Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm steht drauf Verbindung wird hergestellt, bleibt weiß (https://www.trojaner-board.de/118019-weisser-bildschirm-steht-drauf-verbindung-hergestellt-bleibt-weiss.html)

Theodoro 26.06.2012 15:50
Weißer Bildschirm steht drauf Verbindung wird hergestellt, bleibt weiß
 
Hallo
ich habe einen PC mit Windows XP. Vorgesten erschien beim Surfen im Internet plötzlich ein weißer Bildschirm mit der Aufschrift "Bitte warten Verbindung wird hergestellt". Ich habe den PC daraufhin ausgemacht und im Netz recherchiert. Bin dabei auf Trojaner-board gestoßen und habe dort den Beitrag von Cosinus gelesen. Bin mir fast sicher, dass ich mir diesen Verschlüsselungs-Trojaner eingefangen habe. Der Computer lässt sich überhaupt nicht mehr starten auch nicht im abgesicherten Modus.
Ich glaube, dass es hier jemanden gibt, der mir helfen kann. Ich bin selbst nicht besonders versiert wenn es in die Tiefe eines Computers geht.
Bin für jede Hilfe dankbar.
MfG
Theodoro

markusg 27.06.2012 13:33
hi
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Theodoro 28.06.2012 14:23
Hallo
danke für die Antwort, bin den Anweisungen gefolgt und habe die Dateien OTL.txt sowie Extras.TXT erhalten beide hänge ich hier dran.OTL Logfile:
Code:
OTL logfile created on: 6/28/2012 7:49:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows 2000 Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 835.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 111.78 Gb Total Space | 23.59 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 32.38 Gb Free Space | 86.88% Space Free | Partition Type: FAT32
Drive F: | 1007.22 Mb Total Space | 1006.97 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2012/06/25 03:21:48 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 11:17:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 11:17:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/03 02:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/09 15:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 10:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/24 16:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/22 03:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto] -- C:\WINDOWS\system32\cjpcsc.exe -- (cjpcsc)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Programme\TomTom HOME 4\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/22 10:40:22 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/01/02 05:06:10 | 000,234,888 | ---- | M] () [Auto] -- C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2007/08/31 06:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 16:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/29 13:40:44 | 000,179,016 | ---- | M] (T-Systems Enterprise Services GmbH) [Auto] -- C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2007/01/09 12:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled] -- C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/02 12:58:06 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/23 12:06:38 | 000,880,128 | ---- | M] () [Auto] -- C:\Programme\ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/06/22 10:13:42 | 000,147,456 | ---- | M] (T-Systems Nova, Berkom) [On_Demand] -- C:\Programme\T-DSL SpeedManager\tsmsvc.exe -- (TSMService)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/14 15:17:53 | 000,061,440 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\PSSDNSVC.EXE -- (PsShutdownSvc)
SRV - [2003/08/27 04:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Adapter | On_Demand] --  -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand] --  -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] --  -- (SymIM)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] --  -- (kbeepm)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] --  -- (CrystalSysInfo)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/05/08 11:17:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 11:17:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/11/09 15:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 10:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/19 11:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/03/29 07:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cjusb.sys -- (cjusb)
DRV - [2010/06/17 10:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/11/12 08:48:56 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/06/14 09:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/05/31 03:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2007/01/29 13:40:14 | 000,014,536 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand] -- C:\Programme\T-Online\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2007/01/29 12:51:44 | 000,022,856 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2006/10/09 10:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006/10/09 09:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006/10/04 04:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006/03/23 12:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled] -- C:\windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/03/23 12:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2006/03/23 12:00:28 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System] -- C:\windows\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/02/21 15:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/20 13:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/30 12:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 12:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 12:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/08/29 20:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/29 20:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/29 20:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005/03/04 03:24:58 | 000,047,230 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/02/01 07:22:22 | 000,098,560 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/01/06 07:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/21 05:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/15 11:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/15 16:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/04 04:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004/07/08 11:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2004/03/11 11:44:26 | 000,009,696 | ---- | M] (T-Systems Nova GmbH) [Kernel | On_Demand] -- C:\Programme\T-DSL SpeedManager\TNPACKET.SYS -- (TNPacket)
DRV - [2003/12/30 08:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System] -- C:\windows\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2003/07/24 03:34:56 | 000,403,968 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/24 01:23:16 | 000,461,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/12/03 10:23:57 | 000,074,359 | R--- | M] (Analog Devices Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dslpci.sys -- (nicadsl)
DRV - [2002/11/18 10:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002/10/29 06:26:52 | 000,008,360 | R--- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\commagnt.sys -- (CommAgnt)
DRV - [2002/10/25 09:47:48 | 000,031,232 | R--- | M] (Robert Schlabbach) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmspppoe.sys -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2002/10/16 07:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/17 08:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2000/10/15 12:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Programme\T-DSL SpeedManager\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2000/05/25 10:47:28 | 000,397,312 | ---- | M] (Crystal Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cwcwdm.sys -- (cwcwdm) Crystal SoundFusion(tm)
DRV - [2000/05/25 10:47:26 | 000,136,608 | ---- | M] (Crystal Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cwcspud.sys -- (cwcspud) Crystal SoundFusion(tm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\Besitzer_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\Besitzer_ON_C\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found
IE - HKU\Besitzer_ON_C\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof2.dll (Conduit Ltd.)
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Besitzer_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/03/10 04:25:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2012/03/24 11:28:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2012/03/24 11:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/10/19 10:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/11 01:54:37 | 000,000,000 | ---D | M]
 
[2010/06/30 07:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Extensions
[2010/06/30 07:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Extensions\home2@tomtom.com
[2005/03/14 14:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\d5xqt8qi.Standard-Benutzer\extensions
[2005/03/14 14:49:54 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\d5xqt8qi.Standard-Benutzer\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/02/26 07:49:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\lxrbvma9.default\extensions
[2005/02/26 07:49:35 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\lxrbvma9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/17 10:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\extensions
[2009/08/19 13:15:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/07 13:01:25 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/09/25 10:04:46 | 000,000,000 | ---D | M] (Deutsches Wörterbuch) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\extensions\de-DE@dictionaries.addons.mozilla.org
[2012/02/17 10:30:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/05/21 10:28:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/25 07:53:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/08 13:38:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2009/02/07 11:04:00 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2006/05/06 12:42:04 | 007,260,160 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\libvlc.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/22 09:32:04 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npgcplug.dll
[2005/04/27 16:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npracplug.dll
[2004/02/20 16:14:09 | 000,176,177 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npViewpoint.dll
[2006/09/26 06:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/06/28 13:32:02 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009/06/28 13:32:02 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2009/06/28 13:32:02 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2009/06/28 13:32:02 | 000,000,986 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2009/06/28 13:32:02 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/01/20 15:38:00 | 000,001,042 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 64.237.37.47    auto.search.msn.com
O1 - Hosts: 64.237.37.47    auto.search.msn.com
O1 - Hosts: 64.237.37.47    auto.search.msn.com
O1 - Hosts: 64.237.37.47    auto.search.msn.com
O1 - Hosts: 64.237.37.47    auto.search.msn.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {73368910-6EF1-49C9-8FE2-EE7453F81706} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - No CLSID value found.
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AusweisApp 1.8.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (no name) - {D032570A-5F63-4812-A094-87D007C23012} - No CLSID value found.
O2 - BHO: (no name) - {DDA442CE-09C3-48BF-B2E1-8450FE123E8B} - No CLSID value found.
O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Besitzer_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSof2.dll (Conduit Ltd.)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Besitzer_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [bC4lJzJAS4eHdGa] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SoundFusion] C:\windows\System32\cwcprops.cpl (Crystal Semiconductor Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [T-Online Dialerschutz-Software]  File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\.DEFAULT..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\Besitzer_ON_C..\Run: [bC4lJzJAS4eHdGa] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe ()
O4 - HKU\Besitzer_ON_C..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 4\TomTomHOMERunner.exe (TomTom)
O4 - HKU\Besitzer_ON_C..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKU\LocalService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\NetworkService_ON_C..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\Besitzer_ON_C..\RunOnce: [SWHelper] C:\windows\System32\Macromed\Shockwave 10\PostUpdate.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab (Steuerung des DownloadManager )
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123407934578 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wvUoNGAQ: DllName - wvUoNGAQ.dll -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\ssqPgGYp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:\:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {377483c2-e4b4-4ee8-b577-9aed264c8735} - Q822925
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {foMqgAqV-VEhY-fWHG-wpMj-OSQWcWzshdP0} -
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{BC8AB63A-02BF-4C0D-9FDF-2C53CEC66AA3} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: Ip6FwHlp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/16 11:40:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
[2012/06/16 11:39:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ValGor 2
[2012/06/16 11:33:25 | 000,000,000 | ---D | C] -- C:\Programme\Val'Gor - The Beginning
[2012/06/16 11:33:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Val'Gor - The Beginning
[2011/02/07 11:24:47 | 037,719,448 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdbeRdr1000_de_DE.exe
[2006/03/28 14:44:29 | 002,713,600 | ---- | C] (Microsoft Corporation) -- C:\Programme\TweakPower1217.exe
[2006/03/28 14:42:34 | 004,179,293 | ---- | C] (Lavalys, Inc.                                              ) -- C:\Programme\everesthome220.exe
[2006/01/22 09:32:13 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2005/04/23 13:56:53 | 002,826,960 | ---- | C] (InstallShield Software Corporation) -- C:\Programme\ToolbarSetup.exe
[2005/04/01 14:16:31 | 006,711,144 | ---- | C] (Skype Software S.A.                                        ) -- C:\Programme\SkypeSetup.exe
[2005/03/21 14:53:32 | 001,230,096 | ---- | C] (Microsoft Corporation) -- C:\Programme\CleanIt20.exe
[2005/03/21 13:09:46 | 005,524,095 | ---- | C] (O&O Software GmbH                                          ) -- C:\Programme\OOSafeErase2Ger.exe
[2005/03/03 15:20:56 | 000,260,678 | ---- | C] (DVD Shrink) -- C:\Programme\DVD Shrink 2.3 German.exe
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[14 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/26 02:03:20 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 02:03:19 | 000,000,276 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-527237240-725345543-1003.job
[2012/06/26 02:03:08 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/25 09:21:35 | 000,013,758 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/06/25 09:21:26 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 08:43:14 | 000,294,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
[2012/06/25 08:11:04 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/25 06:43:15 | 000,804,208 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012/06/25 03:21:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/06/25 03:21:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/06/20 10:14:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-527237240-725345543-1003.job
[2012/06/18 01:30:01 | 000,000,276 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:34:11 | 000,001,657 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spiel Val'Gor - The Beginning.lnk
[2012/06/16 11:34:11 | 000,001,554 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Weitere fantastische Spiele.lnk
[2012/06/16 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Val'Gor - The Beginning
[2012/06/16 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Games
[2012/06/16 09:57:40 | 000,000,612 | ---- | M] () -- C:\windows\wiso.ini
[2012/06/15 02:03:56 | 000,461,232 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/14 16:29:09 | 000,462,404 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/06/14 16:29:09 | 000,444,016 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/14 16:29:09 | 000,085,764 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/06/14 16:29:09 | 000,072,274 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/14 16:25:34 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2012/06/08 02:30:48 | 000,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/06/02 11:11:25 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012/06/02 09:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll
[2012/06/02 09:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wucltui.dll
[2012/06/02 09:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaucpl.cpl
[2012/06/02 09:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuweb.dll
[2012/06/02 09:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui
[2012/06/02 09:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\cdm.dll
[2012/06/02 09:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\cdm.dll
[2012/06/02 09:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuauclt.exe
[2012/06/02 09:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/02 09:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/02 09:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wups.dll
[2012/06/02 09:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll.mui
[2012/06/02 09:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/02 09:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuapi.dll
[2012/06/02 09:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wuaueng.dll
[2012/05/31 09:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\crypt32.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[14 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/25 08:43:28 | 000,294,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
[2012/06/18 12:36:53 | 000,804,208 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012/06/16 11:34:11 | 000,001,657 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spiel Val'Gor - The Beginning.lnk
[2012/06/16 11:34:11 | 000,001,554 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Weitere fantastische Spiele.lnk
[2012/02/16 12:21:07 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/02/15 09:21:38 | 000,000,396 | ---- | C] () -- C:\windows\hbcikrnl.ini
[2012/02/15 09:21:27 | 000,167,936 | ---- | C] () -- C:\windows\System32\SerialXP.dll
[2012/02/15 09:21:27 | 000,027,648 | ---- | C] () -- C:\windows\System32\win32com.dll
[2012/01/24 11:21:56 | 059,840,884 | ---- | C] () -- C:\Programme\AusweisApp_010700_Windows.zip
[2011/12/08 02:46:48 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011/11/29 09:33:49 | 084,419,032 | ---- | C] () -- C:\Programme\avira_free_antivirus_de1200861.exe
[2011/02/28 06:42:33 | 000,000,566 | ---- | C] () -- C:\windows\System32\SP7302.INI
[2011/01/03 09:40:45 | 000,015,139 | ---- | C] () -- C:\windows\System32\lfqcd11n.dll
[2009/06/09 03:20:05 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logs
[2009/06/09 03:20:05 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Libraries
[2009/06/09 03:20:05 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT
[2009/04/28 01:30:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Ÿ9Ÿ9
[2009/04/27 11:54:48 | 000,000,000 | ---- | C] () -- C:\windows\hpqEmlSz.INI
[2009/04/27 08:13:10 | 000,010,563 | R--- | C] () -- C:\windows\hpwscr19.dat
[2009/04/27 08:10:13 | 000,202,615 | ---- | C] () -- C:\windows\hpwins19.dat
[2009/04/27 08:10:13 | 000,000,997 | R--- | C] () -- C:\windows\hpwmdl19.dat
[2009/02/26 08:02:43 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2008/09/14 15:26:22 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2008/09/03 10:54:46 | 000,000,979 | ---- | C] () -- C:\windows\dokop301.ini
[2008/09/03 10:54:46 | 000,000,024 | ---- | C] () -- C:\windows\SBINET.INI
[2008/07/18 10:53:30 | 046,249,416 | ---- | C] () -- C:\windows\System32\MRT.exe
[2008/07/06 13:30:53 | 000,173,549 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mdbu.bin
[2008/06/21 06:30:02 | 004,406,331 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Geburtstag Gerd.cpr
[2008/06/17 05:38:08 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008/04/11 08:22:04 | 000,000,294 | -HS- | C] () -- C:\windows\System32\cjaatsxy.ini
[2008/04/11 08:15:52 | 000,097,835 | -HS- | C] () -- C:\windows\System32\pYGgPqss.ini
[2008/04/11 08:15:52 | 000,093,535 | -HS- | C] () -- C:\windows\System32\pYGgPqss.ini2
[2008/04/11 05:35:19 | 000,000,202 | ---- | C] () -- C:\windows\wininit.ini
[2008/04/10 07:17:44 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2008/04/10 07:06:29 | 000,000,354 | -HS- | C] () -- C:\windows\System32\arlevmsu.ini
[2008/04/08 08:11:29 | 000,000,354 | -HS- | C] () -- C:\windows\System32\avblkvrc.ini
[2008/04/07 05:01:39 | 000,100,470 | -HS- | C] () -- C:\windows\System32\IOXEKnmp.ini2
[2008/04/07 05:01:39 | 000,100,470 | -HS- | C] () -- C:\windows\System32\IOXEKnmp.ini
[2008/04/07 05:01:29 | 000,004,096 | ---- | C] () -- C:\windows\system32taack.dat
[2008/04/07 05:01:29 | 000,004,096 | ---- | C] () -- C:\windows\system32hxiwlgpm.dat
[2008/04/07 05:01:27 | 000,004,096 | ---- | C] () -- C:\windows\system32ssvchost.com
[2008/04/07 05:01:26 | 000,004,096 | ---- | C] () -- C:\windows\system32bdn.com
[2008/03/03 09:59:55 | 000,003,630 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.plugin141.trace
[2008/02/22 09:18:21 | 000,005,504 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys
[2008/02/10 14:50:20 | 000,000,162 | ---- | C] () -- C:\windows\Gelules.ini
[2008/01/25 12:54:29 | 000,000,039 | ---- | C] () -- C:\windows\eplan.ini
[2007/12/27 13:15:13 | 000,000,612 | ---- | C] () -- C:\windows\wiso.ini
[2007/12/07 15:39:42 | 000,200,850 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mdb.bin
[2007/11/03 03:36:17 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\$_hpcst$.hpc
[2007/05/17 07:35:31 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/03/04 07:11:24 | 000,149,504 | ---- | C] () -- C:\windows\UNWISE.EXE
[2007/03/04 07:11:24 | 000,006,067 | ---- | C] () -- C:\windows\UNWISE.INI
[2007/02/09 12:06:02 | 000,000,155 | ---- | C] () -- C:\windows\abfindungsrechner.INI
[2006/12/21 14:35:03 | 000,000,025 | ---- | C] () -- C:\windows\mixerdef.ini
[2006/07/23 14:18:50 | 000,135,168 | ---- | C] () -- C:\windows\System32\12kCUusd.dll
[2006/06/16 12:15:02 | 000,000,098 | ---- | C] () -- C:\windows\WirelessFTP.INI
[2006/06/15 04:42:25 | 000,000,000 | ---- | C] () -- C:\windows\tosOBEX.INI
[2006/05/24 01:47:57 | 000,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2006/03/28 14:45:20 | 000,581,474 | ---- | C] () -- C:\Programme\InstDFUSpV2.2.exe
[2006/03/28 14:43:00 | 000,990,720 | ---- | C] () -- C:\Programme\bootvis.msi
[2006/02/13 08:29:26 | 000,121,995 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2006/02/04 14:26:09 | 000,069,632 | ---- | C] () -- C:\windows\System32\GkSui18.EXE
[2006/01/21 17:36:15 | 000,000,010 | ---- | C] () -- C:\windows\popcinfo.dat
[2006/01/20 15:37:35 | 000,000,057 | ---- | C] () -- C:\windows\System32\windll.ini
[2006/01/03 18:09:40 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2005/12/31 17:17:06 | 000,000,021 | ---- | C] () -- C:\Programme\AVPersonalAVWIN.INI
[2005/11/06 13:07:37 | 000,000,016 | -H-- | C] () -- C:\Programme\mxfilerelatedcache.mxc2
[2005/10/31 12:57:20 | 000,003,580 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2005/10/30 07:53:11 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Besitzer\mxfilerelatedcache.mxc2
[2005/10/16 07:33:27 | 000,006,768 | ---- | C] () -- C:\windows\mgxoschk.ini
[2005/08/25 11:59:44 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2005/07/15 14:36:35 | 000,524,288 | ---- | C] () -- C:\windows\System32\DivXsm.exe
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\windows\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\windows\System32\ssleay32.dll
[2005/07/15 14:35:24 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2005/06/20 13:21:19 | 000,000,037 | ---- | C] () -- C:\windows\ipixActivex.ini
[2005/03/23 15:52:49 | 000,000,825 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\jap.conf
[2005/03/21 14:54:36 | 000,379,638 | ---- | C] () -- C:\Programme\japsetup.exe
[2005/03/21 13:29:44 | 000,000,115 | ---- | C] () -- C:\windows\KEYTRANS.INI
[2005/03/03 15:20:56 | 000,385,346 | ---- | C] () -- C:\Programme\dvdshrink23german.zip
[2005/03/03 15:20:55 | 000,140,861 | ---- | C] () -- C:\Programme\DVD Shrink 2.3 German.chm
[2005/02/26 11:35:37 | 000,049,152 | ---- | C] () -- C:\windows\System32\ocuser32.bin
[2005/02/26 07:49:25 | 000,099,970 | ---- | C] () -- C:\windows\UninstallFirefox.exe
[2005/02/26 07:49:09 | 000,003,563 | ---- | C] () -- C:\windows\mozver.dat
[2005/01/28 12:40:39 | 071,765,742 | ---- | C] () -- C:\Programme\AOLBanking 4.0.part1.exe
[2005/01/09 10:59:27 | 000,010,240 | ---- | C] () -- C:\windows\System32\vidx16.dll
[2004/12/18 12:00:12 | 000,012,288 | ---- | C] () -- C:\windows\impborl.dll
[2004/12/02 09:20:18 | 000,114,688 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2004/11/22 14:05:05 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wklnhst.dat
[2004/11/02 13:23:48 | 000,000,048 | ---- | C] () -- C:\windows\PacWorld.ini
[2004/10/02 10:46:32 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2004/09/28 13:21:55 | 000,001,231 | ---- | C] () -- C:\windows\P2kRotate.ini
[2004/09/22 04:09:06 | 000,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2004/08/29 15:13:22 | 000,026,112 | ---- | C] () -- C:\windows\tsuninst.exe
[2004/07/25 14:56:59 | 000,000,837 | ---- | C] () -- C:\windows\WaterIllusion.ini
[2004/07/20 11:04:02 | 000,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
[2004/07/12 16:22:28 | 000,008,360 | R--- | C] () -- C:\windows\System32\drivers\commagnt.sys
[2004/07/06 15:22:18 | 000,000,062 | ---- | C] () -- C:\windows\brainbox.ini
[2004/06/24 15:25:04 | 000,000,053 | ---- | C] () -- C:\windows\CCHECK.INI
[2004/06/24 14:23:44 | 000,000,213 | ---- | C] () -- C:\windows\EUROT.INI
[2004/06/24 14:06:42 | 000,000,015 | ---- | C] () -- C:\windows\compedia.ini
[2004/05/31 13:49:41 | 000,073,728 | ---- | C] () -- C:\windows\System32\TxActiveXCombo.dll
[2004/05/24 07:01:10 | 000,200,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/24 06:56:00 | 000,000,021 | ---- | C] () -- C:\windows\VI_setup.ini
[2004/05/23 16:55:09 | 000,000,115 | ---- | C] () -- C:\windows\telephon.ini
[2004/05/23 16:50:06 | 000,000,212 | ---- | C] () -- C:\windows\Winoncd.INI
[2004/05/16 10:27:10 | 000,000,380 | ---- | C] () -- C:\windows\cdplayer.ini
[2004/05/16 09:42:06 | 000,135,168 | ---- | C] () -- C:\windows\System32\TXTUSER.EXE
[2004/05/15 09:46:40 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2004/05/15 07:47:27 | 000,000,799 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.plugin141_03.trace
[2004/05/14 17:09:25 | 000,000,021 | ---- | C] () -- C:\windows\PI_setup.ini
[2004/05/14 17:08:34 | 000,036,864 | ---- | C] () -- C:\windows\CleanDev.exe
[2004/05/14 17:08:34 | 000,001,352 | ---- | C] () -- C:\windows\DC2320.ini
[2004/05/14 15:54:01 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat
[2004/05/14 15:17:53 | 000,061,440 | ---- | C] () -- C:\windows\System32\PSSDNSVC.EXE
[2004/05/14 15:16:13 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2004/05/14 14:40:37 | 000,000,725 | ---- | C] () -- C:\windows\aolback.exe.lnk
[2004/05/14 14:38:59 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2004/05/13 16:18:01 | 000,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2004/05/11 05:08:08 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2004/05/11 05:07:10 | 000,461,232 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2004/05/11 04:33:11 | 000,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2004/05/11 04:32:33 | 000,114,688 | ---- | C] () -- C:\windows\System32\ati2sgag.exe
[2004/05/11 04:30:41 | 000,000,164 | ---- | C] () -- C:\windows\avrack.ini
[2004/05/11 04:30:38 | 000,000,640 | ---- | C] () -- C:\windows\System32\drivers\alcxinit.dat
[2004/05/11 04:20:07 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2004/05/11 04:14:51 | 000,021,740 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2004/04/23 17:02:10 | 000,233,472 | ---- | C] () -- C:\windows\System32\cmirmdrv.exe
[2004/02/24 09:47:17 | 000,286,208 | ---- | C] () -- C:\windows\System32\cncs232.dll
[2004/02/12 02:08:48 | 001,663,068 | ---- | C] () -- C:\windows\System32\libmmd.dll
[2004/01/15 08:43:28 | 000,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
[2004/01/04 14:37:00 | 000,172,110 | ---- | C] () -- C:\windows\System32\nanoBurnVCD.dll
[2003/07/29 09:33:26 | 000,061,440 | ---- | C] () -- C:\windows\System32\TosHidAPI.dll
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2003/02/18 20:26:28 | 000,028,672 | ---- | C] () -- C:\windows\System32\cmirmdrv.dll
[2002/11/19 10:46:20 | 000,039,104 | ---- | C] () -- C:\windows\cmijack.dat
[2002/11/19 10:43:38 | 000,022,178 | ---- | C] () -- C:\windows\cmaudio.dat
[2002/09/11 08:33:19 | 000,280,064 | ---- | C] () -- C:\windows\cncs232.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2002/08/29 08:00:00 | 000,462,404 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2002/08/29 08:00:00 | 000,444,016 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,269,480 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2002/08/29 08:00:00 | 000,085,764 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2002/08/29 08:00:00 | 000,072,274 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2002/08/29 08:00:00 | 000,034,478 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2002/08/20 05:37:50 | 000,093,696 | ---- | C] () -- C:\windows\System32\zlib.dll
[2002/03/08 17:50:20 | 000,044,544 | ---- | C] () -- C:\windows\System32\GIF89.DLL
[2002/03/08 17:40:20 | 000,114,744 | ---- | C] () -- C:\windows\System32\bass.dll
[2001/10/24 10:39:42 | 000,045,056 | ---- | C] () -- C:\windows\WSUtil.exe
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\windows\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\windows\System32\dntvm23.dll
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\windows\System32\dnt23.dll
[2001/01/23 18:31:18 | 000,151,552 | ---- | C] () -- C:\windows\System32\prntfix.exe
[2000/04/14 11:50:02 | 000,343,040 | ---- | C] () -- C:\windows\System32\Lffpx7.dll
[2000/03/01 12:49:20 | 000,028,958 | ---- | C] () -- C:\windows\System32\kart_dbl.dll
[1999/01/26 18:00:00 | 000,114,816 | ---- | C] () -- C:\windows\System32\MSMT4232.DLL
[1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\windows\System32\Iticheck.dll
[1998/06/11 08:08:06 | 000,095,232 | ---- | C] () -- C:\windows\System32\Lfkodak.dll
[1997/08/31 20:00:00 | 000,038,614 | ---- | C] () -- C:\windows\System32\Kart_doj.dll
[1997/08/04 04:17:56 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gf.dll
[1997/08/04 04:16:44 | 001,201,206 | ---- | C] () -- C:\windows\System32\Kart24gd.dll
 
