Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google öffnet falsche Seiten und Firefox beendet seinen Dienst (https://www.trojaner-board.de/91444-google-oeffnet-falsche-seiten-firefox-beendet-seinen-dienst.html)

FF-Nutzer 04.10.2010 11:15
Google öffnet falsche Seiten und Firefox beendet seinen Dienst
 
Hallo,

ich hoffe, mir kann jemand helfen.

Windows 7, Firefox 3.5.5
Mc Afee (automatische Updates eingestellt)

Hier mein Logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:19, on 04.10.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe
C:\Program Files\Steganos Safe 11\fredirstarter.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Personal Backup\Personal Backup 4\Persbackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Sicherheit\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://g.uk.msn.com/USSMB/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://g.uk.msn.com/USSMB/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\***\AppData\Roaming\appconf32.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100922154750.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SAFE2009 HotKeys] "C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [SAFE2009 File Redirection Starter] "C:\Program Files\Steganos Safe 11\fredirstarter.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Persbackup.lnk = C:\Program Files\Personal Backup\Personal Backup 4\Persbackup.exe
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O13 - Gopher Prefix:
O23 - Service: McAfee Personal Firewall-Dienst (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

--
End of file - 9723 bytes
Ich hoffe, ich habe alle Daten für eine Hilfestellung genannt. Wenn nicht, bitte nicht schimpfen. Ich bin nur eine sehr leidliche Schnittstelle zwischen Tastatur und Rückenlehne.

Schon mal besten Dank für Eure Hilfe

FF

Chris4You 04.10.2010 13:06
Hi,

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

FF-Nutzer 04.10.2010 16:03
Hallo,

danek für die Hinweis, ich habe alles erledigt. Hier die Logfiles:

