\jmcr.sys

17:58:39.0703 3528        JMCR - ok

17:58:39.0718 3528        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:58:39.0796 3528        Kbdclass - ok

17:58:39.0890 3528        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:58:39.0968 3528        kmixer - ok

17:58:40.0046 3528        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:58:40.0062 3528        KSecDD - ok

17:58:40.0140 3528        lanmanserver    (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll

17:58:40.0218 3528        lanmanserver - ok

17:58:40.0296 3528        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

17:58:40.0296 3528        lanmanworkstation - ok

17:58:40.0312 3528        lbrtfdc - ok

17:58:40.0328 3528        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

17:58:40.0390 3528        LmHosts - ok

17:58:40.0390 3528        MBAMSwissArmy - ok

17:58:40.0562 3528        McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

17:58:40.0578 3528        McComponentHostService - ok

17:58:40.0781 3528        MDM             (81eb1700d75f1ce13d4dba0133222072) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

17:58:40.0796 3528        MDM ( UnsignedFile.Multi.Generic ) - warning

17:58:40.0796 3528        MDM - detected UnsignedFile.Multi.Generic (1)

17:58:40.0843 3528        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

17:58:40.0921 3528        Messenger - ok

17:58:40.0953 3528        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:58:41.0031 3528        mnmdd - ok

17:58:41.0078 3528        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

17:58:41.0203 3528        mnmsrvc - ok

17:58:41.0234 3528        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:58:41.0328 3528        Modem - ok

17:58:41.0343 3528        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:58:41.0421 3528        Mouclass - ok

17:58:41.0500 3528        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:58:41.0593 3528        mouhid - ok

17:58:41.0625 3528        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:58:41.0687 3528        MountMgr - ok

17:58:41.0781 3528        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

17:58:41.0781 3528        MozillaMaintenance - ok

17:58:41.0796 3528        mraid35x - ok

17:58:41.0890 3528        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:58:41.0953 3528        MRxDAV - ok

17:58:42.0171 3528        MRxSmb          (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:58:42.0296 3528        MRxSmb - ok

17:58:42.0343 3528        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

17:58:42.0421 3528        MSDTC - ok

17:58:42.0453 3528        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:58:42.0531 3528        Msfs - ok

17:58:42.0546 3528        MSIServer - ok

17:58:42.0578 3528        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:58:42.0640 3528        MSKSSRV - ok

17:58:42.0656 3528        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:58:42.0750 3528        MSPCLOCK - ok

17:58:42.0781 3528        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:58:42.0890 3528        MSPQM - ok

17:58:42.0937 3528        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:58:43.0015 3528        mssmbios - ok

17:58:43.0031 3528        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:58:43.0109 3528        MSTEE - ok

17:58:43.0171 3528        Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

17:58:43.0250 3528        Mup - ok

17:58:43.0296 3528        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:58:43.0390 3528        NABTSFEC - ok

17:58:43.0531 3528        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

17:58:43.0609 3528        napagent - ok

17:58:43.0703 3528        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:58:43.0796 3528        NDIS - ok

17:58:43.0828 3528        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:58:43.0906 3528        NdisIP - ok

17:58:43.0937 3528        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:58:44.0015 3528        NdisTapi - ok

17:58:44.0046 3528        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:58:44.0156 3528        Ndisuio - ok

17:58:44.0187 3528        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:58:44.0265 3528        NdisWan - ok

17:58:44.0296 3528        NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

17:58:44.0390 3528        NDProxy - ok

17:58:44.0468 3528        Nero BackItUp Scheduler 4.0 - ok

17:58:44.0500 3528        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:58:44.0593 3528        NetBIOS - ok

17:58:44.0687 3528        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:58:44.0781 3528        NetBT - ok

17:58:44.0859 3528        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:58:44.0953 3528        NetDDE - ok

17:58:44.0953 3528        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:58:45.0031 3528        NetDDEdsdm - ok

17:58:45.0093 3528        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:45.0218 3528        Netlogon - ok