========== LOP Check ==========
 
[2008/03/07 08:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\7Wonders
[2006/12/09 18:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ABC of Pics
[2007/12/22 14:57:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ace
[2008/01/28 11:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia
[2011/11/16 14:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ahnenblatt
[2011/11/15 06:55:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Alawar
[2006/04/03 13:16:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Alive Games
[2011/07/06 10:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\biu software
[2011/02/26 11:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Boomzap
[2009/06/17 01:47:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Broad Intelligence
[2011/12/15 04:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Buhl Data Service
[2012/04/02 02:15:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\BVS Solitaire Collection
[2011/12/02 06:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Canneverbe Limited
[2011/11/13 12:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\CheckPoint
[2010/06/27 10:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2009/11/05 13:42:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Desktopicon
[2012/05/01 10:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\EnchantedCavern2
[2006/03/18 13:23:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FileMaker
[2007/04/09 04:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FlowPlay
[2012/02/19 09:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FlyWheelGames
[2007/12/12 13:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\fotobuch.de AG
[2010/10/21 10:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\FreeDoko
[2012/01/21 12:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Friday's games
[2010/01/02 15:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Gaijin Ent
[2007/07/22 08:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gemsweeperextractedgfx
[2011/02/26 14:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ghost Ship Studios
[2008/11/26 05:14:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\GoPal Assistant
[2007/02/04 09:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Haufe
[2007/03/16 10:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Hulabee
[2005/12/18 12:38:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InterVideo
[2008/06/15 11:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\iWin
[2012/04/07 07:57:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\JaiboGames
[2005/02/15 14:47:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech
[2009/02/08 07:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Lexware
[2012/01/15 09:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MA
[2005/10/16 07:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\MAGIX
[2011/11/15 11:23:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NevoSoft
[2012/03/20 03:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Opera
[2008/03/06 09:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Ordner HP Share-to-Web
[2010/04/15 09:43:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Panasonic
[2011/02/20 11:37:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PlayFirst
[2011/12/05 10:45:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PriceGong
[2012/02/19 09:44:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sahmon Games
[2008/02/22 09:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung
[2004/08/24 11:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\T-DSL SpeedManager
[2008/02/27 05:33:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\T-Online
[2010/06/30 07:41:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TomTom
[2011/10/20 11:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TuneUp Software
[2011/05/04 12:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\URSE Games
[2010/08/22 13:17:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\V-Games
[2012/06/16 11:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
[2012/06/16 11:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ValGor 2
[2011/11/14 11:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\WendigoStudios
[2008/10/23 04:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Wildfire
[2009/08/20 11:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Zylom
[2008/04/11 11:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\T-Online
[2010/10/17 05:09:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aliasworlds
[2011/06/19 11:20:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avalon-Legends-Solitaire
[2011/08/23 11:17:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2007/01/04 15:19:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2011/12/15 04:27:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2009/06/09 03:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\business-inkjet
[2011/12/02 06:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011/11/13 12:02:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2009/11/22 09:02:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Christmasville
[2009/01/29 10:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CrucialSoft Ltd
[2010/07/20 08:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2007/12/12 13:38:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2009/09/23 12:41:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotokasten comfort
[2009/09/21 13:16:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotokasten comfort - Tchibo Edition
[2011/07/17 10:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FujiColor
[2008/09/14 15:26:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fwfwrmbs
[2007/05/17 07:37:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gnab
[2007/01/04 15:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2008/11/16 09:44:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2009/02/08 07:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007/05/12 05:54:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2008/07/14 03:16:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2007/06/20 15:36:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Meine Spiele
[2010/11/12 13:42:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2010/09/14 09:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2008/04/10 07:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nozqzmnw
[2010/04/18 09:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2006/03/05 06:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phenomedia
[2011/09/14 13:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Playrix Entertainment
[2008/01/19 06:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PowerLame
[2012/02/15 09:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REINER SCT
[2008/12/16 15:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rossmann Fotoservice
[2008/12/22 06:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven
[2008/06/17 05:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
[2005/08/25 14:31:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2008/03/01 12:36:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2012/06/25 04:26:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012/06/16 07:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010/06/30 07:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom
[2011/10/20 11:34:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009/06/09 03:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2004/05/14 14:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2008/03/06 04:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010/09/01 02:02:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2011/12/13 11:35:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2007/11/18 07:14:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2007/03/16 10:29:30 | 000,000,000 | ---D | M] -- C:\Downloads
[2004/05/14 15:15:59 | 000,000,000 | ---D | M] -- C:\eece7cf14441f21554a12f6725ee9975
[2008/01/26 10:57:34 | 000,000,000 | ---D | M] -- C:\EPLAN
[2009/11/15 08:41:19 | 000,000,000 | ---D | M] -- C:\Files4Fun
[2010/02/16 07:50:44 | 000,000,000 | ---D | M] -- C:\Games
[2005/03/16 13:34:04 | 000,000,000 | ---D | M] -- C:\Gehaltsrechner
[2004/05/31 13:49:33 | 000,000,000 | ---D | M] -- C:\LEXWARE
[2007/02/03 16:35:57 | 000,000,000 | ---D | M] -- C:\LOADSTREET
[2006/02/05 13:35:27 | 000,000,000 | ---D | M] -- C:\Logik
[2010/04/15 09:42:59 | 000,000,000 | ---D | M] -- C:\MC_TMP
[2008/11/26 04:53:40 | 000,000,000 | ---D | M] -- C:\Medion
[2011/10/12 10:42:31 | 000,000,000 | ---D | M] -- C:\MFT 28
[2011/10/12 10:42:41 | 000,000,000 | ---D | M] -- C:\MFT 63144
[2011/10/12 10:42:56 | 000,000,000 | ---D | M] -- C:\MFT 9050
[2004/05/15 09:42:28 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2006/07/04 03:55:12 | 000,000,000 | ---D | M] -- C:\My Download Files
[2006/03/21 16:27:03 | 000,000,000 | ---D | M] -- C:\My Games
[2004/05/14 14:39:56 | 000,000,000 | ---D | M] -- C:\My Music
[2004/05/14 16:02:18 | 000,000,000 | ---D | M] -- C:\My Shared Folder
[2008/01/23 10:27:20 | 000,000,000 | ---D | M] -- C:\natomic
[2006/03/26 13:54:21 | 000,000,000 | ---D | M] -- C:\OUT_OF_TIME
[2009/11/21 12:10:33 | 000,000,000 | ---D | M] -- C:\Phenomedia AG
[2005/01/16 09:16:36 | 000,000,000 | ---D | M] -- C:\printpck
[2008/04/11 05:37:53 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/06/16 11:33:25 | 000,000,000 | ---D | M] -- C:\Programme
[2012/06/26 13:14:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2004/12/12 12:05:24 | 000,000,000 | ---D | M] -- C:\sceneo
[2008/03/06 09:56:53 | 000,000,000 | ---D | M] -- C:\sj659
[2010/10/16 07:27:02 | 000,000,000 | ---D | M] -- C:\Spiele
[2012/04/01 10:34:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007/01/07 09:31:30 | 000,000,000 | ---D | M] -- C:\Thomas
[2012/06/22 01:05:54 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004/05/14 15:31:46 | 000,000,000 | ---D | M] -- C:\WUTemp
[2005/04/24 05:01:41 | 000,000,000 | ---D | M] -- C:\XP-Spiele
 
< %PROGRAMFILES%\*.exe >
[2011/02/07 11:25:56 | 037,719,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\AdbeRdr1000_de_DE.exe
[2005/01/28 12:56:53 | 071,765,742 | ---- | M] () -- C:\Programme\AOLBanking 4.0.part1.exe
[2011/11/29 09:37:07 | 084,419,032 | ---- | M] () -- C:\Programme\avira_free_antivirus_de1200861.exe
[2005/03/21 14:53:41 | 001,230,096 | ---- | M] (Microsoft Corporation) -- C:\Programme\CleanIt20.exe
[2003/06/20 15:47:08 | 000,260,678 | ---- | M] (DVD Shrink) -- C:\Programme\DVD Shrink 2.3 German.exe
[2006/03/28 14:42:34 | 004,179,293 | ---- | M] (Lavalys, Inc.                                              ) -- C:\Programme\everesthome220.exe
[2006/03/28 14:45:24 | 000,581,474 | ---- | M] () -- C:\Programme\InstDFUSpV2.2.exe
[2005/03/21 14:54:39 | 000,379,638 | ---- | M] () -- C:\Programme\japsetup.exe
[2005/03/21 13:09:48 | 005,524,095 | ---- | M] (O&O Software GmbH                                          ) -- C:\Programme\OOSafeErase2Ger.exe
[2005/04/01 14:16:31 | 006,711,144 | ---- | M] (Skype Software S.A.                                        ) -- C:\Programme\SkypeSetup.exe
[2005/04/23 13:56:53 | 002,826,960 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\ToolbarSetup.exe
[2006/03/28 14:44:29 | 002,713,600 | ---- | M] (Microsoft Corporation) -- C:\Programme\TweakPower1217.exe
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2005/08/25 12:15:19 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/10 12:55:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/08/25 12:15:19 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/10 12:55:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005/08/25 12:15:19 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/10 12:55:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/08/25 12:15:19 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/10 12:55:51 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/28 19:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallq812415$\atapi.sys
[2002/08/29 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2009/06/02 04:35:36 | 000,032,768 | ---- | M] (Panasonic Corporation) MD5=564FC50A602E5EB2392977E8DEBB26C0 -- C:\Programme\Panasonic\HD Writer AE 1.5\EventLog.dll
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2002/08/29 08:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2003/09/25 12:52:01 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=8D928268AFBF31F8A34CE610DA175352 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002/11/22 15:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002/08/29 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallKB826939$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004/05/11 06:06:20 | 000,094,208 | ---- | M] () -- C:\windows\System32\config\default.sav
[2004/05/11 06:06:20 | 000,606,208 | ---- | M] () -- C:\windows\System32\config\software.sav
[2004/05/11 06:06:20 | 000,397,312 | ---- | M] () -- C:\windows\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\dnsapi.dll
[2012/04/23 10:40:08 | 006,105,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll
[2012/04/23 10:40:09 | 000,268,288 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ntdsapi.dll
[2008/04/13 22:22:23 | 000,023,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\psapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\shell32.dll
[14 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB65271$] ->  -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 246 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:06C34166
@Alternate Data Stream - 242 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:870649A4
@Alternate Data Stream - 226 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E2CB42C9
@Alternate Data Stream - 222 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E99D1D3C
@Alternate Data Stream - 222 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:57B374AB
@Alternate Data Stream - 221 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:678C1866
@Alternate Data Stream - 219 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:35629AE6
@Alternate Data Stream - 210 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2D4B33E
@Alternate Data Stream - 209 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:59846E5E
@Alternate Data Stream - 177 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:82C50600
@Alternate Data Stream - 147 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:AE75CCC8
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2D3CB929
@Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:423BBE9A
@Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6EA64886
@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A819A132
@Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2B059D79
@Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E14FA16F
@Alternate Data Stream - 134 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8944C195
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:81405BF2
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:874ADA37
@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C9B27A06
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C43BFB01
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EB5BDBB0
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:329BA65B
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:09867A8B
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0ED4AC2F
@Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5711EF65
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F0AB86C0
< End of report

