Textdokument war keines bei...mach aber einen neuen Scan und poste dann die Logfile
OTL Logfile: Code:
OTL logfile created on: 16.09.2012 18:09:07 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,92% Memory free
3,60 Gb Paging File | 3,02 Gb Available in Paging File | 83,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 230,87 Gb Total Space | 197,88 Gb Free Space | 85,71% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32
Computer Name: WS-0285 | User Name: roma1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe
PRC - [2011.11.17 00:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.06.08 04:06:00 | 000,333,120 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2011.06.08 04:06:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe
PRC - [2009.09.02 20:03:22 | 000,694,352 | ---- | M] (DigitalPersona, Inc.) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2009.08.27 10:58:32 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2009.08.20 13:15:54 | 001,640,504 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2009.08.20 13:12:26 | 000,361,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009.08.13 13:11:06 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2009.07.15 11:01:38 | 011,258,368 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
PRC - [2009.06.03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2009.06.03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009.05.05 14:56:52 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.05.05 14:56:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.04.21 18:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009.04.03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.15 09:02:02 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.15 07:23:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.15 07:23:25 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 21:59:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012.06.14 21:58:53 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012.06.14 21:57:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.09 21:36:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.09 19:59:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.09 19:58:35 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012.05.09 19:58:23 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012.05.09 19:57:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012.05.09 19:57:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.09 19:57:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe
MOD - [2010.10.01 14:06:52 | 002,278,912 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\****\Eigene Dateien\phonostar-Player\QtCore4.dll
MOD - [2010.09.10 16:07:26 | 000,416,256 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\plugins\sqldrivers\qsqlite4.dll
MOD - [2010.09.10 13:20:48 | 008,151,040 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtGui4.dll
MOD - [2010.09.10 13:06:58 | 000,190,464 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtSql4.dll
MOD - [2010.02.25 13:12:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2010.02.25 13:12:20 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010.02.25 13:12:16 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.02.25 13:12:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.20 13:15:54 | 000,051,256 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\Graphs.dll
MOD - [2009.08.20 13:15:50 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
MOD - [2009.08.20 13:12:26 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2009.08.20 13:12:24 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2009.08.17 12:26:20 | 000,300,600 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll
MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll
MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll
MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.05.05 14:00:32 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009.05.05 13:58:00 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Unknown] -- -- (0009511266567397mcinstcleanup)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.09.02 14:50:49 | 000,159,320 | ---- | M] () [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.09.02 14:50:49 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.08 04:06:00 | 000,132,416 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011.01.12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.10.19 18:59:45 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService)
SRV - [2009.09.02 20:03:22 | 000,303,184 | ---- | M] (DigitalPersona, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.08.26 13:52:02 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009.08.20 18:27:48 | 001,615,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.08.20 13:15:50 | 000,095,800 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009.08.20 13:12:26 | 000,096,312 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009.08.17 12:30:20 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Unknown] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009.08.12 16:59:10 | 000,277,024 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009.08.05 22:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009.07.17 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Unknown] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2009.07.15 11:01:26 | 000,293,376 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009.06.17 12:21:20 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009.06.03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009.04.30 13:59:38 | 000,074,392 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Unknown] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2009.03.13 20:12:40 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Unknown] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Unknown] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - [2011.09.02 14:50:49 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.09.02 14:50:49 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011.09.02 14:50:49 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.09.02 14:50:49 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011.09.02 14:50:49 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.09.02 14:50:49 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009.09.05 19:57:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.08.31 23:55:08 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2009.08.17 09:51:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009.08.13 07:27:06 | 004,125,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.12 17:01:18 | 000,051,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.08.12 17:01:08 | 000,013,184 | ---- | M] (McAfee, Inc.) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.08.12 17:01:06 | 000,040,016 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.08.12 17:01:04 | 000,110,448 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.08.10 17:14:04 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.08.05 22:00:42 | 001,644,211 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009.07.17 10:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.07.04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.02 03:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.06.02 02:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.05.15 18:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009.05.07 02:01:38 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.05.07 02:01:38 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.05.07 02:01:38 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009.05.07 02:01:36 | 000,992,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.05.07 02:01:36 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.04.21 19:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009.03.13 20:13:06 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.09.10 19:32:54 | 000,049,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2008.07.23 21:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.05.23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2008.04.14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.03.13 01:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\Amddfltr.sys -- (Amddfltr)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1}
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M]
[2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions
[2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions
[2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG
[2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.16 18:13:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\roma1\Recent
[2012.09.16 18:04:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.16 18:03:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe
[2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo
[2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey
[2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake
[2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake
[2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4
[2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.16 18:07:43 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.09.16 18:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe
[2012.09.16 17:37:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.13 15:02:39 | 003,790,788 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip
[2012.09.13 11:02:50 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.09.13 11:02:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk
[2012.09.13 10:37:12 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae
[2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk
[2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol
[2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk
[2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk
[2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk
[2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.13 15:02:39 | 003,790,788 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip
[2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae
[2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk
[2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat
[2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin
[2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat
[2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat
[2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol
[2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys
[2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
========== LOP Check ==========
[2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology
[2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy
[2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED
[2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES
[2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS
[2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo
[2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona
[2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems
[2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft
[2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent
[2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona
[2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect
[2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ!