17:58:45.0312 3528        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

17:58:45.0406 3528        Netman - ok

17:58:45.0546 3528        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:58:45.0562 3528        NetTcpPortSharing - ok

17:58:46.0687 3528        Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

17:58:47.0656 3528        Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning

17:58:47.0656 3528        Netzmanager Service - detected UnsignedFile.Multi.Generic (1)

17:58:48.0203 3528        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

17:58:48.0281 3528        NIC1394 - ok

17:58:48.0406 3528        Nla             (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll

17:58:48.0437 3528        Nla - ok

17:58:48.0578 3528        NMSAccessU      (fd306fbcce7adb1077b709742e7148e9) C:\Programme\CDBurnerXP\NMSAccessU.exe

17:58:48.0578 3528        NMSAccessU - ok

17:58:48.0625 3528        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:58:48.0718 3528        Npfs - ok

17:58:48.0953 3528        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:58:49.0187 3528        Ntfs - ok

17:58:49.0218 3528        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:49.0281 3528        NtLmSsp - ok

17:58:49.0484 3528        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

17:58:49.0687 3528        NtmsSvc - ok

17:58:49.0718 3528        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:58:49.0796 3528        Null - ok

17:58:49.0843 3528        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:58:49.0937 3528        NwlnkFlt - ok

17:58:49.0953 3528        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:58:50.0031 3528        NwlnkFwd - ok

17:58:50.0359 3528        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

17:58:50.0468 3528        odserv - ok

17:58:50.0531 3528        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:58:50.0593 3528        ohci1394 - ok

17:58:50.0687 3528        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

17:58:50.0703 3528        ose - ok

17:58:50.0750 3528        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

17:58:50.0843 3528        Parport - ok

17:58:50.0859 3528        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:58:50.0953 3528        PartMgr - ok

17:58:50.0984 3528        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:58:51.0062 3528        ParVdm - ok

17:58:51.0125 3528        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:58:51.0250 3528        PCI - ok

17:58:51.0265 3528        PCIDump - ok

17:58:51.0281 3528        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:58:51.0359 3528        PCIIde - ok

17:58:51.0421 3528        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:58:51.0500 3528        Pcmcia - ok

17:58:51.0515 3528        PDCOMP - ok

17:58:51.0515 3528        PDFRAME - ok

17:58:51.0515 3528        PDRELI - ok

17:58:51.0531 3528        PDRFRAME - ok

17:58:51.0531 3528        perc2 - ok

17:58:51.0531 3528        perc2hib - ok

17:58:51.0625 3528        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:58:51.0625 3528        PlugPlay - ok

17:58:51.0656 3528        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:51.0734 3528        PolicyAgent - ok

17:58:51.0765 3528        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:58:51.0859 3528        PptpMiniport - ok

17:58:51.0859 3528        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:51.0937 3528        ProtectedStorage - ok

17:58:52.0031 3528        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:58:52.0109 3528        PSched - ok

17:58:52.0140 3528        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:58:52.0234 3528        Ptilink - ok

17:58:52.0234 3528        ql1080 - ok

17:58:52.0234 3528        Ql10wnt - ok

17:58:52.0250 3528        ql12160 - ok

17:58:52.0250 3528        ql1240 - ok

17:58:52.0250 3528        ql1280 - ok

17:58:52.0281 3528        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:58:52.0343 3528        RasAcd - ok

17:58:52.0406 3528        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

17:58:52.0468 3528        RasAuto - ok

17:58:52.0515 3528        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:58:52.0593 3528        Rasl2tp - ok

17:58:52.0703 3528        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

17:58:52.0796 3528        RasMan - ok

17:58:52.0812 3528        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:58:52.0906 3528        RasPppoe - ok

17:58:52.0906 3528        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:58:53.0000 3528        Raspti - ok

17:58:53.0078 3528        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:58:53.0203 3528        Rdbss - ok

17:58:53.0234 3528        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:58:53.0328 3528        RDPCDD - ok

17:58:53.0406 3528        RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

17:58:53.0484 3528        RDPWD - ok

17:58:53.0578 3528        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

17:58:53.0656 3528        RDSessMgr - ok

17:58:53.0718 3528        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:58:53.0796 3528        redbook - ok