OTL Extras logfile created on: 6/28/2012 7:49:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Microsoft Windows 2000 Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 835.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 111.78 Gb Total Space | 23.59 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Drive D: | 37.27 Gb Total Space | 32.38 Gb Free Space | 86.88% Space Free | Partition Type: FAT32
Drive F: | 1007.22 Mb Total Space | 1006.97 Mb Free Space | 99.98% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- c:\programme\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Directory [SCHLECKER Foto Digital Service.exe] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\Rar$EX02.359\zetrix.exe" = C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\Rar$EX02.359\zetrix.exe:*:Enabled:zetrix
"F:\Spiele\Kyodai\kyodai2d.exe" = F:\Spiele\Kyodai\kyodai2d.exe:*:Disabled:kyodai2d
"C:\Programme\Gemeinsame Dateien\aol\1165746499\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\aol\1165746499\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Programme\AOL 9.0 VR\waol.exe" = C:\Programme\AOL 9.0 VR\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Programme\Gemeinsame Dateien\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe" = C:\Programme\Gemeinsame Dateien\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe" = C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Programme\AOL 9.0 VRa\waol.exe" = C:\Programme\AOL 9.0 VRa\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dokumente und Einstellungen\Besitzer\Desktop\Spiele\World of Padman\wop.exe" = C:\Dokumente und Einstellungen\Besitzer\Desktop\Spiele\World of Padman\wop.exe:*:Enabled:wop
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D619FC4-4F88-406C-9E78-B948BFC998FA}" = AtlantisQuest
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{230B1666-886F-4C65-B10D-2706800C824A}" = Toggler
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{24AC5D94-D78A-4F7B-8B1A-1613783F52CB}" = Küchen-QUELLE 3D-Onlineplaner
"{25C8D9C5-4B62-4E3B-9EC9-C3D5EBE2AF81}" = Magicians Handbook
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery Zweckform DesignPro 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{339902CB-BDCD-4CDE-88CD-0FA12922C1E7}" = Natalie Brooks
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}" = DVD-Cover Printmaster 1.4
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{4F8697F4-3D30-4BD0-8F26-455C01F4EE8B}" = Integrity Tool
"{5021A2FA-DD7F-43B9-9DE4-B7B2926A37A6}" = Keltis Gold
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{538E852C-1064-46EF-9B24-6EC9B1494792}" = Steuersparer 2011
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{59C95D15-5F24-435E-898D-3806961FC79D}" = Steuer 2006
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{61E8C77E-E4FB-48D3-AA7A-F9A8783C5CC4}" = Steuersparer 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA18859-E9A9-459F-A75E-D05480122D8B}" = Christmas Ville
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{74AFB788-B194-4554-A556-D41D2A1C8A8B}" = Natalie Brooks 2
"{75EA97E2-BAD7-45DF-8196-82A828BF47DC}" = Royal Doppelkopf
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111142333}" = Fish Tycoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1156157}" = Luxor Quest for the Afterlife
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119790943}" = Jewel Quest - The Sleepless Star
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{899BBA33-26AF-4F22-BA05-513FBD61ECDE}" = Snowy - Auf Schatzsuche 3
"{89EC8757-A934-11D6-8732-00105A376200}" = mapserver 4 COM-Module
"{8EC703D0-985E-44C7-A6C2-B6270CE50832}" = Mystery Cookbook
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{96B361E4-A86E-4335-99FF-6C3604788DAB}" = HD Writer AE 1.5
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B954367-8314-4E94-9FFC-D6EFF7C6B674}" = Steuersparer 2010
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A44E9076-6662-516B-CDA2-484084803C4C}" = SCHLECKER FOTOBUCH
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3
"{A89131FD-3D18-4DA8-84C8-622423011B51}_is1" = ALNO AG  Küchenplaner
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2585B70-76F4-11D7-B5FB-00C04F4351FF}" = Backgammon, Schach und co!
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar Ratatouille
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB8A760B-2C7A-47F1-9256-5C8349B6AF48}" = Insectoid 2 Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4B03AEB-33D3-11D7-9D37-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_03
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CA2EDFB8-E74E-450F-A7CD-52CC1025A7DD}" = Schrankplaner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0159C9-17FB-11D6-A76A-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE20E413-E690-49C3-8D0E-C4DECE30DF62}" = ArcSoft VideoImpression 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = TOSHIBA Bluetooth Stack for Windows
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA5EA1A6-CDB7-4BA5-8326-2E986E67AB57}" = Autumn Mahjongg
"{DDF51948-CBF0-4BB7-9A73-1E75A630038D}" = XP Tools 2.7
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E1F2A9A8-AA96-4105-A4EC-C7590AC64853}_is1" = Kartenspiele
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Online Dialerschutz-Software
"{ECE355F2-E477-47db-83DA-6311841ABC23}}_is1" = Sceneo Vcopy Version 1.2
"{EE56DCD1-13FD-435B-BC4C-EE8CD83FF17A}" = AusweisApp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"7 Wonders of the Ancient World" = 7 Wonders of the Ancient World
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ahnenblatt_is1" = Ahnenblatt 2.62
"albumfactory Designer_is1" = albumfactory Designer
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord (D)
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"anotherTetris_is1" = danotherTetris 1.1
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de)
"Ashampoo WinOptimizer Platinum Suite 2" = Ashampoo WinOptimizer Platinum Suite 2
"Ask Toolbar_is1" = Ask Toolbar
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bananarama" = Bananarama
"BFG-10 Tage bis die Welt versinkt - Die Abenteuer von Diana Salinger" = 10 Tage bis die Welt versinkt: Die Abenteuer von Diana Salinger
"BFG-7 Wonders II" = 7 Wonders II
"BFG-Avalon Legends Solitaire" = Avalon Legends Solitaire
"BFG-Awakening - Schloss ohne Traeume" = Awakening: Schloss ohne Tr&auml;ume
"BFGC" = Big Fish Games: Game Manager
"BFG-Der Stamm der Azteken - Neues Land" = Der Stamm der Azteken: Neues Land
"BFG-Enchanted Cavern 2" = Enchanted Cavern 2
"BFG-Heroes of Hellas 3 - Athen" = Heroes of Hellas 3: Athen
"BFG-LandGrabbers" = LandGrabbers
"BFG-Liong - The Lost Amulets" = Liong: The Lost Amulets
"BFG-Luxor 3" = Luxor 3
"BFG-Master of Defense" = Master of Defense
"BFG-Mystery Age - Der kaiserliche Stab" = Mystery Age: Der kaiserliche Stab
"BFG-Nightmare Adventures - Das Verlies der Hexe" = Nightmare Adventures: Das Verlies der Hexe
"BFG-Paradise Quest" = Paradise Quest
"BFG-Pirate Poppers" = Pirate Poppers
"BFG-Roads of Rome II" = Roads of Rome II
"BFG-Season Match 3 - Der Fluch der Kraehe" = Season Match 3 - Der Fluch der Krähe
"BFG-The Stone of Destiny" = The Stone of Destiny
"BFG-The Timebuilders - Pyramid Rising" = The Timebuilders: Pyramid Rising
"BFG-The Treasures of Montezuma 3" = The Treasures of Montezuma 3
"BFG-Val'Gor - The Beginning" = Val'Gor: The Beginning
"BFG-Wonderlines" = Wonderlines (remove only)
"BFG-World Voyage" = World Voyage
"Birdie" = Birdie Shoot (remove only)
"Bound Around (Demo)_is1" = Bound Around (Demo)
"Bubble Odyssey_is1" = Bubble Odyssey 1.0
"ButterflyTetrix" = ButterflyTetrix
"BVSSOL_is1" = BVS Solitaire Sammlung version 4.0
"ClearProg" = ClearProg 1.6.1 Beta 3
"C-Media Audio Driver" = C-Media WDM Audio Driver
"conduitEngine" = Conduit Engine
"de.schlecker.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = SCHLECKER FOTOBUCH
"Designer 2.0_is1" = Designer 2.0
"Die neue Rache der Sumpfhühner" = Die neue Rache der Sumpfhühner
"Digital Camera (3310)" = Digital Camera (3310)
"Dr. Hardware 2005_is1" = Dr. Hardware 2005 6.5.0d
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"Elite Sudoku" = Elite Sudoku
"Fallobst Arcade" = Fallobst Arcade
"Feeding Frenzy Deluxe" = Feeding Frenzy Deluxe
"Fishdom 2 Deluxe_is1" = Fishdom 2 Deluxe
"FKC22153088_is1" = fotokasten comfort
"flottesbienchen" = flottesbienchen
"Flowers" = Flowers
"Fresko" = Fresko
"Google Chrome" = Google Chrome
"HaufeReader" = HaufeReader
"Honey Switch Deluxe" = Honey Switch Deluxe
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Hühner-Attacke Special" = Hühner-Attacke Special
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InCD!UninstallKey" = InCD
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"InterActual Player" = InterActual Player
"IPS" = IPS
"JAP" = JAP
"Java Web Start" = Java Web Start
"Jeton" = Jeton
"Jewel Quest Solitaire Deluxe" = Jewel Quest Solitaire Deluxe
"Karu" = Karu
"Living Rainforest Screensaver" = Living Rainforest Screensaver
"Living Wilderness Screensaver" = Living Wilderness Screensaver
"Luxor" = Luxor (remove only)
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"Luxor Deluxe" = Luxor Deluxe
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic Ball 2" = Magic Ball 2
"Magic Encyclopedia" = Magic Encyclopedia
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 5.5.32.0 (D)
"Marble Pop 3D" = Marble Pop 3D
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monster Truck Challenge_is1" = Monster Truck Challenge
"Moorhuhn - Juwel der Finsternis" = Moorhuhn - Juwel der Finsternis (entfernen)
"Moving Mahjong Setup" = Moving Mahjong Setup
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MPN Photo Organizer" = MPN Photo Organizer
"Mr. Putts Mini Golf" = Mr. Putts Mini Golf
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only)
"Mystic Inn" = Mystic Inn (remove only)
"Nero - Burning Rom" = Nero - Burning Rom
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMediaPlayer" = NeroMediaPlayer
"NeroVision!UninstallKey" = NeroVision Express 2 SE
"Netzmanager" = Netzmanager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"Obsttris" = Obsttris
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.0
"PCFriendly" = PCFriendly
"PCI Audio Driver" = PCI Audio Driver
"Pearl Poppers" = Pearl Poppers
"phonostarRadioPlayer_is1" = phonostar-Player Version 1.50.8
"PixelNet Foto Client" = PixelNet Foto Client 4.3
"Pixelnet_Layouter" = PixelNet Layouter
"PowerLame" = PowerLame (Remove Only)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"RealArcade 1.2" = RealArcade
"Rossmann Fotoservice_is1" = Rossmann Fotoservice 2.6
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SCHLECKER Fotobuch und mehr ..._is1" = SCHLECKER Fotobuch und mehr ...
"Sea Mahjong Setup" = Sea Mahjong Setup
"Secret Of Six Seas" = Secret Of Six Seas
"Shareaza" = Shareaza v1.8
"Shop for HP Supplies" = Shop for HP Supplies
"Skispringen 2006" = Skispringen 2006
"Softonic_Deutsch_FF Toolbar" = Softonic_Deutsch_FF Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Summer Bound_is1" = Summer Bound 1.0
"SuperTetrix" = SuperTetrix
"Sütterlin- und alte Schreibschriften" = Sütterlin- und alte Schreibschriften
"TDSLSM" = T-DSL SpeedManager
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Touch Puf v1.5" = Touch Puf v1.5
"Tumblebugs Deluxe" = Tumblebugs Deluxe
"Turtle Odyssey 2" = Turtle Odyssey 2
"TweakPower" = TweakPower
"Vampirjagd" = Vampirjagd
"ViewpointMediaPlayer" = Viewpoint Media Player
"Water Illusion Screensaver_is1" = Water Illusion Screensaver 1.61
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Wunderland" = Wunderland
"xp-AntiSpy" = xp-AntiSpy 3.93
"XP-Games JRE" = XP-Games JRE
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"603989baa3ce211a" = Foto Quelle Fotobuch
"Aquanoid" = Aquanoid
"Crazy Cong" = Crazy Cong
"Cube" = Cube
"KLIX" = KLIX
"SC08-DE_PRO7" = Ski Challenge 2008
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
 
< End of report >
--- --- ---

Ich hoffe es hilft mein Problem zu lösen.

MfG
Theodoro

markusg 28.06.2012 16:49
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Besitzer_ON_C..\Run: [bC4lJzJAS4eHdGa] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe ()
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Besitzer_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
:Files
C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


wenn dies geklappt hatt:

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Theodoro 29.06.2012 08:30
Hallo
danke für die Antwort, bin den Anweisungen gefolgt, habe fix.txt in das vorgebebene Feld eingefügt. Danach ist aber OTLPE komplett blockiert, d. h. ich kann den fix buton nicht erneut klicken. Wie soll ich weiter machen?

MFG
Teodoro

markusg 29.06.2012 20:05
so wie es da steht, falls es nicht funktioniert, fix per hand eintragen

Theodoro 01.07.2012 14:35
Hallo,
Entschuldigung es hat etwas länger gedauert, war 2 Tage nicht da und nun habe ich die Datei mit Hand eingetragen es entstand folgender Files

========== OTL ==========
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Besitzer
->Temp folder emptied: 349898445 bytes
->Temporary Internet Files folder emptied: 1707260 bytes
->Java cache emptied: 4267314 bytes
->FireFox cache emptied: 7997654 bytes
->Google Chrome cache emptied: 6341197 bytes
->Opera cache emptied: 2086417 bytes
->Flash cache emptied: 5113761 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 2209817 bytes
->Temporary Internet Files folder emptied: 37886 bytes

User: NetworkService
->Temp folder emptied: 2129976 bytes
->Temporary Internet Files folder emptied: 49554 bytes

Total Flash Files Cleaned = 364.00 mb


[EMPTYTEMP]

User: All Users

User: Besitzer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 7790223 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58026214 bytes

Total Files Cleaned = 63.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 07022012_011132

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\IswTmp\Logs\ISWSHEX.swl not found!

Registry entries deleted on Reboot...


PC startet nicht automatisch neu. Den Rest konnte ich deshab noch nicht erledigen.

MfG Theodoro

Hallo,
mit mir muss man etwas Geduld haben, habe nun den PC neu gestartet, er ist auch hochgefahren. Es entstand die Textdatei 07022012_011132.txt.


========== OTL ==========
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Besitzer
->Temp folder emptied: 349898445 bytes
->Temporary Internet Files folder emptied: 1707260 bytes
->Java cache emptied: 4267314 bytes
->FireFox cache emptied: 7997654 bytes
->Google Chrome cache emptied: 6341197 bytes
->Opera cache emptied: 2086417 bytes
->Flash cache emptied: 5113761 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 2209817 bytes
->Temporary Internet Files folder emptied: 37886 bytes

User: NetworkService
->Temp folder emptied: 2129976 bytes
->Temporary Internet Files folder emptied: 49554 bytes

Total Flash Files Cleaned = 364.00 mb


[EMPTYTEMP]

User: All Users

User: Besitzer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 7790223 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58026214 bytes

Total Files Cleaned = 63.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 07022012_011132

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\IswTmp\Logs\ISWSHEX.swl not found!

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\windows\temp\IswTmp\Logs\ISWSHEX.swl not found!

Registry entries deleted on Reboot...


Der Bildschirmhintergrund ist da, die Taskleiste ist da, die Desktopsymbole werden nicht angezeigt. Durch einen Rechtsklick auf den Desktop geschieht nichts, es geht kein Untermenü auf - Ansicht..., Desktopsymbole einblenden wie angegeben.
Wie kann ich weiter vorgehen, bin für weitere Hinweise dankbar.

MfG Theodoro

markusg 02.07.2012 13:42
hi
wir führen jetzt combofix aus, dann startest du neu, blendest die symbole ein und postest bitte das log.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Theodoro 02.07.2012 20:40
Hallo,
habe Combofix heruntergeladen und in der Datei Desktop gespeichert (der Desktop ist leer und es lässt sich auch nichts dort speichern). aus der Datei heraus habe ich Combofix gestartet. Vierenscanner etc. habe ich vorher ausgeschaltet.
Combofix lief vermutlich nicht reibungslos durch. Der angekündigte Logfile entstand nicht. Nach einer Fehlermeldung habe ich den PC neu gestartet und es startete automatisch "C: Autoscan" der sich offensichtlich jetzt bei der fertiggestellten Stufe 10 aufgehangen hat (seit 1 Stunde passiert nichts).
Ich habe den PC nun noch einmal gestartet.
Der Zustand des PC ist dergleiche wie vor der ganzen Aktion (natürlich aus meiner bescheidenen Sicht). Alle Anwendungsdateien und Programme sind vorhanden, es fehlen lediglich die Symbole auf dem Desktop.

Muss der infiziert PC online sein während Combofix läuft? Ich hatte den Eindruck das Combofix etwas braucht was ich nicht auf dem Rechner habe und er es sich aus dem Netz holen wollte.

MfG Theodoro

markusg 02.07.2012 21:17
hi
starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, versuche es dort erneut mit combofix, pc online lassen

Theodoro 02.07.2012 22:03
Hallo,
tut mir leid, der Rat mag ja gut sein, aber auf meinem Desktop wird nichts angezeigt wenn ich F8 drücke, somit kann ich den abgesicherten Modos nicht einstellen.