[2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo
[2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr
[2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle
[2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH
[2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 16.09.2012 18:09:07 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\*****\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,92% Memory free
3,60 Gb Paging File | 3,02 Gb Available in Paging File | 83,97% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 230,87 Gb Total Space | 197,88 Gb Free Space | 85,71% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 1,51 Gb Free Space | 75,53% Space Free | Partition Type: FAT32
Computer Name: WS-0285 | User Name: roma1 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*****\Desktop\OTL.exe
PRC - [2011.11.17 00:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
PRC - [2011.06.08 04:06:00 | 000,333,120 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2011.06.08 04:06:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\McTray.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe
PRC - [2009.09.02 20:03:22 | 000,694,352 | ---- | M] (DigitalPersona, Inc.) -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2009.08.27 10:58:32 | 000,070,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2009.08.20 13:15:54 | 001,640,504 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2009.08.20 13:12:26 | 000,361,528 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2009.08.13 13:11:06 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2009.07.15 11:01:38 | 011,258,368 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
PRC - [2009.06.03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\acevents.exe
PRC - [2009.06.03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Programme\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009.05.05 14:56:52 | 001,451,384 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.05.05 14:56:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.04.21 18:01:56 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009.04.03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.07 17:08:26 | 000,778,240 | ---- | M] (AVM Berlin) -- C:\Programme\1&1\Stcenter.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.15 09:02:02 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.15 07:23:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.15 07:23:25 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 21:59:15 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012.06.14 21:58:53 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012.06.14 21:57:52 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.09 21:36:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.09 19:59:21 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.09 19:58:35 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012.05.09 19:58:23 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012.05.09 19:57:45 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012.05.09 19:57:38 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.09 19:57:28 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010.11.23 20:26:00 | 000,039,936 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\phonostarTimer.exe
MOD - [2010.10.01 14:06:52 | 002,278,912 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\****\Eigene Dateien\phonostar-Player\QtCore4.dll
MOD - [2010.09.10 16:07:26 | 000,416,256 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\plugins\sqldrivers\qsqlite4.dll
MOD - [2010.09.10 13:20:48 | 008,151,040 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtGui4.dll
MOD - [2010.09.10 13:06:58 | 000,190,464 | ---- | M] () -- \\fileserver\Eigene Dateien\Benutzer-Daten\*****\Eigene Dateien\phonostar-Player\QtSql4.dll
MOD - [2010.02.25 13:12:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2010.02.25 13:12:20 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll
MOD - [2010.02.25 13:12:16 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.02.25 13:12:00 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.08.20 13:15:54 | 000,051,256 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\Graphs.dll
MOD - [2009.08.20 13:15:50 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
MOD - [2009.08.20 13:12:26 | 000,051,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2009.08.20 13:12:24 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
MOD - [2009.08.17 12:26:20 | 000,300,600 | ---- | M] () -- C:\WINDOWS\system32\flcdlmsg.dll
MOD - [2009.06.17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll
MOD - [2009.06.17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll
MOD - [2009.06.17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.05.05 14:00:32 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009.05.05 13:58:00 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Unknown] -- -- (0009511266567397mcinstcleanup)
SRV - [2012.05.04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Unknown] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.09.02 14:50:49 | 000,159,320 | ---- | M] () [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.09.02 14:50:49 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.08 04:06:00 | 000,132,416 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011.01.12 20:46:36 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.10.19 18:59:45 | 000,156,160 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService)
SRV - [2009.09.02 20:03:22 | 000,303,184 | ---- | M] (DigitalPersona, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.08.26 13:52:02 | 000,036,864 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009.08.20 18:27:48 | 001,615,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.08.20 13:15:50 | 000,095,800 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2009.08.20 13:12:26 | 000,096,312 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2009.08.17 12:30:20 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Unknown] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2009.08.12 16:59:10 | 000,277,024 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009.08.05 22:00:42 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Unknown] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009.07.17 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Unknown] -- C:\WINDOWS\system32\yk51x86.dll -- (yksvc)