17:58:53.0843 3528        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

17:58:53.0937 3528        RemoteAccess - ok

17:58:54.0140 3528        RichVideo       (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Programme\Cyberlink\Shared files\RichVideo.exe

17:58:54.0156 3528        RichVideo - ok

17:58:54.0218 3528        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

17:58:54.0296 3528        RpcLocator - ok

17:58:54.0500 3528        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:58:54.0609 3528        RpcSs - ok

17:58:54.0687 3528        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:58:54.0781 3528        RSVP - ok

17:58:54.0859 3528        RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:58:54.0875 3528        RTLE8023xp - ok

17:58:54.0921 3528        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:54.0984 3528        SamSs - ok

17:58:55.0062 3528        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

17:58:55.0187 3528        SCardSvr - ok

17:58:55.0281 3528        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

17:58:55.0375 3528        Schedule - ok

17:58:55.0421 3528        sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

17:58:55.0500 3528        sdbus - ok

17:58:55.0703 3528        SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

17:58:55.0703 3528        SeaPort - ok

17:58:55.0750 3528        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:58:55.0828 3528        Secdrv - ok

17:58:55.0859 3528        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

17:58:55.0953 3528        seclogon - ok

17:58:55.0984 3528        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

17:58:56.0062 3528        SENS - ok

17:58:56.0109 3528        Ser2pl          (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

17:58:56.0156 3528        Ser2pl - ok

17:58:56.0250 3528        Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:58:56.0343 3528        Serenum - ok

17:58:56.0390 3528        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

17:58:56.0468 3528        Serial - ok

17:58:56.0500 3528        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:58:56.0593 3528        Sfloppy - ok

17:58:56.0765 3528        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

17:58:56.0953 3528        SharedAccess - ok

17:58:57.0031 3528        ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:58:57.0109 3528        ShellHWDetection - ok

17:58:57.0109 3528        Simbad - ok

17:58:57.0156 3528        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:58:57.0234 3528        SLIP - ok

17:58:57.0234 3528        Sparrow - ok

17:58:57.0250 3528        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:58:57.0343 3528        splitter - ok

17:58:57.0390 3528        Spooler         (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe

17:58:57.0468 3528        Spooler - ok

17:58:57.0515 3528        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:58:57.0578 3528        sr - ok

17:58:57.0656 3528        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

17:58:57.0750 3528        srservice - ok

17:58:57.0906 3528        Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

17:58:58.0265 3528        Srv - ok

17:58:58.0328 3528        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

17:58:58.0390 3528        SSDPSRV - ok

17:58:58.0437 3528        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:58:58.0437 3528        ssmdrv - ok

17:58:58.0484 3528        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys

17:58:58.0500 3528        StarOpen ( UnsignedFile.Multi.Generic ) - warning

17:58:58.0500 3528        StarOpen - detected UnsignedFile.Multi.Generic (1)

17:58:58.0656 3528        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

17:58:58.0843 3528        stisvc - ok

17:58:58.0890 3528        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:58:58.0968 3528        streamip - ok

17:58:59.0000 3528        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:58:59.0078 3528        swenum - ok

17:58:59.0140 3528        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:58:59.0218 3528        swmidi - ok

17:58:59.0218 3528        SwPrv - ok

17:58:59.0234 3528        symc810 - ok

17:58:59.0234 3528        symc8xx - ok

17:58:59.0250 3528        sym_hi - ok

17:58:59.0250 3528        sym_u3 - ok

17:58:59.0375 3528        SynTP           (86692a9116559222bd2d62633ddc352d) C:\WINDOWS\system32\DRIVERS\SynTP.sys

17:58:59.0406 3528        SynTP - ok

17:58:59.0437 3528        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:58:59.0515 3528        sysaudio - ok

17:58:59.0578 3528        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

17:58:59.0671 3528        SysmonLog - ok

17:58:59.0796 3528        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

17:58:59.0890 3528        TapiSrv - ok

17:59:00.0078 3528        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:59:00.0234 3528        Tcpip - ok