Wenn Du noch einenTip hast, teile ihn mir bitte mit. Ich werde den Kampf für heute beenden und mache morgen weiter.

MfG Theodoro

markusg 03.07.2012 11:36
hi
drückst du f8 nach neustart?
nicht aus dem laufenden system bitte :-)

Theodoro 03.07.2012 12:59
Hallo,
der nochmalige Versuch war nun erfolgreich, Combofix ist durchgelaufen und es entstand die angekündigte Datei Combofix.txt. Die Symbole auf dem Desktop sind nun wieder da.
Hier die Datei:Combofix Logfile:
Code:
ComboFix 12-07-02.01 - Besitzer 03.07.2012  23:02:10.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.520 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82AE6AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82B7053C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82359844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8293023C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {829E8054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A10054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A288C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A2F914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A33BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A35054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A395E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D4C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A4789C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5811C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5827C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A61304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A63DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6A4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F3D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A725BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A75DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A895E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A90C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A94304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9472C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A954EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A955E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A99474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA060C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA1250-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA48FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA7514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAA7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAC424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC62DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC76DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC86D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ACADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AD760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ADEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE2274-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF2514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF4B24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1744C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B17874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1A59C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B302D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B402CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B43304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4A864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B536D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B53AAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B547D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B6844C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B734CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B76B7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B78BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B80A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B83BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B855E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8A4EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8EC4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8F93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B92754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B93604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B96DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9B6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9C264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9DC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9F25C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA062C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA175C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA3BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAA37C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BABDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAC60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BACC74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB15BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB3754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB82EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BBB8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC3724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD03F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD3514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9B74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDA2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDD584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BE12DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C172FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C4A60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C6390C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C63DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C67DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C7871C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C82DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C86264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C92594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9D8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CAB1BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CACC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB13FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB194C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB3A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB4D14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB76B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB7BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBCBCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC7524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD0314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD2C3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD3B34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD9D7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CDB614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE697C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEAC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEC4E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEF2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF64EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CFD64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D00BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D09054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D11ADC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1B88C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D25054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D273AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D2DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D324FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D32C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D40DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D4EC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D5437C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D6AAB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D80054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8D3F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DB28B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DC239C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCB204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DEF4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DF6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E1B814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E28DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E3030C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E7D5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8F5AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8FAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E94DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82EA05DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\CrucialSoft Ltd
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\config.ini
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\All.zip
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Besitzer\WINDOWS
c:\dokumente und einstellungen\Besitzer\WINDOWS\Screensaver-Living_Wilderness\wilderness.exe
C:\install.exe
c:\programme\AdbeRdr1000_de_DE.exe
c:\programme\avira_free_antivirus_de1200861.exe
c:\programme\MyWay
c:\programme\TweakPower1217.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\sponsoring\sponsor.html
c:\programme\xp-AntiSpy\sponsoring\sponsor.url
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\setupapi.log
c:\windows\system32\arlevmsu.ini
c:\windows\system32\avblkvrc.ini
c:\windows\system32\cjaatsxy.ini
c:\windows\system32\IOXEKnmp.ini
c:\windows\system32\IOXEKnmp.ini2
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\pYGgPqss.ini
c:\windows\system32\pYGgPqss.ini2
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-02 05:14 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-07-02 02:20 . 2012-07-02 23:03        --------        d-----w-        C:\_OTL
2012-06-16 15:40 . 2012-06-16 15:40        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
2012-06-16 15:39 . 2012-06-16 15:39        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\ValGor 2
2012-06-16 15:33 . 2012-06-16 15:34        --------        d-----w-        c:\programme\Val'Gor - The Beginning
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:21 . 2012-04-05 05:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:21 . 2011-06-06 14:51        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-07 19:14        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:19        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2004-08-03 13:01        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-03 12:59        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-08-07 09:46        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 13:00        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-05-11 08:13        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-08-29 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-07 19:14        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-03 13:06        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-05-11 08:13        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-05-14 18:59        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2005-06-17 22:25        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-08-29 12:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-08 15:17 . 2011-11-29 13:38        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:17 . 2011-11-29 13:38        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2002-08-29 12:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-05-11 08:13        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:40 . 2002-08-29 12:00        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-04-23 14:40 . 2004-08-04 07:57        78336        ----a-w-        c:\windows\system32\ieencode.dll
2012-04-23 14:40 . 2002-08-29 12:00        17408        ----a-w-        c:\windows\system32\corpol.dll
2006-03-28 18:45 . 2006-03-28 18:45        581474        ----a-w-        c:\programme\InstDFUSpV2.2.exe
2006-03-28 18:43 . 2006-03-28 18:43        990720        ----a-w-        c:\programme\bootvis.msi
2006-03-28 18:42 . 2006-03-28 18:42        4179293        ----a-w-        c:\programme\everesthome220.exe
2006-01-22 13:32 . 2006-01-22 13:32        774144        ----a-w-        c:\programme\RngInterstitial.dll
2005-04-23 17:56 . 2005-04-23 17:56        2826960        ----a-w-        c:\programme\ToolbarSetup.exe
2005-04-01 18:16 . 2005-04-01 18:16        6711144        ----a-w-        c:\programme\SkypeSetup.exe
2005-03-21 18:54 . 2005-03-21 18:54        379638        ----a-w-        c:\programme\japsetup.exe
2005-03-21 18:53 . 2005-03-21 18:53        1230096        ----a-w-        c:\programme\CleanIt20.exe
2005-03-21 17:09 . 2005-03-21 17:09        5524095        ----a-w-        c:\programme\OOSafeErase2Ger.exe
2005-01-28 16:56 . 2005-01-28 16:40        71765742        ----a-w-        c:\programme\AOLBanking 4.0.part1.exe
2003-06-20 19:47 . 2005-03-03 19:20        260678        ----a-w-        c:\programme\DVD Shrink 2.3 German.exe
2006-05-06 16:42 . 2006-06-04 11:48        7260160        ----a-w-        c:\programme\mozilla firefox\plugins\libvlc.dll
2011-10-19 14:16 . 2011-10-19 14:16        150696        ----a-w-        c:\programme\opera\program\plugins\pnup0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 09:06        365960        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-03-08 13:00        3075520        ----a-w-        c:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}]
2010-10-08 15:30        183096        ----a-w-        c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48b5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\programme\TomTom HOME 4\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"SoundFusion"="cwcprops.cpl" [2000-05-25 88576]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
.
c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2010-3-22 1540096]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\c:\:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"HostManager"=c:\programme\Gemeinsame Dateien\AOL\1165746499\ee\AOLSoftware.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SoundMan"=SOUNDMAN.EXE
"rundll32"=c:\windows\system32\rundll32.exe "c:\windows\system32\yxstaajc.dll"
"C-Media Mixer"=Mixer.exe /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\AOL 9.0a\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Spiele\\Kyodai\\kyodai2d.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1165746499\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VR\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.11.2011 15:38 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [15.02.2012 15:21 14949]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2011 15:38 86224]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [15.02.2012 15:21 511920]
R2 CommAgnt;devolo CommAgent;c:\windows\system32\drivers\commagnt.sys [12.07.2004 22:22 8360]
R2 DFSVC;T-Online Dialerschutz Dienst;c:\programme\T-Online\Dialerschutz-Software\DFInject.exe [29.02.2008 16:48 179016]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [03.11.2011 16:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [03.11.2011 16:44 497280]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [27.02.2008 11:32 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 4\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [27.02.2008 11:32 17280]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\rmspppoe.sys [12.07.2004 22:22 31232]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\drivers\SipIMNDI.sys [29.02.2008 16:48 22856]
S2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [17.06.2009 07:47 234888]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.05.2012 08:31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 07:46 250056]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [15.02.2012 15:21 28144]
S3 DFSYS;T-Online Dialerschutz Hooking Treiber;c:\programme\T-Online\Dialerschutz-Software\DFSYS.sys [29.02.2008 16:48 14536]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S3 kbeepm;kbeepm;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [27.02.2008 11:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [27.02.2008 11:31 17536]
S3 nicadsl;MicroLink ADSL PCI;c:\windows\system32\drivers\dslpci.sys [12.07.2004 21:18 74359]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [14.05.2004 21:17 61440]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [17.05.2004 20:48 15104]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 18:44 9696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:21]
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
Trusted Zone: alice-dsl.de
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13940&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13938&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AusweisApp: {4F3D26C8-9907-48ff-BC74-B8C572D317BF} - c:\programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF - Ext: AusweisApp: {4F0963A3-1658-4fde-9585-23A25CC288BF} - c:\programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
BHO-{73368910-6EF1-49C9-8FE2-EE7453F81706} - (no file)
BHO-{DDA442CE-09C3-48BF-B2E1-8450FE123E8B} - (no file)
HKCU-Run-bC4lJzJAS4eHdGa - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-T-Online Dialerschutz-Software - c:\programme\T-Online\Dialerschutz-Software\Defender.exe
HKLM-Run-bC4lJzJAS4eHdGa - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
Notify-wvUoNGAQ - wvUoNGAQ.dll
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Die neue Rache der Sumpfhühner - c:\windows\ISUN0407.EXE
AddRemove-Flowers - c:\windows\unin0407.exe
AddRemove-HaufeReader - c:\windows\IsUn0407.exe
AddRemove-Jeton - c:\windows\unin0407.exe
AddRemove-Nero - Burning Rom - c:\windows\unin0407.exe
AddRemove-Sütterlin- und alte Schreibschriften - c:\windows\unin0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
AddRemove-Aquanoid - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-Crazy Cong - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-Cube - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-KLIX - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-03 23:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4204)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\wanmpsvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\bin\hpqbam08.exe
c:\programme\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03  23:41:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-03 21:41
.
Vor Suchlauf: 34 Verzeichnis(se), 24.945.266.688 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 25.129.930.752 Bytes frei
.
- - End Of File - - B7F034A69B22555DC14F8C1FD6D7741D
--- --- ---

MfG
Theodoro

markusg 03.07.2012 14:37
hi
start programme zubehör editor
reinkopieren:

Kilall::
Rootkit::
c:\windows\system32\yxstaajc.dll


datei speichern unter, typ alle dateien, speicherort, dort wo sich combofix.exe befindet
name:
cfscript.txt
ziehe cfscript auf combofix perogramm startet, log posten

Theodoro 03.07.2012 16:12
Hallo,
irgend etwas stimmt heute nicht, ich sehe meine Nachricht von heute Mittag nicht. Ich schicke die Datei einfach noch einmal.
Combofix ist durchgelaufen und hat die Log-Datei erstellt. Die Symbole auf dem Bildschirm sind auch wieder vorhanden.

Hier kommt die Datei:Combofix Logfile:
Code:
ComboFix 12-07-02.01 - Besitzer 03.07.2012  23:02:10.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.520 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82AE6AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82B7053C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82359844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8293023C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {829E8054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A10054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A288C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A2F914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A33BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A35054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A395E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D4C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A4789C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5811C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5827C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A61304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A63DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6A4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F3D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A725BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A75DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A895E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A90C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A94304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9472C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A954EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A955E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A99474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA060C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA1250-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA48FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA7514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAA7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAC424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC62DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC76DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC86D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ACADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AD760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ADEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE2274-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF2514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF4B24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1744C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B17874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1A59C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B302D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B402CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B43304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4A864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B536D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B53AAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B547D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B6844C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B734CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B76B7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B78BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B80A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B83BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B855E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8A4EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8EC4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8F93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B92754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B93604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B96DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9B6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9C264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9DC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9F25C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA062C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA175C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA3BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAA37C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BABDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAC60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BACC74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB15BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB3754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB82EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BBB8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC3724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD03F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD3514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9B74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDA2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDD584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BE12DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C172FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C4A60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C6390C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C63DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C67DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C7871C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C82DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C86264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C92594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9D8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CAB1BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CACC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB13FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB194C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB3A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB4D14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB76B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB7BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBCBCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC7524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD0314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD2C3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD3B34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD9D7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CDB614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE697C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEAC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEC4E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEF2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF64EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CFD64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D00BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D09054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D11ADC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1B88C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D25054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D273AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D2DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D324FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D32C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D40DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D4EC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D5437C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D6AAB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D80054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8D3F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DB28B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DC239C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCB204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DEF4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DF6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E1B814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E28DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E3030C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E7D5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8F5AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8FAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E94DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82EA05DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\CrucialSoft Ltd
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\config.ini
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Desktopicon
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\All.zip
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Besitzer\WINDOWS
c:\dokumente und einstellungen\Besitzer\WINDOWS\Screensaver-Living_Wilderness\wilderness.exe
C:\install.exe
c:\programme\AdbeRdr1000_de_DE.exe
c:\programme\avira_free_antivirus_de1200861.exe
c:\programme\MyWay
c:\programme\TweakPower1217.exe
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\sponsoring\sponsor.html
c:\programme\xp-AntiSpy\sponsoring\sponsor.url
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\setupapi.log
c:\windows\system32\arlevmsu.ini
c:\windows\system32\avblkvrc.ini
c:\windows\system32\cjaatsxy.ini
c:\windows\system32\IOXEKnmp.ini
c:\windows\system32\IOXEKnmp.ini2
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\pYGgPqss.ini
c:\windows\system32\pYGgPqss.ini2
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-02 05:14 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-07-02 02:20 . 2012-07-02 23:03        --------        d-----w-        C:\_OTL
2012-06-16 15:40 . 2012-06-16 15:40        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
2012-06-16 15:39 . 2012-06-16 15:39        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\ValGor 2
2012-06-16 15:33 . 2012-06-16 15:34        --------        d-----w-        c:\programme\Val'Gor - The Beginning
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:21 . 2012-04-05 05:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:21 . 2011-06-06 14:51        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-07 19:14        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:19        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2004-08-03 13:01        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-03 12:59        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-08-07 09:46        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 13:00        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-05-11 08:13        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-08-29 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-07 19:14        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-03 13:06        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-05-11 08:13        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-05-14 18:59        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2005-06-17 22:25        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-08-29 12:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-08 15:17 . 2011-11-29 13:38        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:17 . 2011-11-29 13:38        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2002-08-29 12:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-05-11 08:13        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:40 . 2002-08-29 12:00        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-04-23 14:40 . 2004-08-04 07:57        78336        ----a-w-        c:\windows\system32\ieencode.dll
2012-04-23 14:40 . 2002-08-29 12:00        17408        ----a-w-        c:\windows\system32\corpol.dll
2006-03-28 18:45 . 2006-03-28 18:45        581474        ----a-w-        c:\programme\InstDFUSpV2.2.exe
2006-03-28 18:43 . 2006-03-28 18:43        990720        ----a-w-        c:\programme\bootvis.msi
2006-03-28 18:42 . 2006-03-28 18:42        4179293        ----a-w-        c:\programme\everesthome220.exe
2006-01-22 13:32 . 2006-01-22 13:32        774144        ----a-w-        c:\programme\RngInterstitial.dll
2005-04-23 17:56 . 2005-04-23 17:56        2826960        ----a-w-        c:\programme\ToolbarSetup.exe
2005-04-01 18:16 . 2005-04-01 18:16        6711144        ----a-w-        c:\programme\SkypeSetup.exe
2005-03-21 18:54 . 2005-03-21 18:54        379638        ----a-w-        c:\programme\japsetup.exe
2005-03-21 18:53 . 2005-03-21 18:53        1230096        ----a-w-        c:\programme\CleanIt20.exe
2005-03-21 17:09 . 2005-03-21 17:09        5524095        ----a-w-        c:\programme\OOSafeErase2Ger.exe
2005-01-28 16:56 . 2005-01-28 16:40        71765742        ----a-w-        c:\programme\AOLBanking 4.0.part1.exe
2003-06-20 19:47 . 2005-03-03 19:20        260678        ----a-w-        c:\programme\DVD Shrink 2.3 German.exe
2006-05-06 16:42 . 2006-06-04 11:48        7260160        ----a-w-        c:\programme\mozilla firefox\plugins\libvlc.dll
2011-10-19 14:16 . 2011-10-19 14:16        150696        ----a-w-        c:\programme\opera\program\plugins\pnup0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 09:06        365960        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-03-08 13:00        3075520        ----a-w-        c:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}]
2010-10-08 15:30        183096        ----a-w-        c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48b5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\programme\TomTom HOME 4\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"SoundFusion"="cwcprops.cpl" [2000-05-25 88576]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
.
c:\dokumente und einstellungen\Besitzer\Startmenü\Programme\Autostart\
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2010-3-22 1540096]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\c:\:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"HostManager"=c:\programme\Gemeinsame Dateien\AOL\1165746499\ee\AOLSoftware.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SoundMan"=SOUNDMAN.EXE
"rundll32"=c:\windows\system32\rundll32.exe "c:\windows\system32\yxstaajc.dll"
"C-Media Mixer"=Mixer.exe /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\AOL 9.0a\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Spiele\\Kyodai\\kyodai2d.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1165746499\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VR\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.11.2011 15:38 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [15.02.2012 15:21 14949]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2011 15:38 86224]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [15.02.2012 15:21 511920]
R2 CommAgnt;devolo CommAgent;c:\windows\system32\drivers\commagnt.sys [12.07.2004 22:22 8360]
R2 DFSVC;T-Online Dialerschutz Dienst;c:\programme\T-Online\Dialerschutz-Software\DFInject.exe [29.02.2008 16:48 179016]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [03.11.2011 16:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [03.11.2011 16:44 497280]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [27.02.2008 11:32 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 4\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [27.02.2008 11:32 17280]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\rmspppoe.sys [12.07.2004 22:22 31232]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\drivers\SipIMNDI.sys [29.02.2008 16:48 22856]
S2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [17.06.2009 07:47 234888]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.05.2012 08:31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 07:46 250056]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [15.02.2012 15:21 28144]
S3 DFSYS;T-Online Dialerschutz Hooking Treiber;c:\programme\T-Online\Dialerschutz-Software\DFSYS.sys [29.02.2008 16:48 14536]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S3 kbeepm;kbeepm;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [27.02.2008 11:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [27.02.2008 11:31 17536]
S3 nicadsl;MicroLink ADSL PCI;c:\windows\system32\drivers\dslpci.sys [12.07.2004 21:18 74359]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [14.05.2004 21:17 61440]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [17.05.2004 20:48 15104]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 18:44 9696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:21]
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
Trusted Zone: alice-dsl.de
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13940&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13938&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AusweisApp: {4F3D26C8-9907-48ff-BC74-B8C572D317BF} - c:\programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF - Ext: AusweisApp: {4F0963A3-1658-4fde-9585-23A25CC288BF} - c:\programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
BHO-{73368910-6EF1-49C9-8FE2-EE7453F81706} - (no file)
BHO-{DDA442CE-09C3-48BF-B2E1-8450FE123E8B} - (no file)
HKCU-Run-bC4lJzJAS4eHdGa - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-T-Online Dialerschutz-Software - c:\programme\T-Online\Dialerschutz-Software\Defender.exe
HKLM-Run-bC4lJzJAS4eHdGa - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe
Notify-wvUoNGAQ - wvUoNGAQ.dll
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Die neue Rache der Sumpfhühner - c:\windows\ISUN0407.EXE
AddRemove-Flowers - c:\windows\unin0407.exe
AddRemove-HaufeReader - c:\windows\IsUn0407.exe
AddRemove-Jeton - c:\windows\unin0407.exe
AddRemove-Nero - Burning Rom - c:\windows\unin0407.exe
AddRemove-Sütterlin- und alte Schreibschriften - c:\windows\unin0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
AddRemove-Aquanoid - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-Crazy Cong - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-Cube - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
AddRemove-KLIX - c:\dokumente und einstellungen\Besitzer\Desktop\Spiele\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-03 23:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4204)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\wanmpsvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\bin\hpqbam08.exe
c:\programme\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03  23:41:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-03 21:41
.
Vor Suchlauf: 34 Verzeichnis(se), 24.945.266.688 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 25.129.930.752 Bytes frei
.
- - End Of File - - B7F034A69B22555DC14F8C1FD6D7741D
--- --- ---

Wie geht es weiter?