SRV - [2009.07.15 11:01:26 | 000,293,376 | ---- | M] (Hewlett-Packard) [Auto | Unknown] -- c:\Programme\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2009.06.17 12:21:20 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009.06.03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009.04.30 13:59:38 | 000,074,392 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Unknown] -- c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2009.03.13 20:12:40 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Unknown] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Unknown] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Unknown] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - [2011.09.02 14:50:49 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.09.02 14:50:49 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011.09.02 14:50:49 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.09.02 14:50:49 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011.09.02 14:50:49 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.09.02 14:50:49 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009.09.05 19:57:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009.08.31 23:55:08 | 000,184,888 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2009.08.17 09:51:52 | 000,032,312 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2009.08.13 07:27:06 | 004,125,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.12 17:01:18 | 000,051,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009.08.12 17:01:08 | 000,013,184 | ---- | M] (McAfee, Inc.) [File_System | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009.08.12 17:01:06 | 000,040,016 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009.08.12 17:01:04 | 000,110,448 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009.08.10 17:14:04 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.08.05 22:00:42 | 001,644,211 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009.07.17 10:10:00 | 000,297,728 | ---- | M] (Marvell) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.07.04 19:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009.07.02 09:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009.06.02 03:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.06.02 02:57:44 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.05.15 18:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009.05.07 02:01:38 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009.05.07 02:01:38 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009.05.07 02:01:38 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009.05.07 02:01:36 | 000,992,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.05.07 02:01:36 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.04.21 19:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009.03.13 20:13:06 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.09.10 19:32:54 | 000,049,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\net6im51.sys -- (Net6IM)
DRV - [2008.07.23 21:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.05.23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.05.23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.05.08 16:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008.04.14 07:52:34 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2008.04.14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008.03.13 01:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\Amddfltr.sys -- (Amddfltr)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.11.02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Der Such-Assistent von Internet Explorer 6 wird nicht länger unterstützt.
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=c290c4de-ecf7-477d-a817-06f83529308d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.intraflad.de
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Google
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes,DefaultScope = {7936CD9A-9F9F-418B-A068-3EA333CAAAB1}
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\..\SearchScopes\{7936CD9A-9F9F-418B-A068-3EA333CAAAB1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: win32-64@anonymous.org:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4118
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2009.10.19 18:14:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Programme\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.06 13:00:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Programme\SiteAdvisor\6173\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\components [2012.09.07 16:42:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla Firefox\plugins [2012.06.19 14:48:17 | 000,000,000 | ---D | M]
[2012.02.28 21:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Extensions
[2012.09.07 19:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions
[2012.05.19 12:50:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Mozilla\Firefox\Profiles\lup46egi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.02 14:37:27 | 000,000,000 | ---D | M] (Java Console) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.01.11 17:57:07 | 000,000,000 | ---D | M] (Win32+64) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MOZILLA FIREFOX\EXTENSIONS\WIN32-64@ANONYMOUS.ORG
[2012.09.06 13:00:50 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAMME\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2009.10.19 18:14:23 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAMME\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Programme\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20110902145109.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [ACPW05DE] C:\Programme\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [File Sanitizer] c:\Programme\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Programme\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439..\Run: [phonostarTimer] \\fileserver\Eigene Dateien\Benutzer-Daten\roma1\Eigene Dateien\phonostar-Player\phonostarTimer.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk = C:\WINDOWS\Installer\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}\Icon2457326B4.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKU\S-1-5-21-2540498166-786283803-3315055881-1439\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 1
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266837310140 (MUWebControl Class)