17:59:00.0296 3528        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:59:00.0390 3528        TDPIPE - ok

17:59:00.0406 3528        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:59:00.0500 3528        TDTCP - ok

17:59:00.0750 3528        TelekomNM3      (5d528200679c3b4595b4237e02c077d5) C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys

17:59:00.0750 3528        TelekomNM3 - ok

17:59:00.0843 3528        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:59:00.0968 3528        TermDD - ok

17:59:01.0187 3528        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

17:59:01.0312 3528        TermService - ok

17:59:01.0515 3528        TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

17:59:01.0656 3528        TestHandler - ok

17:59:01.0734 3528        Themes          (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll

17:59:01.0812 3528        Themes - ok

17:59:01.0812 3528        TosIde - ok

17:59:01.0875 3528        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

17:59:01.0953 3528        TrkWks - ok

17:59:02.0203 3528        TVECapSvc       (dec8acebd9cd1f3dd6f4f3a6308d8b94) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

17:59:02.0218 3528        TVECapSvc ( UnsignedFile.Multi.Generic ) - warning

17:59:02.0218 3528        TVECapSvc - detected UnsignedFile.Multi.Generic (1)

17:59:02.0281 3528        TVESched        (7a5a6987397f78b1606bdb5c407d3574) C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

17:59:02.0296 3528        TVESched ( UnsignedFile.Multi.Generic ) - warning

17:59:02.0296 3528        TVESched - detected UnsignedFile.Multi.Generic (1)

17:59:02.0343 3528        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:59:02.0421 3528        Udfs - ok

17:59:02.0421 3528        ultra - ok

17:59:02.0609 3528        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:59:02.0812 3528        Update - ok

17:59:02.0906 3528        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

17:59:02.0984 3528        upnphost - ok

17:59:03.0000 3528        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

17:59:03.0093 3528        UPS - ok

17:59:03.0234 3528        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:59:03.0359 3528        usbccgp - ok

17:59:03.0390 3528        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:59:03.0468 3528        usbehci - ok

17:59:03.0515 3528        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:59:03.0609 3528        usbhub - ok

17:59:03.0656 3528        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:59:03.0734 3528        usbprint - ok

17:59:03.0765 3528        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:59:03.0859 3528        usbscan - ok

17:59:03.0906 3528        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:59:03.0968 3528        USBSTOR - ok

17:59:04.0000 3528        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:59:04.0093 3528        usbuhci - ok

17:59:04.0187 3528        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

17:59:04.0281 3528        usbvideo - ok

17:59:04.0312 3528        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:59:04.0390 3528        VgaSave - ok

17:59:04.0390 3528        ViaIde - ok

17:59:04.0421 3528        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:59:04.0515 3528        VolSnap - ok

17:59:04.0656 3528        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

17:59:04.0718 3528        VSS - ok

17:59:04.0828 3528        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

17:59:04.0921 3528        W32Time - ok

17:59:04.0953 3528        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:59:05.0031 3528        Wanarp - ok

17:59:05.0031 3528        WDICA - ok

17:59:05.0078 3528        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:59:05.0203 3528        wdmaud - ok

17:59:05.0265 3528        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

17:59:05.0375 3528        WebClient - ok

17:59:05.0515 3528        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:59:05.0609 3528        winmgmt - ok

17:59:05.0750 3528        WisLMSvc        (b0e6faa0f0ead4772c545a3737efb47f) C:\Programme\Launch Manager\WisLMSvc.exe

17:59:05.0750 3528        WisLMSvc ( UnsignedFile.Multi.Generic ) - warning

17:59:05.0750 3528        WisLMSvc - detected UnsignedFile.Multi.Generic (1)

17:59:05.0812 3528        WmdmPmSN        (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll

17:59:05.0890 3528        WmdmPmSN - ok

17:59:05.0921 3528        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

17:59:06.0015 3528        WmiAcpi - ok

17:59:06.0109 3528        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:59:06.0328 3528        WmiApSrv - ok