MfG Theodoro

Hallo,
ich habe Combofix nach Deinen Anweisungen erneut gestartet. Folgende Log-Datei ist entstanden:Combofix Logfile:
Code:
ComboFix 12-07-02.01 - Besitzer 04.07.2012  4:01.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.513 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\cfscript.txt
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82AE6AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82B7053C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82359844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8293023C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {829E8054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A10054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A288C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A2F914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A33BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A35054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A395E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D4C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A4789C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5811C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5827C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A61304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A63DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6A4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F3D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A725BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A75DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A895E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A90C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A94304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9472C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A954EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A955E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A99474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA060C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA1250-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA48FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA7514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAA7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAC424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC62DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC76DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC86D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ACADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AD760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ADEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE2274-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF2514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF4B24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1744C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B17874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1A59C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B302D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B402CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B43304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4A864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B536D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B53AAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B547D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B6844C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B734CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B76B7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B78BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B80A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B83BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B855E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8A4EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8EC4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8F93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B92754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B93604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B96DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9B6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9C264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9DC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9F25C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA062C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA175C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA3BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAA37C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BABDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAC60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BACC74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB15BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB3754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB82EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BBB8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC3724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD03F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD3514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9B74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDA2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDD584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BE12DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C172FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C4A60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C6390C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C63DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C67DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C7871C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C82DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C86264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C92594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9D8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CAB1BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CACC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB13FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB194C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB3A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB4D14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB76B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB7BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBCBCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC7524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD0314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD2C3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD3B34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD9D7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CDB614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE697C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEAC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEC4E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEF2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF64EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CFD64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D00BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D09054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D11ADC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1B88C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D25054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D273AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D2DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D324FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D32C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D40DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D4EC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D5437C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D6AAB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D80054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8D3F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DB28B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DC239C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCB204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DEF4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DF6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E1B814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E28DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E3030C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E7D5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8F5AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8FAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E94DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82EA05DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\logs
c:\programme\Mozilla Firefox\components\AskHPRFF.js
c:\windows\iun6002.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32bdn.com
c:\windows\system32hxiwlgpm.dat
c:\windows\system32ssvchost.com
c:\windows\system32taack.dat
c:\windows\system32VBIEWER.OCX
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-02 05:14 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-07-02 02:20 . 2012-07-02 23:03        --------        d-----w-        C:\_OTL
2012-06-16 15:40 . 2012-06-16 15:40        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
2012-06-16 15:39 . 2012-06-16 15:39        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\ValGor 2
2012-06-16 15:33 . 2012-06-16 15:34        --------        d-----w-        c:\programme\Val'Gor - The Beginning
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:21 . 2012-04-05 05:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:21 . 2011-06-06 14:51        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-07 19:14        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:19        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2004-08-03 13:01        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-03 12:59        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-08-07 09:46        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 13:00        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-05-11 08:13        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-08-29 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-07 19:14        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-03 13:06        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-05-11 08:13        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-05-14 18:59        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2005-06-17 22:25        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-08-29 12:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-08 15:17 . 2011-11-29 13:38        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:17 . 2011-11-29 13:38        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2002-08-29 12:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-05-11 08:13        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:40 . 2002-08-29 12:00        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-04-23 14:40 . 2004-08-04 07:57        78336        ----a-w-        c:\windows\system32\ieencode.dll
2012-04-23 14:40 . 2002-08-29 12:00        17408        ----a-w-        c:\windows\system32\corpol.dll
2006-03-28 18:45 . 2006-03-28 18:45        581474        ----a-w-        c:\programme\InstDFUSpV2.2.exe
2006-03-28 18:43 . 2006-03-28 18:43        990720        ----a-w-        c:\programme\bootvis.msi
2006-03-28 18:42 . 2006-03-28 18:42        4179293        ----a-w-        c:\programme\everesthome220.exe
2006-01-22 13:32 . 2006-01-22 13:32        774144        ----a-w-        c:\programme\RngInterstitial.dll
2005-04-23 17:56 . 2005-04-23 17:56        2826960        ----a-w-        c:\programme\ToolbarSetup.exe
2005-04-01 18:16 . 2005-04-01 18:16        6711144        ----a-w-        c:\programme\SkypeSetup.exe
2005-03-21 18:54 . 2005-03-21 18:54        379638        ----a-w-        c:\programme\japsetup.exe
2005-03-21 18:53 . 2005-03-21 18:53        1230096        ----a-w-        c:\programme\CleanIt20.exe
2005-03-21 17:09 . 2005-03-21 17:09        5524095        ----a-w-        c:\programme\OOSafeErase2Ger.exe
2005-01-28 16:56 . 2005-01-28 16:40        71765742        ----a-w-        c:\programme\AOLBanking 4.0.part1.exe
2003-06-20 19:47 . 2005-03-03 19:20        260678        ----a-w-        c:\programme\DVD Shrink 2.3 German.exe
2006-05-06 16:42 . 2006-06-04 11:48        7260160        ----a-w-        c:\programme\mozilla firefox\plugins\libvlc.dll
2011-10-19 14:16 . 2011-10-19 14:16        150696        ----a-w-        c:\programme\opera\program\plugins\pnup0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 09:06        365960        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-03-08 13:00        3075520        ----a-w-        c:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}]
2010-10-08 15:30        183096        ----a-w-        c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48b5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\programme\TomTom HOME 4\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"SoundFusion"="cwcprops.cpl" [2000-05-25 88576]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"T-Online Dialerschutz-Software"="c:\programme\T-Online\Dialerschutz-Software\Defender.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\c:\:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"HostManager"=c:\programme\Gemeinsame Dateien\AOL\1165746499\ee\AOLSoftware.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SoundMan"=SOUNDMAN.EXE
"rundll32"=c:\windows\system32\rundll32.exe "c:\windows\system32\yxstaajc.dll"
"C-Media Mixer"=Mixer.exe /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\AOL 9.0a\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Spiele\\Kyodai\\kyodai2d.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1165746499\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VR\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.11.2011 15:38 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [15.02.2012 15:21 14949]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2011 15:38 86224]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [15.02.2012 15:21 511920]
R2 CommAgnt;devolo CommAgent;c:\windows\system32\drivers\commagnt.sys [12.07.2004 22:22 8360]
R2 DFSVC;T-Online Dialerschutz Dienst;c:\programme\T-Online\Dialerschutz-Software\DFInject.exe [29.02.2008 16:48 179016]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [03.11.2011 16:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [03.11.2011 16:44 497280]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [27.02.2008 11:32 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 4\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [27.02.2008 11:32 17280]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\rmspppoe.sys [12.07.2004 22:22 31232]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\drivers\SipIMNDI.sys [29.02.2008 16:48 22856]
S2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [17.06.2009 07:47 234888]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.05.2012 08:31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 07:46 250056]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [15.02.2012 15:21 28144]
S3 DFSYS;T-Online Dialerschutz Hooking Treiber;c:\programme\T-Online\Dialerschutz-Software\DFSYS.sys [29.02.2008 16:48 14536]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S3 kbeepm;kbeepm;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [27.02.2008 11:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [27.02.2008 11:31 17536]
S3 nicadsl;MicroLink ADSL PCI;c:\windows\system32\drivers\dslpci.sys [12.07.2004 21:18 74359]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [14.05.2004 21:17 61440]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [17.05.2004 20:48 15104]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 18:44 9696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:21]
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
Trusted Zone: alice-dsl.de
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13940&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13938&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AusweisApp: {4F3D26C8-9907-48ff-BC74-B8C572D317BF} - c:\programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF - Ext: AusweisApp: {4F0963A3-1658-4fde-9585-23A25CC288BF} - c:\programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Pixelnet_Layouter - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-04 04:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3308)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\wanmpsvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Netzmanager\netzmanager.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\bin\hpqbam08.exe
c:\programme\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04  04:39:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-04 02:39
ComboFix2.txt  2012-07-03 21:41
.
Vor Suchlauf: 35 Verzeichnis(se), 26.467.344.384 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 26.453.463.040 Bytes frei
.
- - End Of File - - D61ABCB0EDAB2F49FA561BA58CD20DC6
--- --- ---

MfG Theodoro

Hallo,
ich habe Combofix nach Deinen Anweisungen erneut gestartet. Folgende Log-Datei ist entstanden:Combofix Logfile:
Code:
ComboFix 12-07-02.01 - Besitzer 04.07.2012  4:01.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.513 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Besitzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Besitzer\Desktop\cfscript.txt
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82AE6AF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {82B7053C-FFA4-0100-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {BADB0D00-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82359844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8293023C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {829E8054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A10054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A288C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A2F914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A33BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A35054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A395E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A3D4C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A4789C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5811C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5827C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A5F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A61304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A63DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6A4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A6F3D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A725BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A75DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A7C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A895E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A90C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A94304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9472C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A954EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A955E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A99474-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82A9E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA060C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA1250-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA3C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA48FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AA7514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAA7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAC424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AAE5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC62DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC76DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AC86D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ACADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AD760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82ADEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE2274-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5444-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AE5C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF2514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82AF4B24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1744C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B17874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B1A59C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B302D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B402CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B43304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4398C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44534-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B44C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B4A864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B536D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B53AAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B547D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B6844C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B734CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B76B7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B78BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B80A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B83BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B855E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8A4EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8EC4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B8F93C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B92754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B93604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B96DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9B6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9C264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9DC14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82B9F25C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA062C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA175C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BA3BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAA37C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BABDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BAC60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BACC74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB15BC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB3754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BB82EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BBB8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC3724-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BC7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD03F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD3514-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9B74-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BD9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDA2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BDD584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82BE12DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C172FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C4A60C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C6390C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C63DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C67DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C7871C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C82DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C86264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C87DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C92594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C93DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C96BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C97B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82C9D8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CAB1BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CACC3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB0C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB13FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB194C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB3A34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB4D14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB76B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CB7BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBCBCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CBFC34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC4054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC7524-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CC8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD0314-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD2C3C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD3B34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CD9D7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CDB614-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE65E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CE697C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEAC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEC4E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CEF2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF050C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CF64EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82CFD64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D00BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D09054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D11ADC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1B88C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D1DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D25054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D273AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D2DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D324FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D32C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D40DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D4EC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D5437C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D6AAB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D80054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8ADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82D8D3F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DB28B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DBA6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DC239C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCB204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DCCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DEF4F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82DF6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E1B814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E28DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E3030C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E7D5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8F5AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E8FAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82E94DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {82EA05DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\logs
c:\programme\Mozilla Firefox\components\AskHPRFF.js
c:\windows\iun6002.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32bdn.com
c:\windows\system32hxiwlgpm.dat
c:\windows\system32ssvchost.com
c:\windows\system32taack.dat
c:\windows\system32VBIEWER.OCX
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-02 05:14 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-07-02 02:20 . 2012-07-02 23:03        --------        d-----w-        C:\_OTL
2012-06-16 15:40 . 2012-06-16 15:40        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Val'Gor 2
2012-06-16 15:39 . 2012-06-16 15:39        --------        d-----w-        c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\ValGor 2
2012-06-16 15:33 . 2012-06-16 15:34        --------        d-----w-        c:\programme\Val'Gor - The Beginning
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:21 . 2012-04-05 05:46        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:21 . 2011-06-06 14:51        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-06-07 19:14        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:19        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2004-08-03 13:01        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-03 12:59        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-07 19:14        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2005-08-07 09:46        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-03 13:00        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-05-11 08:13        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2002-08-29 12:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-07 19:14        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2004-08-03 13:06        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2004-05-11 08:13        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-05-14 18:59        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2005-06-17 22:25        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2002-08-29 12:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-08 15:17 . 2011-11-29 13:38        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:17 . 2011-11-29 13:38        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2002-08-29 12:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-08-29 03:41        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-05-11 08:13        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:40 . 2002-08-29 12:00        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-04-23 14:40 . 2004-08-04 07:57        78336        ----a-w-        c:\windows\system32\ieencode.dll
2012-04-23 14:40 . 2002-08-29 12:00        17408        ----a-w-        c:\windows\system32\corpol.dll
2006-03-28 18:45 . 2006-03-28 18:45        581474        ----a-w-        c:\programme\InstDFUSpV2.2.exe
2006-03-28 18:43 . 2006-03-28 18:43        990720        ----a-w-        c:\programme\bootvis.msi
2006-03-28 18:42 . 2006-03-28 18:42        4179293        ----a-w-        c:\programme\everesthome220.exe
2006-01-22 13:32 . 2006-01-22 13:32        774144        ----a-w-        c:\programme\RngInterstitial.dll
2005-04-23 17:56 . 2005-04-23 17:56        2826960        ----a-w-        c:\programme\ToolbarSetup.exe
2005-04-01 18:16 . 2005-04-01 18:16        6711144        ----a-w-        c:\programme\SkypeSetup.exe
2005-03-21 18:54 . 2005-03-21 18:54        379638        ----a-w-        c:\programme\japsetup.exe
2005-03-21 18:53 . 2005-03-21 18:53        1230096        ----a-w-        c:\programme\CleanIt20.exe
2005-03-21 17:09 . 2005-03-21 17:09        5524095        ----a-w-        c:\programme\OOSafeErase2Ger.exe
2005-01-28 16:56 . 2005-01-28 16:40        71765742        ----a-w-        c:\programme\AOLBanking 4.0.part1.exe
2003-06-20 19:47 . 2005-03-03 19:20        260678        ----a-w-        c:\programme\DVD Shrink 2.3 German.exe
2006-05-06 16:42 . 2006-06-04 11:48        7260160        ----a-w-        c:\programme\mozilla firefox\plugins\libvlc.dll
2011-10-19 14:16 . 2011-10-19 14:16        150696        ----a-w-        c:\programme\opera\program\plugins\pnup0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-01-02 09:06        365960        ----a-w-        c:\programme\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2012-03-08 13:00        3075520        ----a-w-        c:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}]
2010-10-08 15:30        183096        ----a-w-        c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
"{9d81af43-de53-48d0-a199-42c2a226b24c}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48b5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D81AF43-DE53-48D0-A199-42C2A226B24C}"= "c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll" [2011-01-17 175912]
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"= "c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll" [2010-10-08 183096]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programme\AskBarDis\bar\bin\askBar.dll" [2009-01-02 365960]
.
[HKEY_CLASSES_ROOT\clsid\{9d81af43-de53-48d0-a199-42c2a226b24c}]
.
[HKEY_CLASSES_ROOT\clsid\{9613cb43-ea4c-48b5-878d-13dfe1818efe}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{158050A4-69D6-483e-B6B9-A60FE0C9E03A}]
[HKEY_CLASSES_ROOT\PaybackToolbar.PaybackToolBand]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"TomTomHOME.exe"="c:\programme\TomTom HOME 4\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 335872]
"SoundFusion"="cwcprops.cpl" [2000-05-25 88576]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"ISW"="c:\programme\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\programme\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"T-Online Dialerschutz-Software"="c:\programme\T-Online\Dialerschutz-Software\Defender.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /p \??\c:\:\0autocheck autochk *
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\programme\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOLDialer"=c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
"HostManager"=c:\programme\Gemeinsame Dateien\AOL\1165746499\ee\AOLSoftware.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
"Share-to-Web Namespace Daemon"=c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SoundMan"=SOUNDMAN.EXE
"rundll32"=c:\windows\system32\rundll32.exe "c:\windows\system32\yxstaajc.dll"
"C-Media Mixer"=Mixer.exe /startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\AOL 9.0\\waol.exe"=
"c:\\Programme\\AOL 9.0a\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLDial.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Spiele\\Kyodai\\kyodai2d.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\1165746499\\ee\\aolsoftware.exe"=
"c:\\Programme\\AOL 9.0 VR\\waol.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\Loader\\aolload.exe"=
"c:\\Programme\\Gemeinsame Dateien\\aol\\System Information\\sinf.exe"=
"c:\\Programme\\AOL 9.0 VRa\\waol.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [29.11.2011 15:38 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [15.02.2012 15:21 14949]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [29.11.2011 15:38 86224]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [15.02.2012 15:21 511920]
R2 CommAgnt;devolo CommAgent;c:\windows\system32\drivers\commagnt.sys [12.07.2004 22:22 8360]
R2 DFSVC;T-Online Dialerschutz Dienst;c:\programme\T-Online\Dialerschutz-Software\DFInject.exe [29.02.2008 16:48 179016]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\programme\CheckPoint\ZAForceField\ISWKL.sys [03.11.2011 16:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\programme\CheckPoint\ZAForceField\ISWSVC.exe [03.11.2011 16:44 497280]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [27.02.2008 11:32 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 4\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [27.02.2008 11:32 17280]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\rmspppoe.sys [12.07.2004 22:22 31232]
R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\drivers\SipIMNDI.sys [29.02.2008 16:48 22856]
S2 ASKUpgrade;ASKUpgrade;c:\programme\AskBarDis\bar\bin\ASKUpgrade.exe [17.06.2009 07:47 234888]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.05.2012 08:31 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 07:46 250056]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [15.02.2012 15:21 28144]
S3 DFSYS;T-Online Dialerschutz Hooking Treiber;c:\programme\T-Online\Dialerschutz-Software\DFSYS.sys [29.02.2008 16:48 14536]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [28.12.2010 14:52 136176]
S3 kbeepm;kbeepm;\??\c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys --> c:\dokume~1\Besitzer\LOKALE~1\Temp\kbeepm.sys [?]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [27.02.2008 11:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [27.02.2008 11:31 17536]
S3 nicadsl;MicroLink ADSL PCI;c:\windows\system32\drivers\dslpci.sys [12.07.2004 21:18 74359]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [14.05.2004 21:17 61440]
S3 S6U12AScanner;MUSTEK 1200 CU PLUS Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [17.05.2004 20:48 15104]
S3 TNPacket;T-Systems Nova Packet Capture Driver;c:\programme\T-DSL SpeedManager\TNPACKET.SYS [11.03.2004 18:44 9696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv        REG_MULTI_SZ          Tapisrv
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:21]
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-12-28 12:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar-Suche - c:\programme\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - c:\programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll
Trusted Zone: alice-dsl.de
TCP: DhcpNameServer = 192.168.2.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\sum32kam.Standard-Benutzer\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=13940&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13938&gct=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AusweisApp: {4F3D26C8-9907-48ff-BC74-B8C572D317BF} - c:\programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win
FF - Ext: AusweisApp: {4F0963A3-1658-4fde-9585-23A25CC288BF} - c:\programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Pixelnet_Layouter - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-04 04:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3308)
c:\programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Softonic_Deutsch_FF\prxtbSof2.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\wanmpsvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Netzmanager\netzmanager.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\bin\hpqbam08.exe
c:\programme\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04  04:39:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-04 02:39
ComboFix2.txt  2012-07-03 21:41
.
Vor Suchlauf: 35 Verzeichnis(se), 26.467.344.384 Bytes frei
Nach Suchlauf: 36 Verzeichnis(se), 26.453.463.040 Bytes frei
.
- - End Of File - - D61ABCB0EDAB2F49FA561BA58CD20DC6
--- --- ---

MfG Theodoro

markusg 04.07.2012 13:11
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Theodoro 04.07.2012 17:23
Hallo,
den Scan habe ich durchgefürt, es entsteht die Liste "Treats detecdet" in der 40 Funde dokumentiert sind. Alle sind auf skip gesetzt.
Diese Liste kann ich aber nicht posten. Außerdem entsteht eine Report-Datei. Was soll ich posten und wie? Beide Dateien bzw. Listen lassen sich nicht kopieren und hier einfügen.