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} https://citrix.flad.de/net6helper.cab (Net6Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = flad-intern.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC1CEEA1-D5D5-43EE-BE53-0A36BA5800E2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Programme\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Programme\ActivIdentity\ActivClient\acunlock.dll) - C:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{164ce1f0-5e8a-11e0-8424-00271387540d}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adfea522-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\laucher.exe
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell - "" = AutoRun
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adfea559-68f4-11e1-84d8-e5ed0b9d12d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.16 18:13:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\roma1\Recent
[2012.09.16 18:04:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.16 18:03:20 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe
[2012.09.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo
[2012.09.06 20:10:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\honey
[2012.09.06 13:00:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Freemake
[2012.09.06 13:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2012.09.06 13:00:30 | 000,000,000 | ---D | C] -- C:\Programme\Freemake
[2012.09.04 20:48:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\HDX4
[2012.09.04 18:28:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\roma1\Desktop\bungee
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.16 18:07:43 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.09.16 18:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.16 18:03:25 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\roma1\Desktop\OTL.exe
[2012.09.16 17:37:58 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.13 15:02:39 | 003,790,788 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip
[2012.09.13 11:02:50 | 000,001,885 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.09.13 11:02:49 | 000,001,814 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Avira DE-Cleaner.lnk
[2012.09.13 10:37:12 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.10 14:40:15 | 000,000,051 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae
[2012.09.07 16:42:43 | 000,001,054 | ---- | M] () -- C:\Dokumente und Einstellungen\roma1\Desktop\Mozilla Firefox.lnk
[2012.09.07 01:24:39 | 000,516,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.07 01:24:39 | 000,492,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.07 01:24:39 | 000,099,198 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.07 01:24:39 | 000,083,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.06 13:34:40 | 000,013,086 | RHS- | M] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol
[2012.09.06 13:34:13 | 000,055,989 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.09.06 13:00:52 | 000,000,945 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk
[2012.09.06 12:57:57 | 000,002,135 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\1&1 FRITZ!Box starter.lnk
[2012.09.06 12:57:56 | 000,002,365 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!Box starter.lnk
[2012.09.04 20:11:04 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2012.08.24 16:25:37 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.13 15:02:39 | 003,790,788 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Desktop\ccsetup322.zip
[2012.09.10 14:40:04 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rimahtvhjwpqbae
[2012.09.06 13:00:52 | 000,000,945 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Freemake Video Converter.lnk
[2012.06.19 14:48:38 | 000,130,080 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2012.06.19 14:48:38 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2012.02.15 14:53:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.09.02 14:08:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.09.01 16:38:40 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Frurura.dat
[2011.09.01 16:38:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\Kvigeduvakade.bin
[2011.08.02 18:14:09 | 000,000,100 | --S- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\2375065399.dat
[2011.03.17 14:20:44 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.01.12 21:43:37 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat
[2011.01.11 17:49:51 | 000,096,768 | ---- | C] () -- C:\Dokumente und Einstellungen\roma1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.11 14:05:47 | 000,013,086 | RHS- | C] () -- C:\Dokumente und Einstellungen\roma1\ntuser.pol
[2010.03.16 00:20:29 | 000,002,828 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.03.16 00:20:29 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\D528B5E064.sys
[2010.02.23 16:10:15 | 000,055,989 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
========== LOP Check ==========
[2012.04.11 16:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2011.04.07 13:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Beatlock Technology
[2012.09.06 13:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2011.01.11 14:06:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GroupPolicy
[2012.02.27 19:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED
[2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES
[2012.09.10 16:55:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS
[2012.09.10 16:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.10.19 18:30:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2009.10.19 18:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.09.10 14:40:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wqqxiodsfjqjcbo
[2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\DigitalPersona
[2012.04.11 16:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ACD Systems
[2011.01.18 23:59:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\AnvSoft
[2012.01.07 03:50:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\BitTorrent
[2009.10.19 18:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\DigitalPersona
[2011.01.11 17:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FBConnect
[2011.04.26 18:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\FRITZ!
[2012.02.29 22:58:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\InterVideo
[2011.02.18 10:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\ntr
[2012.06.19 14:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\Oracle
[2012.02.23 17:57:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\phonostar GmbH
[2012.06.19 14:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\roma1\Anwendungsdaten\TeamViewer
========== Purity Check ==========
< End of report >
--- --- --- |