17:59:06.0406 3528        WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:59:06.0500 3528        WS2IFSL - ok

17:59:06.0734 3528        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

17:59:06.0828 3528        wscsvc - ok

17:59:06.0843 3528        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:59:06.0921 3528        WSTCODEC - ok

17:59:06.0953 3528        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

17:59:07.0031 3528        wuauserv - ok

17:59:07.0265 3528        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

17:59:07.0468 3528        WZCSVC - ok

17:59:07.0562 3528        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

17:59:07.0656 3528        xmlprov - ok

17:59:07.0796 3528        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PlayMovie\000.fcl

17:59:07.0796 3528        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok

17:59:07.0875 3528        {95808DC4-FA4A-4C74-92FE-5B863F82066B} (5867ce254625645345c833510d24f124) C:\Programme\HomeCinema\PowerDVD\000.fcl

17:59:07.0875 3528        {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok

17:59:07.0906 3528        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:59:08.0609 3528        \Device\Harddisk0\DR0 - ok

17:59:08.0625 3528        Boot (0x1200)   (1ffc0a734d9502c406ab4afba1c2a60e) \Device\Harddisk0\DR0\Partition0

17:59:08.0625 3528        \Device\Harddisk0\DR0\Partition0 - ok

17:59:08.0625 3528        ============================================================

17:59:08.0625 3528        Scan finished

17:59:08.0625 3528        ============================================================

17:59:08.0625 3388        Detected object count: 12

17:59:08.0625 3388        Actual detected object count: 12

17:59:50.0734 3388        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        AnyDVD ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        AnyDVD ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        ElbyCDIO ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        ElbyCDIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        ElbyDelay ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        ElbyDelay ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0765 3388        Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0765 3388        MDM ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0812 3388        Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0812 3388        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0812 3388        TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0812 3388        TVESched ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:50.0812 3388        WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:50.0812 3388        WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Diesmal hab ich einen Fehler gemacht. Ich hatte AntiVir nicht aus... Vom Internet war ich zwar die meiste Zeit getrennt (ich kam nicht mehr rein, aber gegen Ende des Scans wurde ich wieder automatisch verbunden), aber weiß nicht, ob das einen Unterschied macht. Die Maus hab ich auch mal bewegt... Sry, mein Fehler, falls da jetzt was schief gegangen ist.

Combofix Logfile:

Code:

ComboFix 12-05-30.04 - Marina *** 31.05.2012   7:44.1.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2009.1265 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Marina ***\Desktop\Marina alt\Eigene Dateien\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

c:\dokumente und einstellungen\Marina ***\WINDOWS

c:\windows\AutoRun.ini

c:\windows\IsUn0407.exe

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\ijl11.dll

c:\windows\system32\Temp

c:\windows\system32\Temp\zup\Comct332.ocx

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))

.

.

2012-05-30 14:42 . 2012-05-30 14:42        --------        d-----w-        C:\_OTL

2012-05-30 11:33 . 2012-05-30 11:36        --------        d-----w-        c:\programme\Mozilla Sunbird

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 13:56 . 2012-04-30 18:22        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-21 01:18 . 2012-04-29 10:07        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-27 39408]

"ICQ"="c:\programme\ICQ7.6\ICQ.exe" [2011-10-28 127040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-17 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-17 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-17 150040]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1105920]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"YouCam Mirror Tray icon"="c:\programme\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\Marina ***\Startmenü\Programme\Autostart\

Meine Dienste.lnk - c:\programme\Telekom\Meine Dienste\StartMeineDienste.exe [2012-3-21 269944]

Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2011-11-10 14000128]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\

Meine Dienste.lnk - c:\programme\Telekom\Meine Dienste\StartMeineDienste.exe [2012-3-21 269944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2005-05-19 13:47        57344        ----a-w-        c:\eigene programme\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"NMSAccessU"=2 (0x2)

"Nero BackItUp Scheduler 4.0"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\eigene Programme\\Klebezettel NG\\klebez.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=

"c:\\Programme\\ICQ7.6\\ICQ.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

.