MfG Theodoro

markusg 04.07.2012 19:09
die report datei, entweder anhängen oder einkopieren

Theodoro 05.07.2012 07:53
Hallo,
ich habe nun die Reportdatei und kopiere sie hier rein
Reort-Datei:18:37:16.0921 0852 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:37:17.0656 0852 ============================================================
18:37:17.0656 0852 Current date / time: 2012/07/05 18:37:17.0656
18:37:17.0656 0852 SystemInfo:
18:37:17.0656 0852
18:37:17.0656 0852 OS Version: 5.1.2600 ServicePack: 3.0
18:37:17.0656 0852 Product type: Workstation
18:37:17.0656 0852 ComputerName: COMPUTER
18:37:17.0656 0852 UserName: Besitzer
18:37:17.0656 0852 Windows directory: C:\windows
18:37:17.0656 0852 System windows directory: C:\windows
18:37:17.0671 0852 Processor architecture: Intel x86
18:37:17.0671 0852 Number of processors: 2
18:37:17.0671 0852 Page size: 0x1000
18:37:17.0671 0852 Boot type: Normal boot
18:37:17.0671 0852 ============================================================
18:37:19.0609 0852 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:19.0609 0852 Drive \Device\Harddisk1\DR1 - Size: 0x951CC0000 (37.28 Gb), SectorSize: 0x200, Cylinders: 0x1302, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:37:19.0609 0852 ============================================================
18:37:19.0609 0852 \Device\Harddisk0\DR0:
18:37:19.0609 0852 MBR partitions:
18:37:19.0609 0852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
18:37:19.0609 0852 \Device\Harddisk1\DR1:
18:37:19.0609 0852 MBR partitions:
18:37:19.0609 0852 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A8D043
18:37:19.0609 0852 ============================================================
18:37:19.0640 0852 C: <-> \Device\Harddisk0\DR0\Partition0
18:37:19.0640 0852 F: <-> \Device\Harddisk1\DR1\Partition0
18:37:19.0640 0852 ============================================================
18:37:19.0640 0852 Initialize success
18:37:19.0640 0852 ============================================================
18:38:01.0796 4324 ============================================================
18:38:01.0796 4324 Scan started
18:38:01.0796 4324 Mode: Manual; SigCheck; TDLFS;
18:38:01.0796 4324 ============================================================
18:38:02.0281 4324 Abiosdsk - ok
18:38:02.0281 4324 abp480n5 - ok
18:38:02.0343 4324 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\windows\system32\DRIVERS\ACPI.sys
18:38:05.0390 4324 ACPI - ok
18:38:05.0421 4324 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\windows\system32\drivers\ACPIEC.sys
18:38:05.0656 4324 ACPIEC - ok
18:38:05.0734 4324 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:38:05.0812 4324 AdobeFlashPlayerUpdateSvc - ok
18:38:05.0812 4324 adpu160m - ok
18:38:05.0843 4324 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
18:38:06.0062 4324 aec - ok
18:38:06.0093 4324 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\windows\system32\drivers\Afc.sys
18:38:06.0140 4324 Afc ( UnsignedFile.Multi.Generic ) - warning
18:38:06.0140 4324 Afc - detected UnsignedFile.Multi.Generic (1)
18:38:06.0171 4324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
18:38:06.0250 4324 AFD - ok
18:38:06.0296 4324 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\windows\system32\DRIVERS\agp440.sys
18:38:06.0515 4324 agp440 - ok
18:38:06.0531 4324 Aha154x - ok
18:38:06.0546 4324 aic78u2 - ok
18:38:06.0546 4324 aic78xx - ok
18:38:06.0671 4324 ALCXSENS (cc06826e154e78d5ebf82898802a7fec) C:\windows\system32\drivers\ALCXSENS.SYS
18:38:06.0937 4324 ALCXSENS - ok
18:38:07.0000 4324 ALCXWDM (df0736098c648fa95c0720e816cfd63d) C:\windows\system32\drivers\ALCXWDM.SYS
18:38:07.0140 4324 ALCXWDM - ok
18:38:07.0171 4324 Alerter (738d80cc01d7bc7584be917b7f544394) C:\windows\system32\alrsvc.dll
18:38:07.0406 4324 Alerter - ok
18:38:07.0421 4324 ALG (190cd73d4984f94d823f9444980513e5) C:\windows\System32\alg.exe
18:38:07.0609 4324 ALG - ok
18:38:07.0609 4324 AliIde - ok
18:38:07.0625 4324 amsint - ok
18:38:07.0734 4324 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:38:07.0796 4324 AntiVirSchedulerService - ok
18:38:07.0843 4324 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:38:07.0875 4324 AntiVirService - ok
18:38:07.0953 4324 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
18:38:08.0000 4324 AOL ACS - ok
18:38:08.0046 4324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:38:08.0062 4324 Apple Mobile Device - ok
18:38:08.0078 4324 AppMgmt - ok
18:38:08.0078 4324 asc - ok
18:38:08.0093 4324 asc3350p - ok
18:38:08.0109 4324 asc3550 - ok
18:38:08.0187 4324 ASKUpgrade (1f9d6ef4c36cc984689cd85245e31dcf) C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
18:38:08.0281 4324 ASKUpgrade - ok
18:38:08.0375 4324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:38:08.0593 4324 aspnet_state - ok
18:38:08.0625 4324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
18:38:08.0812 4324 AsyncMac - ok
18:38:08.0843 4324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
18:38:09.0031 4324 atapi - ok
18:38:09.0046 4324 Atdisk - ok
18:38:09.0093 4324 Ati HotKey Poller (bba22521d24625c7a7b8d57fb20a812e) C:\windows\system32\Ati2evxx.exe
18:38:09.0250 4324 Ati HotKey Poller - ok
18:38:09.0265 4324 ATI Smart (8b0acb9ad9d903e6e6b36c7667ca3664) C:\WINDOWS\system32\ati2sgag.exe
18:38:09.0296 4324 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:38:09.0312 4324 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:38:09.0406 4324 ati2mtag (07ac9a98ea70b5a6655a5797174bd282) C:\windows\system32\DRIVERS\ati2mtag.sys
18:38:09.0578 4324 ati2mtag - ok
18:38:09.0703 4324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
18:38:09.0906 4324 Atmarpc - ok
18:38:09.0937 4324 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\windows\System32\audiosrv.dll
18:38:10.0140 4324 AudioSrv - ok
18:38:10.0171 4324 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
18:38:10.0375 4324 audstub - ok
18:38:10.0500 4324 Automatic LiveUpdate Scheduler (7c813eb232c7aefa627a12a104dda221) C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
18:38:10.0531 4324 Automatic LiveUpdate Scheduler - ok
18:38:10.0578 4324 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
18:38:10.0796 4324 avgntflt - ok
18:38:10.0843 4324 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
18:38:10.0890 4324 avipbb - ok
18:38:10.0906 4324 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
18:38:10.0937 4324 avkmgr - ok
18:38:10.0984 4324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
18:38:11.0296 4324 Beep - ok
18:38:11.0343 4324 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe
18:38:11.0390 4324 bgsvcgen - ok
18:38:11.0437 4324 BITS (d6f603772a789bb3228f310d650b8bd1) C:\windows\system32\qmgr.dll
18:38:11.0734 4324 BITS - ok
18:38:11.0765 4324 bizVSerial (66f655b08eed3230e059d197c8a1969b) C:\windows\system32\drivers\bizVSerialNT.sys
18:38:11.0828 4324 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
18:38:11.0828 4324 bizVSerial - detected UnsignedFile.Multi.Generic (1)
18:38:12.0421 4324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
18:38:12.0484 4324 Bonjour Service - ok
18:38:12.0531 4324 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\windows\System32\browser.dll
18:38:12.0859 4324 Browser - ok
18:38:12.0906 4324 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\windows\system32\DRIVERS\BthEnum.sys
18:38:13.0203 4324 BthEnum - ok
18:38:13.0234 4324 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\windows\system32\DRIVERS\bthpan.sys
18:38:13.0484 4324 BthPan - ok
18:38:13.0531 4324 BTHPORT (592e1cedbe314d0ef184dc6f46141e76) C:\windows\system32\Drivers\BTHport.sys
18:38:13.0625 4324 BTHPORT - ok
18:38:13.0656 4324 BthServ (26c601ef7525e31379744abfc6f35a1b) C:\windows\System32\bthserv.dll
18:38:13.0921 4324 BthServ - ok
18:38:13.0968 4324 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\windows\system32\Drivers\BTHUSB.sys
18:38:14.0187 4324 BTHUSB - ok
18:38:14.0203 4324 catchme - ok
18:38:14.0234 4324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
18:38:14.0453 4324 cbidf2k - ok
18:38:14.0500 4324 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
18:38:14.0656 4324 CCDECODE - ok
18:38:14.0671 4324 cd20xrnt - ok
18:38:14.0718 4324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
18:38:14.0906 4324 Cdaudio - ok
18:38:14.0937 4324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
18:38:15.0140 4324 Cdfs - ok
18:38:15.0171 4324 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\windows\system32\drivers\cdrbsdrv.sys
18:38:15.0203 4324 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
18:38:15.0203 4324 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
18:38:15.0234 4324 cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
18:38:15.0484 4324 cdrom - ok
18:38:15.0484 4324 Changer - ok
18:38:15.0531 4324 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\windows\system32\cisvc.exe
18:38:15.0703 4324 CiSvc - ok
18:38:15.0765 4324 cjpcsc (8fee4423d682394eb436c975d0a3a994) C:\windows\system32\cjpcsc.exe
18:38:15.0859 4324 cjpcsc - ok
18:38:15.0906 4324 cjusb (b0dfc4adb1ff150ac466f3dad323196a) C:\windows\system32\DRIVERS\cjusb.sys
18:38:15.0937 4324 cjusb - ok
18:38:16.0000 4324 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\windows\system32\clipsrv.exe
18:38:16.0203 4324 ClipSrv - ok
18:38:16.0281 4324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:38:16.0468 4324 clr_optimization_v2.0.50727_32 - ok
18:38:16.0484 4324 CmdIde - ok
18:38:16.0531 4324 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\windows\system32\drivers\cmaudio.sys
18:38:16.0656 4324 cmpci - ok
18:38:16.0734 4324 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\windows\system32\drivers\cmuda.sys
18:38:16.0984 4324 cmuda - ok
18:38:17.0093 4324 CoachUsb (38d7513e99497eb26d3424ab1eea61cd) C:\windows\system32\DRIVERS\CoachUsb.sys
18:38:17.0187 4324 CoachUsb - ok
18:38:17.0234 4324 CoachVc (4c38e9d104e3e79073e6f27647994d3c) C:\windows\system32\DRIVERS\CoachVc.sys
18:38:17.0281 4324 CoachVc - ok
18:38:17.0328 4324 CommAgnt (a45afd7d1c5afc26cc92ab0cefc92a04) C:\windows\system32\DRIVERS\commagnt.sys
18:38:17.0359 4324 CommAgnt ( UnsignedFile.Multi.Generic ) - warning
18:38:17.0359 4324 CommAgnt - detected UnsignedFile.Multi.Generic (1)
18:38:17.0375 4324 COMSysApp - ok
18:38:17.0390 4324 Cpqarray - ok
18:38:17.0437 4324 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\windows\System32\cryptsvc.dll
18:38:17.0640 4324 CryptSvc - ok
18:38:17.0671 4324 CrystalSysInfo - ok
18:38:17.0718 4324 cwcspud (21c937acd961a0be4218dcf2ce364176) C:\windows\system32\drivers\cwcspud.sys
18:38:17.0765 4324 cwcspud ( UnsignedFile.Multi.Generic ) - warning
18:38:17.0765 4324 cwcspud - detected UnsignedFile.Multi.Generic (1)
18:38:17.0812 4324 cwcwdm (774d6cc23b0e8c04f2be717b6e9a96eb) C:\windows\system32\drivers\cwcwdm.sys
18:38:17.0906 4324 cwcwdm ( UnsignedFile.Multi.Generic ) - warning
18:38:17.0906 4324 cwcwdm - detected UnsignedFile.Multi.Generic (1)
18:38:17.0906 4324 dac2w2k - ok
18:38:17.0921 4324 dac960nt - ok
18:38:17.0968 4324 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\system32\rpcss.dll
18:38:18.0062 4324 DcomLaunch - ok
18:38:18.0109 4324 DFSVC (31d00aedba4a1dc84919c7bada974a88) C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
18:38:18.0156 4324 DFSVC - ok
18:38:18.0171 4324 DFSYS (01a24a444594994f5fe33b28181dca37) C:\Programme\T-Online\Dialerschutz-Software\DFSYS.SYS
18:38:18.0203 4324 DFSYS - ok
18:38:18.0265 4324 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\windows\System32\dhcpcsvc.dll
18:38:18.0484 4324 Dhcp - ok
18:38:18.0515 4324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
18:38:18.0750 4324 Disk - ok
18:38:18.0750 4324 dmadmin - ok
18:38:18.0812 4324 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\windows\system32\drivers\dmboot.sys
18:38:19.0078 4324 dmboot - ok
18:38:19.0125 4324 dmio (53720ab12b48719d00e327da470a619a) C:\windows\system32\drivers\dmio.sys
18:38:19.0328 4324 dmio - ok
18:38:19.0375 4324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
18:38:19.0593 4324 dmload - ok
18:38:19.0625 4324 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\windows\System32\dmserver.dll
18:38:19.0812 4324 dmserver - ok
18:38:19.0828 4324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
18:38:20.0031 4324 DMusic - ok
18:38:20.0062 4324 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\windows\System32\dnsrslvr.dll
18:38:20.0125 4324 Dnscache - ok
18:38:20.0156 4324 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\windows\System32\dot3svc.dll
18:38:20.0812 4324 Dot3svc - ok
18:38:20.0812 4324 dpti2o - ok
18:38:20.0843 4324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
18:38:21.0031 4324 drmkaud - ok
18:38:21.0046 4324 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\windows\System32\eapsvc.dll
18:38:21.0218 4324 EapHost - ok
18:38:21.0265 4324 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\windows\System32\ersvc.dll
18:38:21.0578 4324 ERSvc - ok
18:38:21.0609 4324 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
18:38:21.0671 4324 Eventlog - ok
18:38:21.0718 4324 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
18:38:21.0796 4324 EventSystem - ok
18:38:21.0859 4324 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
18:38:22.0078 4324 Fastfat - ok
18:38:22.0109 4324 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
18:38:22.0171 4324 FastUserSwitchingCompatibility - ok
18:38:22.0203 4324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
18:38:22.0375 4324 Fdc - ok
18:38:22.0406 4324 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\windows\system32\drivers\Fips.sys
18:38:22.0625 4324 Fips - ok
18:38:22.0656 4324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
18:38:22.0859 4324 Flpydisk - ok
18:38:22.0875 4324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
18:38:23.0093 4324 FltMgr - ok
18:38:23.0234 4324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:38:23.0265 4324 FontCache3.0.0.0 - ok
18:38:23.0281 4324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
18:38:23.0515 4324 Fs_Rec - ok
18:38:23.0531 4324 Ftdisk (8f1955ce42e1484714b542f341647778) C:\windows\system32\DRIVERS\ftdisk.sys
18:38:23.0765 4324 Ftdisk - ok
18:38:23.0781 4324 gameenum (065639773d8b03f33577f6cdaea21063) C:\windows\system32\DRIVERS\gameenum.sys
18:38:23.0984 4324 gameenum - ok
18:38:24.0015 4324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:38:24.0031 4324 GEARAspiWDM - ok
18:38:24.0078 4324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
18:38:24.0343 4324 Gpc - ok
18:38:24.0468 4324 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:38:24.0546 4324 gupdate - ok
18:38:24.0562 4324 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
18:38:24.0593 4324 gupdatem - ok
18:38:24.0656 4324 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:38:24.0953 4324 helpsvc - ok
18:38:25.0000 4324 hidgame (923ee4eef2582909a056904ca8026015) C:\windows\system32\DRIVERS\hidgame.sys
18:38:25.0265 4324 hidgame - ok
18:38:25.0312 4324 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\windows\System32\hidserv.dll
18:38:25.0578 4324 HidServ - ok
18:38:25.0609 4324 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
18:38:25.0875 4324 HidUsb - ok
18:38:25.0906 4324 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\windows\System32\kmsvc.dll
18:38:26.0156 4324 hkmsvc - ok
18:38:26.0171 4324 hpn - ok
18:38:26.0250 4324 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
18:38:26.0296 4324 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
18:38:26.0296 4324 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
18:38:26.0312 4324 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
18:38:26.0328 4324 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
18:38:26.0328 4324 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
18:38:26.0375 4324 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
18:38:26.0546 4324 HPZid412 - ok
18:38:26.0578 4324 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
18:38:26.0625 4324 HPZipr12 - ok
18:38:26.0671 4324 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
18:38:26.0734 4324 HPZius12 - ok
18:38:26.0781 4324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
18:38:26.0875 4324 HTTP - ok
18:38:26.0921 4324 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\windows\System32\w3ssl.dll
18:38:27.0156 4324 HTTPFilter - ok
18:38:27.0171 4324 i2omgmt - ok
18:38:27.0187 4324 i2omp - ok
18:38:27.0218 4324 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\windows\system32\DRIVERS\i8042prt.sys
18:38:27.0421 4324 i8042prt - ok
18:38:27.0484 4324 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:38:27.0531 4324 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:38:27.0531 4324 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:38:27.0656 4324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:38:27.0859 4324 idsvc - ok
18:38:27.0953 4324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
18:38:28.0156 4324 Imapi - ok
18:38:28.0203 4324 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\windows\system32\imapi.exe
18:38:28.0390 4324 ImapiService - ok
18:38:28.0437 4324 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\windows\system32\drivers\InCDfs.sys
18:38:28.0468 4324 InCDfs ( UnsignedFile.Multi.Generic ) - warning
18:38:28.0468 4324 InCDfs - detected UnsignedFile.Multi.Generic (1)
18:38:28.0484 4324 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\windows\system32\DRIVERS\InCDPass.sys
18:38:28.0515 4324 InCDPass ( UnsignedFile.Multi.Generic ) - warning
18:38:28.0515 4324 InCDPass - detected UnsignedFile.Multi.Generic (1)
18:38:28.0531 4324 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\windows\system32\drivers\InCDrec.sys
18:38:28.0562 4324 InCDrec ( UnsignedFile.Multi.Generic ) - warning
18:38:28.0562 4324 InCDrec - detected UnsignedFile.Multi.Generic (1)
18:38:28.0609 4324 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\windows\system32\drivers\incdrm.sys
18:38:28.0625 4324 incdrm ( UnsignedFile.Multi.Generic ) - warning
18:38:28.0625 4324 incdrm - detected UnsignedFile.Multi.Generic (1)
18:38:28.0812 4324 InCDsrv (394bf2329ac168f253c74e1eead15fac) C:\Programme\Ahead\InCD\InCDsrv.exe
18:38:28.0875 4324 Suspicious file (NoAccess): C:\Programme\Ahead\InCD\InCDsrv.exe. md5: 394bf2329ac168f253c74e1eead15fac
18:38:28.0875 4324 InCDsrv ( LockedFile.Multi.Generic ) - warning
18:38:28.0875 4324 InCDsrv - detected LockedFile.Multi.Generic (1)
18:38:28.0890 4324 ini910u - ok
18:38:28.0906 4324 IntelIde - ok
18:38:28.0953 4324 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\windows\system32\DRIVERS\intelppm.sys
18:38:29.0156 4324 intelppm - ok
18:38:29.0171 4324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
18:38:29.0375 4324 Ip6Fw - ok
18:38:29.0421 4324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:38:29.0640 4324 IpFilterDriver - ok
18:38:29.0687 4324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
18:38:29.0875 4324 IpInIp - ok
18:38:29.0890 4324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
18:38:30.0078 4324 IpNat - ok
18:38:30.0203 4324 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Programme\iPod\bin\iPodService.exe
18:38:30.0265 4324 iPod Service - ok
18:38:30.0296 4324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
18:38:30.0625 4324 IPSec - ok
18:38:30.0671 4324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
18:38:30.0843 4324 IRENUM - ok
18:38:30.0859 4324 isapnp (6dfb88f64135c525433e87648bda30de) C:\windows\system32\DRIVERS\isapnp.sys
18:38:31.0031 4324 isapnp - ok
18:38:31.0109 4324 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Programme\CheckPoint\ZAForceField\ISWKL.sys
18:38:31.0156 4324 ISWKL - ok
18:38:31.0203 4324 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) C:\Programme\CheckPoint\ZAForceField\IswSvc.exe
18:38:31.0281 4324 IswSvc - ok
18:38:31.0390 4324 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Programme\Java\jre6\bin\jqs.exe
18:38:31.0406 4324 JavaQuickStarterService - ok
18:38:31.0437 4324 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\windows\system32\DRIVERS\kbdclass.sys
18:38:31.0703 4324 Kbdclass - ok
18:38:31.0750 4324 kbdhid (b6d6c117d771c98130497265f26d1882) C:\windows\system32\DRIVERS\kbdhid.sys
18:38:31.0921 4324 kbdhid - ok
18:38:32.0046 4324 kbeepm - ok
18:38:32.0062 4324 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
18:38:32.0265 4324 kmixer - ok
18:38:32.0312 4324 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
18:38:32.0421 4324 KSecDD - ok
18:38:32.0453 4324 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\windows\System32\srvsvc.dll
18:38:32.0515 4324 lanmanserver - ok
18:38:32.0562 4324 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\windows\System32\wkssvc.dll
18:38:32.0625 4324 lanmanworkstation - ok
18:38:32.0625 4324 lbrtfdc - ok
18:38:32.0859 4324 LiveUpdate (63ed50a6ed61829c2def5b733d258a05) C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE
18:38:33.0000 4324 LiveUpdate - ok
18:38:33.0109 4324 LmHosts (636714b7d43c8d0c80449123fd266920) C:\windows\System32\lmhsvc.dll
18:38:33.0296 4324 LmHosts - ok
18:38:33.0390 4324 MACNDIS5 (e949d673842858d458f7e6bcd46a2a5d) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
18:38:33.0421 4324 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0421 4324 MACNDIS5 - detected UnsignedFile.Multi.Generic (1)
18:38:33.0468 4324 Messenger (b7550a7107281d170ce85524b1488c98) C:\windows\System32\msgsvc.dll
18:38:33.0656 4324 Messenger - ok
18:38:33.0703 4324 MIINPazX (5e5024d9e2351db2563b30912b4c4146) C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
18:38:33.0750 4324 MIINPazX ( UnsignedFile.Multi.Generic ) - warning
18:38:33.0750 4324 MIINPazX - detected UnsignedFile.Multi.Generic (1)
18:38:33.0828 4324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
18:38:34.0015 4324 mnmdd - ok
18:38:34.0062 4324 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
18:38:34.0250 4324 mnmsrvc - ok
18:38:34.0281 4324 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\windows\system32\drivers\Modem.sys
18:38:34.0468 4324 Modem - ok
18:38:34.0515 4324 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\windows\system32\drivers\MODEMCSA.sys
18:38:34.0718 4324 MODEMCSA - ok
18:38:34.0750 4324 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\windows\system32\DRIVERS\mouclass.sys
18:38:34.0921 4324 Mouclass - ok
18:38:34.0968 4324 mouhid (66a6f73c74e1791464160a7065ce711a) C:\windows\system32\DRIVERS\mouhid.sys
18:38:35.0156 4324 mouhid - ok
18:38:35.0187 4324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
18:38:35.0421 4324 MountMgr - ok
18:38:35.0421 4324 mraid35x - ok
18:38:35.0453 4324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
18:38:35.0671 4324 MRxDAV - ok
18:38:35.0734 4324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
18:38:35.0859 4324 MRxSmb - ok
18:38:35.0906 4324 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
18:38:36.0078 4324 MSDTC - ok
18:38:36.0125 4324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
18:38:36.0437 4324 Msfs - ok
18:38:36.0437 4324 MSIServer - ok
18:38:36.0468 4324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
18:38:36.0765 4324 MSKSSRV - ok
18:38:36.0781 4324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
18:38:37.0078 4324 MSPCLOCK - ok
18:38:37.0093 4324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
18:38:37.0296 4324 MSPQM - ok
18:38:37.0328 4324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
18:38:37.0562 4324 mssmbios - ok
18:38:37.0593 4324 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
18:38:37.0859 4324 MSTEE - ok
18:38:37.0953 4324 MTOnlPktAlyX (493138c4f4119e938427da02486f09cb) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
18:38:37.0984 4324 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - warning
18:38:37.0984 4324 MTOnlPktAlyX - detected UnsignedFile.Multi.Generic (1)
18:38:38.0031 4324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
18:38:38.0093 4324 Mup - ok
18:38:38.0156 4324 MZCCntrl (5f9ba398f88fc8928ea6dbd5d144cfca) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
18:38:38.0171 4324 MZCCntrl ( UnsignedFile.Multi.Generic ) - warning
18:38:38.0171 4324 MZCCntrl - detected UnsignedFile.Multi.Generic (1)
18:38:38.0218 4324 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
18:38:38.0421 4324 NABTSFEC - ok
18:38:38.0468 4324 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\windows\System32\qagentrt.dll
18:38:38.0671 4324 napagent - ok
18:38:38.0703 4324 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
18:38:38.0890 4324 NDIS - ok
18:38:38.0921 4324 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
18:38:39.0078 4324 NdisIP - ok
18:38:39.0125 4324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
18:38:39.0171 4324 NdisTapi - ok
18:38:39.0203 4324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
18:38:39.0375 4324 Ndisuio - ok
18:38:39.0406 4324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
18:38:39.0593 4324 NdisWan - ok
18:38:39.0625 4324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
18:38:39.0671 4324 NDProxy - ok
18:38:39.0703 4324 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
18:38:39.0734 4324 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:38:39.0734 4324 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:38:39.0796 4324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
18:38:39.0984 4324 NetBIOS - ok
18:38:40.0015 4324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
18:38:40.0218 4324 NetBT - ok
18:38:40.0265 4324 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
18:38:40.0484 4324 NetDDE - ok
18:38:40.0500 4324 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\windows\system32\netdde.exe
18:38:40.0656 4324 NetDDEdsdm - ok
18:38:40.0671 4324 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
18:38:40.0843 4324 Netlogon - ok
18:38:40.0890 4324 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\windows\System32\netman.dll
18:38:41.0093 4324 Netman - ok
18:38:41.0187 4324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:38:41.0234 4324 NetTcpPortSharing - ok
18:38:41.0328 4324 Netzmanager Service (450d0d2062c54dda23583a78c0eb63d9) C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
18:38:41.0343 4324 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0343 4324 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
18:38:41.0375 4324 nicadsl (9a85745b470606d4a3e16b8fd831535b) C:\windows\system32\DRIVERS\dslpci.sys
18:38:41.0421 4324 nicadsl ( UnsignedFile.Multi.Generic ) - warning
18:38:41.0421 4324 nicadsl - detected UnsignedFile.Multi.Generic (1)
18:38:41.0468 4324 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\windows\System32\mswsock.dll
18:38:42.0046 4324 Nla - ok
18:38:42.0093 4324 nm (1e421a6bcf2203cc61b821ada9de878b) C:\windows\system32\DRIVERS\NMnt.sys
18:38:42.0343 4324 nm - ok
18:38:42.0421 4324 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe
18:38:42.0453 4324 NMSAccess - ok
18:38:42.0468 4324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
18:38:42.0640 4324 Npfs - ok
18:38:42.0687 4324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
18:38:42.0953 4324 Ntfs - ok
18:38:42.0984 4324 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\windows\System32\lsass.exe
18:38:43.0156 4324 NtLmSsp - ok
18:38:43.0218 4324 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\windows\system32\ntmssvc.dll
18:38:43.0578 4324 NtmsSvc - ok
18:38:43.0609 4324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
18:38:43.0812 4324 Null - ok
18:38:43.0828 4324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
18:38:44.0015 4324 NwlnkFlt - ok
18:38:44.0046 4324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
18:38:44.0218 4324 NwlnkFwd - ok
18:38:44.0390 4324 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:38:44.0468 4324 ose - ok
18:38:44.0531 4324 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\windows\system32\DRIVERS\PAC7302.SYS
18:38:44.0640 4324 PAC7302 - ok
18:38:44.0687 4324 Parport (f84785660305b9b903fb3bca8ba29837) C:\windows\system32\DRIVERS\parport.sys
18:38:44.0875 4324 Parport - ok
18:38:44.0890 4324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
18:38:45.0062 4324 PartMgr - ok
18:38:45.0093 4324 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\windows\system32\drivers\ParVdm.sys
18:38:45.0265 4324 ParVdm - ok
18:38:45.0359 4324 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS
18:38:45.0390 4324 PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
18:38:45.0390 4324 PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
18:38:45.0406 4324 PCI (387e8dedc343aa2d1efbc30580273acd) C:\windows\system32\DRIVERS\pci.sys
18:38:45.0656 4324 PCI - ok
18:38:45.0656 4324 PCIDump - ok
18:38:45.0703 4324 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\windows\system32\DRIVERS\pciide.sys
18:38:45.0875 4324 PCIIde - ok
18:38:45.0937 4324 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\windows\system32\drivers\Pcmcia.sys
18:38:46.0156 4324 Pcmcia - ok
18:38:46.0156 4324 PDCOMP - ok
18:38:46.0171 4324 PDFRAME - ok
18:38:46.0171 4324 PDRELI - ok
18:38:46.0187 4324 PDRFRAME - ok
18:38:46.0203 4324 perc2 - ok
18:38:46.0203 4324 perc2hib - ok
18:38:46.0265 4324 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\windows\system32\services.exe
18:38:46.0296 4324 PlugPlay - ok
18:38:46.0375 4324 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
18:38:46.0421 4324 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:38:46.0421 4324 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:38:46.0453 4324 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
18:38:46.0609 4324 PolicyAgent - ok
18:38:46.0656 4324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
18:38:46.0843 4324 PptpMiniport - ok
18:38:46.0875 4324 Processor (2cb55427c58679f49ad600fccba76360) C:\windows\system32\DRIVERS\processr.sys
18:38:47.0046 4324 Processor - ok
18:38:47.0046 4324 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
18:38:47.0218 4324 ProtectedStorage - ok
18:38:47.0234 4324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
18:38:47.0421 4324 PSched - ok
18:38:47.0453 4324 PsShutdownSvc (1118e2eabd7fa428d75b636079f22771) C:\windows\System32\PSSDNSVC.EXE
18:38:47.0500 4324 PsShutdownSvc ( UnsignedFile.Multi.Generic ) - warning
18:38:47.0500 4324 PsShutdownSvc - detected UnsignedFile.Multi.Generic (1)
18:38:47.0546 4324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
18:38:47.0734 4324 Ptilink - ok
18:38:47.0750 4324 ql1080 - ok
18:38:47.0750 4324 Ql10wnt - ok
18:38:47.0765 4324 ql12160 - ok
18:38:47.0781 4324 ql1240 - ok
18:38:47.0796 4324 ql1280 - ok
18:38:47.0812 4324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
18:38:48.0000 4324 RasAcd - ok
18:38:48.0031 4324 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\windows\System32\rasauto.dll
18:38:48.0359 4324 RasAuto - ok
18:38:48.0390 4324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
18:38:48.0718 4324 Rasl2tp - ok
18:38:48.0765 4324 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\windows\System32\rasmans.dll
18:38:49.0031 4324 RasMan - ok
18:38:49.0078 4324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
18:38:49.0296 4324 RasPppoe - ok
18:38:49.0328 4324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
18:38:49.0593 4324 Raspti - ok
18:38:49.0781 4324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
18:38:50.0125 4324 Rdbss - ok
18:38:50.0140 4324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
18:38:50.0359 4324 RDPCDD - ok
18:38:50.0500 4324 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\windows\system32\drivers\RDPWD.sys
18:38:50.0921 4324 RDPWD - ok
18:38:51.0015 4324 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:38:51.0234 4324 RDSessMgr - ok
18:38:51.0250 4324 redbook (ed761d453856f795a7fe056e42c36365) C:\windows\system32\DRIVERS\redbook.sys
18:38:51.0453 4324 redbook - ok
18:38:51.0484 4324 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\windows\System32\mprdim.dll
18:38:51.0687 4324 RemoteAccess - ok
18:38:51.0734 4324 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\windows\system32\DRIVERS\rfcomm.sys
18:38:51.0921 4324 RFCOMM - ok
18:38:51.0953 4324 RMSPPPOE (522f0981212fd42196fa182e934fdee7) C:\windows\system32\DRIVERS\RMSPPPOE.SYS
18:38:51.0968 4324 RMSPPPOE ( UnsignedFile.Multi.Generic ) - warning
18:38:51.0968 4324 RMSPPPOE - detected UnsignedFile.Multi.Generic (1)
18:38:52.0000 4324 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
18:38:52.0218 4324 ROOTMODEM - ok
18:38:52.0250 4324 RpcLocator (2a02e21867497df20b8fc95631395169) C:\windows\System32\locator.exe
18:38:52.0531 4324 RpcLocator - ok
18:38:52.0578 4324 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\windows\System32\rpcss.dll
18:38:52.0609 4324 RpcSs - ok
18:38:52.0656 4324 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\windows\System32\rsvp.exe
18:38:52.0859 4324 RSVP - ok
18:38:52.0906 4324 rtl8139 (d507c1400284176573224903819ffda3) C:\windows\system32\DRIVERS\RTL8139.SYS
18:38:53.0062 4324 rtl8139 - ok
18:38:53.0093 4324 S6U12AScanner (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\drivers\usbscan.sys
18:38:53.0265 4324 S6U12AScanner - ok
18:38:53.0312 4324 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\windows\system32\lsass.exe
18:38:53.0468 4324 SamSs - ok
18:38:53.0515 4324 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\windows\System32\SCardSvr.exe
18:38:53.0687 4324 SCardSvr - ok
18:38:53.0750 4324 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\windows\system32\schedsvc.dll
18:38:53.0937 4324 Schedule - ok
18:38:53.0968 4324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
18:38:54.0156 4324 Secdrv - ok
18:38:54.0187 4324 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\windows\System32\seclogon.dll
18:38:54.0359 4324 seclogon - ok
18:38:54.0375 4324 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\windows\system32\sens.dll
18:38:54.0562 4324 SENS - ok
18:38:54.0593 4324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
18:38:54.0781 4324 serenum - ok
18:38:54.0812 4324 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\windows\system32\DRIVERS\serial.sys
18:38:54.0984 4324 Serial - ok
18:38:55.0015 4324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
18:38:55.0187 4324 Sfloppy - ok
18:38:55.0234 4324 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\windows\System32\ipnathlp.dll
18:38:55.0484 4324 SharedAccess - ok
18:38:55.0515 4324 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
18:38:55.0546 4324 ShellHWDetection - ok
18:38:55.0562 4324 Simbad - ok
18:38:55.0593 4324 SipIMNDI (7f84321c3642d38da073beb4ca3fe88e) C:\windows\system32\DRIVERS\SipIMNDI.sys
18:38:55.0640 4324 SipIMNDI - ok
18:38:55.0750 4324 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Programme\Skype\Updater\Updater.exe
18:38:55.0875 4324 SkypeUpdate - ok
18:38:55.0906 4324 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
18:38:56.0062 4324 SLIP - ok
18:38:56.0078 4324 Sparrow - ok
18:38:56.0125 4324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
18:38:56.0312 4324 splitter - ok
18:38:56.0343 4324 Spooler (60784f891563fb1b767f70117fc2428f) C:\windows\system32\spoolsv.exe
18:38:56.0390 4324 Spooler - ok
18:38:56.0421 4324 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\windows\system32\DRIVERS\sr.sys
18:38:56.0593 4324 sr - ok
18:38:56.0640 4324 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\windows\system32\srsvc.dll
18:38:56.0843 4324 srservice - ok
18:38:56.0890 4324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
18:38:56.0984 4324 Srv - ok
18:38:57.0031 4324 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\windows\System32\ssdpsrv.dll
18:38:57.0218 4324 SSDPSRV - ok
18:38:57.0250 4324 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
18:38:57.0265 4324 ssmdrv - ok
18:38:57.0312 4324 ssm_bus (df5c19f053eff7f8ba25d73aea899656) C:\windows\system32\DRIVERS\ssm_bus.sys
18:38:57.0406 4324 ssm_bus - ok
18:38:57.0437 4324 ssm_mdfl (5347169fa449eabc4d0728ae39fab926) C:\windows\system32\DRIVERS\ssm_mdfl.sys
18:38:57.0515 4324 ssm_mdfl - ok
18:38:57.0546 4324 ssm_mdm (7aae23dd105eed15c4f45fc269fa42a9) C:\windows\system32\DRIVERS\ssm_mdm.sys
18:38:57.0625 4324 ssm_mdm - ok
18:38:57.0656 4324 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\windows\system32\DRIVERS\ss_bus.sys
18:38:57.0734 4324 ss_bus - ok
18:38:57.0781 4324 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\windows\system32\DRIVERS\ss_mdfl.sys
18:38:57.0843 4324 ss_mdfl - ok
18:38:57.0875 4324 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\windows\system32\DRIVERS\ss_mdm.sys
18:38:57.0953 4324 ss_mdm - ok
18:38:57.0984 4324 StarOpen (e57b778208c783d8debab320c16a1b82) C:\windows\system32\drivers\StarOpen.sys
18:38:58.0000 4324 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:38:58.0000 4324 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:38:58.0062 4324 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\windows\system32\wiaservc.dll
18:38:58.0312 4324 stisvc - ok
18:38:58.0359 4324 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
18:38:58.0531 4324 streamip - ok
18:38:58.0546 4324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
18:38:58.0718 4324 swenum - ok
18:38:58.0750 4324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
18:38:58.0921 4324 swmidi - ok
18:38:58.0937 4324 SwPrv - ok
18:38:58.0953 4324 symc810 - ok
18:38:58.0953 4324 symc8xx - ok
18:38:58.0968 4324 SymIM - ok
18:38:58.0984 4324 SymIMMP - ok
18:38:59.0000 4324 sym_hi - ok
18:38:59.0000 4324 sym_u3 - ok
18:38:59.0015 4324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
18:38:59.0203 4324 sysaudio - ok
18:38:59.0250 4324 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\windows\system32\smlogsvc.exe
18:38:59.0437 4324 SysmonLog - ok
18:38:59.0484 4324 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\windows\System32\tapisrv.dll
18:38:59.0687 4324 TapiSrv - ok
18:38:59.0734 4324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
18:38:59.0812 4324 Tcpip - ok
18:38:59.0875 4324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
18:39:00.0031 4324 TDPIPE - ok
18:39:00.0062 4324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
18:39:00.0359 4324 TDTCP - ok
18:39:00.0375 4324 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
18:39:00.0703 4324 TermDD - ok
18:39:00.0765 4324 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\windows\System32\termsrv.dll
18:39:01.0078 4324 TermService - ok
18:39:01.0125 4324 Themes (2db7d303c36ddd055215052f118e8e75) C:\windows\System32\shsvcs.dll
18:39:01.0156 4324 Themes - ok
18:39:01.0265 4324 TNPacket (52ab2f2b0d2fd7cc2fdb489c449feb8e) C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
18:39:01.0312 4324 TNPacket ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0312 4324 TNPacket - detected UnsignedFile.Multi.Generic (1)
18:39:01.0359 4324 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Programme\TomTom HOME 4\TomTomHOMEService.exe
18:39:01.0406 4324 TomTomHOMEService - ok
18:39:01.0437 4324 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\windows\system32\drivers\Toshidpt.sys
18:39:01.0468 4324 toshidpt ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0468 4324 toshidpt - detected UnsignedFile.Multi.Generic (1)
18:39:01.0468 4324 TosIde - ok
18:39:01.0500 4324 tosporte (150cfd8e7ed945f71600b41ff29f16fa) C:\windows\system32\DRIVERS\tosporte.sys
18:39:01.0531 4324 tosporte ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0531 4324 tosporte - detected UnsignedFile.Multi.Generic (1)
18:39:01.0546 4324 Tosrfbd (cbc4f88c50b6e7ceba8af5aaa48dcdf8) C:\windows\system32\Drivers\tosrfbd.sys
18:39:01.0609 4324 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0609 4324 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
18:39:01.0640 4324 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\windows\system32\Drivers\tosrfbnp.sys
18:39:01.0671 4324 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0671 4324 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
18:39:01.0687 4324 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\windows\system32\Drivers\tosrfcom.sys
18:39:01.0734 4324 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0734 4324 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
18:39:01.0796 4324 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\windows\system32\DRIVERS\Tosrfhid.sys
18:39:01.0875 4324 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0875 4324 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
18:39:01.0906 4324 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\windows\system32\DRIVERS\tosrfnds.sys
18:39:01.0953 4324 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
18:39:01.0953 4324 tosrfnds - detected UnsignedFile.Multi.Generic (1)
18:39:02.0000 4324 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\windows\system32\drivers\TosRfSnd.sys
18:39:02.0031 4324 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
18:39:02.0031 4324 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
18:39:02.0078 4324 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\windows\system32\Drivers\tosrfusb.sys
18:39:02.0125 4324 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
18:39:02.0125 4324 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
18:39:02.0187 4324 TrkWks (626504572b175867f30f3215c04b3e2f) C:\windows\system32\trkwks.dll
18:39:02.0390 4324 TrkWks - ok
18:39:02.0437 4324 TSMService (7f7c635f03a0b3fa4c5e9071e2c5008d) C:\Programme\T-DSL SpeedManager\tsmsvc.exe
18:39:02.0531 4324 TSMService ( UnsignedFile.Multi.Generic ) - warning
18:39:02.0531 4324 TSMService - detected UnsignedFile.Multi.Generic (1)
18:39:02.0578 4324 TVicHW32 (48c2694e2bffe4610b7fecaa167389ae) C:\windows\system32\drivers\TVicHW32.sys
18:39:02.0609 4324 TVicHW32 ( UnsignedFile.Multi.Generic ) - warning
18:39:02.0609 4324 TVicHW32 - detected UnsignedFile.Multi.Generic (1)
18:39:02.0656 4324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
18:39:02.0828 4324 Udfs - ok
18:39:02.0843 4324 ultra - ok
18:39:02.0890 4324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
18:39:03.0171 4324 Update - ok
18:39:03.0218 4324 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\windows\System32\upnphost.dll
18:39:03.0500 4324 upnphost - ok
18:39:03.0531 4324 UPS (9b11e6118958e63e1fef129466e2bda7) C:\windows\System32\ups.exe
18:39:03.0734 4324 UPS - ok
18:39:03.0781 4324 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
18:39:03.0984 4324 usbaudio - ok
18:39:04.0000 4324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
18:39:04.0171 4324 usbccgp - ok
18:39:04.0218 4324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
18:39:04.0421 4324 usbehci - ok
18:39:04.0468 4324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
18:39:04.0656 4324 usbhub - ok
18:39:04.0687 4324 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
18:39:04.0859 4324 usbprint - ok
18:39:04.0890 4324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
18:39:05.0046 4324 usbscan - ok
18:39:05.0078 4324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:39:05.0250 4324 USBSTOR - ok
18:39:05.0359 4324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
18:39:05.0562 4324 usbuhci - ok
18:39:05.0593 4324 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\windows\system32\Drivers\usbvideo.sys
18:39:05.0828 4324 usbvideo - ok
18:39:05.0859 4324 UxTuneUp (4b5a7d16159ef18583152017c9655494) C:\windows\System32\uxtuneup.dll
18:39:05.0890 4324 UxTuneUp - ok
18:39:05.0890 4324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
18:39:06.0062 4324 VgaSave - ok
18:39:06.0078 4324 ViaIde - ok
18:39:06.0093 4324 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\windows\system32\drivers\VolSnap.sys
18:39:06.0281 4324 VolSnap - ok
18:39:06.0343 4324 Vsdatant (558cee3d9c470651f1843d51b42d761b) C:\windows\system32\vsdatant.sys
18:39:06.0437 4324 Vsdatant - ok
18:39:06.0515 4324 vsmon - ok
18:39:06.0578 4324 VSS (68f106273be29e7b7ef8266977268e78) C:\windows\System32\vssvc.exe
18:39:06.0781 4324 VSS - ok
18:39:06.0812 4324 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\windows\system32\w32time.dll
18:39:06.0984 4324 W32Time - ok
18:39:07.0046 4324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
18:39:07.0218 4324 Wanarp - ok
18:39:07.0250 4324 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\windows\system32\DRIVERS\wanatw4.sys
18:39:07.0343 4324 wanatw - ok
18:39:07.0359 4324 WANMiniportService (eb9a99ab5d17b1727034ff191e6448d7) C:\WINDOWS\wanmpsvc.exe
18:39:11.0453 4324 WANMiniportService ( UnsignedFile.Multi.Generic ) - warning
18:39:11.0453 4324 WANMiniportService - detected UnsignedFile.Multi.Generic (1)
18:39:11.0531 4324 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\windows\system32\DRIVERS\wceusbsh.sys
18:39:11.0625 4324 wceusbsh - ok
18:39:11.0640 4324 WDICA - ok
18:39:11.0656 4324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
18:39:11.0843 4324 wdmaud - ok
18:39:11.0890 4324 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\windows\System32\webclnt.dll
18:39:12.0125 4324 WebClient - ok
18:39:12.0203 4324 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\windows\system32\wbem\WMIsvc.dll
18:39:12.0546 4324 winmgmt - ok
18:39:12.0625 4324 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\windows\system32\MsPMSNSv.dll
18:39:12.0859 4324 WmdmPmSN - ok
18:39:12.0937 4324 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:39:13.0140 4324 WmiApSrv - ok
18:39:13.0296 4324 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
18:39:13.0500 4324 WMPNetworkSvc - ok
18:39:13.0562 4324 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys
18:39:13.0625 4324 WpdUsb - ok
18:39:13.0671 4324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
18:39:13.0921 4324 WS2IFSL - ok
18:39:13.0968 4324 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\windows\system32\wscsvc.dll
18:39:14.0156 4324 wscsvc - ok
18:39:14.0203 4324 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
18:39:14.0359 4324 WSTCODEC - ok
18:39:14.0406 4324 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:39:14.0656 4324 wuauserv - ok
18:39:14.0703 4324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
18:39:14.0750 4324 WudfPf - ok
18:39:14.0781 4324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
18:39:14.0859 4324 WudfRd - ok
18:39:14.0890 4324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\windows\System32\WUDFSvc.dll
18:39:14.0937 4324 WudfSvc - ok
18:39:15.0000 4324 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\windows\System32\wzcsvc.dll
18:39:15.0203 4324 WZCSVC - ok
18:39:15.0250 4324 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\windows\System32\xmlprov.dll
18:39:15.0500 4324 xmlprov - ok
18:39:15.0546 4324 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:39:16.0203 4324 \Device\Harddisk0\DR0 - ok
18:39:16.0218 4324 MBR (0x1B8) (550fa6d777e7f47a924bf3a9e05c8dd0) \Device\Harddisk1\DR1
18:39:16.0484 4324 \Device\Harddisk1\DR1 - ok
18:39:16.0500 4324 Boot (0x1200) (c66861fda8736c8c2a67f3d390cffd4c) \Device\Harddisk0\DR0\Partition0
18:39:16.0500 4324 \Device\Harddisk0\DR0\Partition0 - ok
18:39:16.0515 4324 Boot (0x1200) (7614b458a140514c92ead54db0c02b7e) \Device\Harddisk1\DR1\Partition0
18:39:16.0515 4324 \Device\Harddisk1\DR1\Partition0 - ok
18:39:16.0515 4324 ============================================================
18:39:16.0515 4324 Scan finished
18:39:16.0515 4324 ============================================================
18:39:16.0640 4252 Detected object count: 40
18:39:16.0640 4252 Actual detected object count: 40
18:40:18.0109 4252 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0109 4252 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0109 4252 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0109 4252 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0109 4252 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0109 4252 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0125 4252 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0125 4252 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0125 4252 CommAgnt ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0125 4252 CommAgnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0125 4252 cwcspud ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0125 4252 cwcspud ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0125 4252 cwcwdm ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0125 4252 cwcwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0125 4252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0125 4252 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0140 4252 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0140 4252 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0140 4252 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0140 4252 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0140 4252 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0140 4252 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0140 4252 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0140 4252 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0140 4252 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0140 4252 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 InCDsrv ( LockedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 InCDsrv ( LockedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 MIINPazX ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 MIINPazX ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 MTOnlPktAlyX ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0156 4252 MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0156 4252 MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0171 4252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0171 4252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0171 4252 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0171 4252 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0171 4252 nicadsl ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0171 4252 nicadsl ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0171 4252 PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0171 4252 PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0187 4252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0187 4252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0187 4252 PsShutdownSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0187 4252 PsShutdownSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0187 4252 RMSPPPOE ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0187 4252 RMSPPPOE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0187 4252 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0187 4252 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0187 4252 TNPacket ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0187 4252 TNPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0203 4252 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0203 4252 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0203 4252 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0203 4252 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0203 4252 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0203 4252 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0203 4252 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0203 4252 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0203 4252 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0203 4252 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0218 4252 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0218 4252 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0218 4252 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0218 4252 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0218 4252 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0218 4252 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0218 4252 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0218 4252 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0234 4252 TSMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0234 4252 TSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0234 4252 TVicHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0234 4252 TVicHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:40:18.0234 4252 WANMiniportService ( UnsignedFile.Multi.Generic ) - skipped by user
18:40:18.0234 4252 WANMiniportService ( UnsignedFile.Multi.Generic ) - User select action: Skip