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\programme\HomeCinema\PlayMovie\000.fcl [26.04.2010 16:07 41456]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.02.2010 16:14 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [28.06.2011 20:11 428200]

R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [24.10.2011 09:53 2565632]

R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [26.04.2010 16:09 290909]

R2 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [26.04.2010 16:09 114779]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11.04.2008 17:55 84240]

R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [16.09.2010 17:02 35040]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [27.02.2010 16:21 135664]

S2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [27.02.2010 16:21 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [29.04.2012 12:07 129976]

S3 WisLMSvc;WisLMSvc;c:\programme\Launch Manager\WisLMSvc.exe [27.02.2010 14:08 118784]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 21530952

*NewlyCreated* - 35220302

*Deregistered* - 21530952

*Deregistered* - 35220302

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-27 14:21]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-27 14:21]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.t-online.de

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Marina ***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\programme\ICQ7.6\ICQ.exe

IE: {{A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - {2015C8D4-8534-48DB-B5FB-5C76291F080C} -

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\dokumente und einstellungen\Marina ***\Anwendungsdaten\Mozilla\Firefox\Profiles\m38sq5uq.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www3.k-tv.org/programm

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe

AddRemove-VV_Outloud_Gr_GR - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-31 07:51

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\programme\HomeCinema\PlayMovie\000.fcl"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\programme\HomeCinema\PowerDVD\000.fcl"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(896)

c:\programme\Avira\AntiVir Desktop\avsda.dll

.

Zeit der Fertigstellung: 2012-05-31  07:54:06

ComboFix-quarantined-files.txt  2012-05-31 05:53

.

Vor Suchlauf: 12 Verzeichnis(se), 132.138.188.800 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 132.084.162.560 Bytes frei

.

- - End Of File - - 120DF6D6459D598889CBBDD163FAAB08

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Weiterleitung auf falsche Seiten (Suchmaschinen)

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-05-31 12:24:13

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS545016B9A300 rev.PBBOC64G

Running: snk8w2rs.exe; Driver: C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT                                                                                                                                  BA6F3E2E                                            ZwCreateKey

SSDT                                                                                                                                  BA6F3E24                                            ZwCreateThread

SSDT                                                                                                                                  BA6F3E33                                            ZwDeleteKey

SSDT                                                                                                                                  BA6F3E3D                                            ZwDeleteValueKey

SSDT                                                                                                                                  BA6F3E42                                            ZwLoadKey

SSDT                                                                                                                                  BA6F3E10                                            ZwOpenProcess

SSDT                                                                                                                                  BA6F3E15                                            ZwOpenThread

SSDT                                                                                                                                  BA6F3E4C                                            ZwReplaceKey

SSDT                                                                                                                                  BA6F3E47                                            ZwRestoreKey

SSDT                                                                                                                                  BA6F3E38                                            ZwSetValueKey

 

Code                                                                                                                                  \??\C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys  pIofCallDriver

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys            section is writeable [0xA4FC1400, 0x6EB98, 0xE8000020]

.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA504BC20]  C:\WINDOWS\system32\drivers\hardlock.sys            entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA504BC20]

.protectÿÿÿÿhardlockunknown last code section [0xA504BA00, 0x50CA, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys            unknown last code section [0xA504BA00, 0x50CA, 0xE0000020]

                                                                                                                                      C:\Programme\HomeCinema\PlayMovie\000.fcl           entry point in "" section [0xA4D14000]

.clc                                                                                                                                  C:\Programme\HomeCinema\PlayMovie\000.fcl           unknown last section [0xA4D15000, 0x1000, 0x00000000]

                                                                                                                                      C:\Programme\HomeCinema\PowerDVD\000.fcl            entry point in "" section [0xA4D14000]

.clc                                                                                                                                  C:\Programme\HomeCinema\PowerDVD\000.fcl            unknown last section [0xA4D15000, 0x1000, 0x00000000]

?                                                                                                                                     C:\WINDOWS\system32\Drivers\PROCEXP113.SYS          Das System kann die angegebene Datei nicht finden. !