MfG Theodoro

markusg 06.07.2012 18:04
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Theodoro 07.07.2012 20:41
Hallo,
es hat alles geklappt wie vorgegeben, hier schicke ich die entstandene Datei:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Besitzer :: COMPUTER [Administrator]

Schutz: Aktiviert

07.07.2012 13:43:38
mbam-log-2012-07-07 (13-43-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452072
Laufzeit: 6 Stunde(n), 8 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKCR\vnbptxlf.bseq (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\affri (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\affri (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\FONTS\GTH18_CI.TTF (Spyware.OnlineGames) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\SoftonicDownloader_fuer_cdcovercreator.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Downloads\Grubalicious_Setup_30m_DE-dm[1].exe (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe.vir (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\System Volume Information\_restore{E6D5E5D8-D50E-4AF4-8D34-D7FBE633D26C}\RP2022\A0511866.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07012012_222048\C_Dokumente und Einstellungen\Besitzer\Anwendungsdaten\w6j6rt45jtuhdre5.exe (Packer.ModifiedUPX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Programme\Elaborate Bytes\Keygen CloneCD 4.0.0.1.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\wincmd\cx_wincmd451.exe (Trojan.Bancos) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\Fonts\Gth18_ci.ttf (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

MfG Theodoro

markusg 09.07.2012 18:12
verzichte in zukunft auf Softonic, lade lieber beim hersteller
F:\Programme\Elaborate Bytes\Keygen CloneCD 4.0.0.1.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
die verwendung von keygens ist illegal, deswegen helfen wir hier ausschließlich beim daten sichern, formatieren und pc absichern.

Theodoro 10.07.2012 07:18
Hallo,
danke für die Hilfe, habe benanntes Programm sofort gelöscht. Werde in Zukunft vorsichtiger sein.
Ich interpretiere Deine Nachricht so, dass mein Problem nun behoben ist. PC funktioniert auch ohne erkennbare Mängel.

Nochmals herzlichen Dank.
MfG Theodoro

markusg 11.07.2012 01:29
hi wie gesagt, auskunft gebe ich nur zum neu aufsetzen

Theodoro 11.07.2012 10:59
Hallo,
leider verstehe ich nicht mehr um was es noch geht. Mir ist nicht bewusst, was ich neu aufsetzen müsste. Bitte hilf mir auf die Sprünge.
MfG Theodoro

markusg 11.07.2012 12:40
F:\Programme\Elaborate Bytes\Keygen CloneCD 4.0.0.1.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
du hast keygens instaliert, deswegen kann ich keine abschließene analyse machen, dir nicht beim absichern des pcs etc helfen bis er neu aufgesetzt ist


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131