?                                                                                                                                     C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys      Das System kann die angegebene Datei nicht finden. !

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass0             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice                                                                                                                        \Driver\Kbdclass \Device\KeyboardClass1             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice                                                                                                                        \Driver\Tcpip \Device\Tcp                           fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

--- --- ---

---------------------------

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:26:08 on 31.05.2012

 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures

 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries

 

 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"awlyrpod" (awlyrpod) - ? - C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\awlyrpod.sys  (Hidden registry entry, rootkit activity | File not found)

"catchme" (catchme) - ? - C:\DOKUME~1\MARINA~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys

"Hotkey" (Hotkey) - ? - C:\WINDOWS\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Programme\HomeCinema\PlayMovie\000.fcl

"{95808DC4-FA4A-4C74-92FE-5B863F82066B}" ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) - "Cyberlink Corp." - C:\Programme\HomeCinema\PowerDVD\000.fcl

 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office 2007\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll

"ICQ7.6" - "ICQ, LLC." - C:\Programme\ICQ7.6\ICQ.exe

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{2015C8D4-8534-48DB-B5FB-5C76291F080C} "Toolbar 3.0 der Telekom" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - ? - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll  (File not found)

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Marina Welsch\Startmenü\Programme\Autostart\desktop.ini

"Meine Dienste.lnk" - "Deutsche Telekom AG" - C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe  (Shortcut exists | File exists)

"Netzmanager.lnk" - "Deutsche Telekom AG" - C:\Programme\Netzmanager\netzmanager.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Advanced System Protector" - "Systweak" - "C:\Programme\Advanced System Protector\advancedsystemprotector.exe" autolaunch

"ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.6\ICQ.exe" silent loginmode=4

"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"SystweakASP" - ? - "C:\Programme\RegClean Pro\SystweakASP.exe" /verysilent  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Advanced System Protector" - "Systweak" - "C:\Programme\Advanced System Protector\advancedsystemprotector.exe" autolaunch

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"YouCam Mirror Tray icon" - "CyberLink Corp." - "c:\Programme\CyberLink\YouCam\YouCamTray.exe" /s

 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll

"Canon BJNP Port" - "CANON INC." - C:\WINDOWS\system32\CNMNPPM.DLL

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared files\RichVideo.exe

"Fujitsu Diagnostic Testhandler" (TestHandler) - "Fujitsu Technology Solutions" - C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe  (File not found)

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

"TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Programme\Launch Manager\WisLMSvc.exe

 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Code:

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-31 13:30:54

-----------------------------

13:30:54.203    OS Version: Windows 5.1.2600 Service Pack 3

13:30:54.203    Number of processors: 1 586 0x170A

13:30:54.203    ComputerName: MARINA_NB  UserName: 

13:31:00.421    Initialize success

13:34:48.609    AVAST engine defs: 12053100

13:35:21.171    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:35:21.171    Disk 0 Vendor: Hitachi_HTS545016B9A300 PBBOC64G Size: 152627MB BusType: 3

13:35:21.296    Disk 0 MBR read successfully

13:35:21.296    Disk 0 MBR scan

13:35:21.437    Disk 0 Windows XP default MBR code

13:35:21.437    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 63

13:35:21.453    Disk 0 scanning sectors +312560640

13:35:21.921    Disk 0 scanning C:\WINDOWS\system32\drivers

13:35:57.640    Service scanning

13:36:40.453    Modules scanning

13:37:07.046    Disk 0 trace - called modules:

13:37:07.093    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 

13:37:07.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d7cab8]

13:37:07.593    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d6ab00]

13:37:10.015    AVAST engine scan C:\WINDOWS

13:37:43.765    AVAST engine scan C:\WINDOWS\system32

13:50:18.203    AVAST engine scan C:\WINDOWS\system32\drivers

13:51:40.546    AVAST engine scan C:\Dokumente und Einstellungen\Marina ***

13:52:14.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Marina ***\Desktop\MBR.dat"

13:52:14.859    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Marina ***\Desktop\aswMBR.txt"