1. TDSS
Code:
2010/10/04 14:23:57.0481        TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/04 14:23:57.0481        ================================================================================
2010/10/04 14:23:57.0481        SystemInfo:
2010/10/04 14:23:57.0481       
2010/10/04 14:23:57.0481        OS Version: 6.1.7600 ServicePack: 0.0
2010/10/04 14:23:57.0481        Product type: Workstation
2010/10/04 14:23:57.0482        ComputerName: VL1-PC
2010/10/04 14:23:57.0484        UserName: VL1
2010/10/04 14:23:57.0484        Windows directory: C:\Windows
2010/10/04 14:23:57.0484        System windows directory: C:\Windows
2010/10/04 14:23:57.0484        Processor architecture: Intel x86
2010/10/04 14:23:57.0484        Number of processors: 2
2010/10/04 14:23:57.0484        Page size: 0x1000
2010/10/04 14:23:57.0484        Boot type: Normal boot
2010/10/04 14:23:57.0484        ================================================================================
2010/10/04 14:23:58.0153        Initialize success
2010/10/04 14:24:34.0028        ================================================================================
2010/10/04 14:24:34.0029        Scan started
2010/10/04 14:24:34.0030        Mode: Manual;
2010/10/04 14:24:34.0030        ================================================================================
2010/10/04 14:24:34.0814        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/04 14:24:34.0862        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/04 14:24:34.0900        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/04 14:24:34.0953        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/04 14:24:35.0003        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/04 14:24:35.0034        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/04 14:24:35.0083        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/04 14:24:35.0186        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/04 14:24:35.0238        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/04 14:24:35.0296        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/04 14:24:35.0327        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/04 14:24:35.0352        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/04 14:24:35.0394        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/04 14:24:35.0478        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/04 14:24:35.0542        amdsata        (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/04 14:24:35.0577        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/04 14:24:35.0592        amdxata        (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/04 14:24:35.0647        ApfiltrService  (fb7c669774ffcacd77b5969ee5d9a19b) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/10/04 14:24:35.0692        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/04 14:24:35.0794        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/04 14:24:35.0818        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/04 14:24:35.0842        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/04 14:24:35.0873        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/04 14:24:35.0948        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/04 14:24:36.0052        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/04 14:24:36.0096        BCM42RLY        (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
2010/10/04 14:24:36.0189        BCM43XX        (919832d1a7d067119cd5ee29ba76327a) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/04 14:24:36.0329        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/04 14:24:36.0386        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/04 14:24:36.0411        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/04 14:24:36.0434        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/04 14:24:36.0456        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/04 14:24:36.0489        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/04 14:24:36.0515        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/04 14:24:36.0529        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/04 14:24:36.0545        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/04 14:24:36.0565        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/04 14:24:36.0660        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/04 14:24:36.0707        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/04 14:24:36.0782        cfwids          (426ee59b25988bb3382fc0a3655deaa2) C:\Windows\system32\drivers\cfwids.sys
2010/10/04 14:24:36.0827        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/04 14:24:36.0862        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/04 14:24:36.0961        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/04 14:24:36.0984        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/04 14:24:37.0010        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/04 14:24:37.0051        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/04 14:24:37.0092        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/04 14:24:37.0145        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/04 14:24:37.0201        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/04 14:24:37.0294        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/04 14:24:37.0342        DgiVecp        (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2010/10/04 14:24:37.0369        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/04 14:24:37.0429        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/04 14:24:37.0500        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/04 14:24:37.0581        DXGKrnl        (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/04 14:24:37.0726        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/04 14:24:37.0894        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/04 14:24:37.0948        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/10/04 14:24:37.0981        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/04 14:24:38.0012        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/10/04 14:24:38.0046        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/04 14:24:38.0075        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/04 14:24:38.0169        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/04 14:24:38.0202        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/04 14:24:38.0217        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/04 14:24:38.0243        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/04 14:24:38.0264        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/04 14:24:38.0293        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/04 14:24:38.0318        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/04 14:24:38.0343        fvevol          (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/04 14:24:38.0375        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/04 14:24:38.0397        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/04 14:24:38.0476        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/04 14:24:38.0505        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/04 14:24:38.0529        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/04 14:24:38.0561        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/04 14:24:38.0588        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/04 14:24:38.0646        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/04 14:24:38.0685        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/04 14:24:38.0772        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/04 14:24:38.0819        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/04 14:24:38.0858        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/04 14:24:38.0881        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/04 14:24:39.0049        igfx            (45d1a22c0e932768729dd422e175a448) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/04 14:24:39.0191        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/04 14:24:39.0239        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/04 14:24:39.0269        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/04 14:24:39.0307        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/04 14:24:39.0351        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/04 14:24:39.0372        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/04 14:24:39.0411        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/04 14:24:39.0436        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/04 14:24:39.0526        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/04 14:24:39.0576        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/04 14:24:39.0606        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/04 14:24:39.0627        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/04 14:24:39.0659        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/04 14:24:39.0772        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/04 14:24:39.0836        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/04 14:24:39.0866        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/04 14:24:39.0896        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/04 14:24:39.0921        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/04 14:24:39.0960        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/04 14:24:40.0098        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/04 14:24:40.0147        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/04 14:24:40.0210        mfeapfk        (5bd0c401a8ee4a54f6176c0a10d595ae) C:\Windows\system32\drivers\mfeapfk.sys
2010/10/04 14:24:40.0260        mfeavfk        (f3bb4dc61b4dc662bdc778cf1634fae1) C:\Windows\system32\drivers\mfeavfk.sys
2010/10/04 14:24:40.0392        mfebopk        (b1498db38d129ed31650422fc8bab9c5) C:\Windows\system32\drivers\mfebopk.sys
2010/10/04 14:24:40.0455        mfefirek        (51e9ccea45c78858a229afb6e682cf41) C:\Windows\system32\drivers\mfefirek.sys
2010/10/04 14:24:40.0487        mfehidk        (32f7298664874715ce469a79078853c4) C:\Windows\system32\drivers\mfehidk.sys
2010/10/04 14:24:40.0518        mfenlfk        (e920bfd5837aed4aef903cf1c7d3949e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/10/04 14:24:40.0568        mferkdet        (858337b64484cd80eee7d2eba5ac61bc) C:\Windows\system32\drivers\mferkdet.sys
2010/10/04 14:24:40.0634        mfewfpk        (dcfbf068951fb4086c6aef99c6330516) C:\Windows\system32\drivers\mfewfpk.sys
2010/10/04 14:24:40.0686        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/04 14:24:40.0756        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/04 14:24:40.0801        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/04 14:24:40.0837        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/04 14:24:40.0877        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/04 14:24:40.0905        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/04 14:24:40.0928        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/04 14:24:40.0951        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/04 14:24:40.0998        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/04 14:24:41.0095        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/04 14:24:41.0131        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/04 14:24:41.0163        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/04 14:24:41.0182        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/04 14:24:41.0212        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/04 14:24:41.0239        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/04 14:24:41.0260        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/04 14:24:41.0307        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/04 14:24:41.0328        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/04 14:24:41.0402        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/04 14:24:41.0437        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/04 14:24:41.0475        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/04 14:24:41.0491        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/04 14:24:41.0512        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/04 14:24:41.0530        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/04 14:24:41.0575        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/04 14:24:41.0638        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/04 14:24:41.0737        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/04 14:24:41.0787        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/04 14:24:41.0806        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/04 14:24:41.0832        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/04 14:24:41.0866        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/04 14:24:41.0900        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/04 14:24:41.0922        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/04 14:24:42.0016        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/04 14:24:42.0052        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/04 14:24:42.0081        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/04 14:24:42.0125        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/04 14:24:42.0184        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/04 14:24:42.0207        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/04 14:24:42.0285        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/04 14:24:42.0328        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/04 14:24:42.0379        O2MDGRDR        (07ad3cddf8984f56652cce6be8946526) C:\Windows\system32\DRIVERS\o2mdg.sys
2010/10/04 14:24:42.0405        O2SDGRDR        (45e4fe55db8c0549b8cef1b107f87b70) C:\Windows\system32\DRIVERS\o2sdg.sys
2010/10/04 14:24:42.0460        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/04 14:24:42.0520        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/04 14:24:42.0597        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/04 14:24:42.0622        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/04 14:24:42.0651        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/04 14:24:42.0688        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/04 14:24:42.0719        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/04 14:24:42.0749        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/04 14:24:42.0778        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/04 14:24:42.0928        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/04 14:24:42.0956        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/04 14:24:42.0999        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/04 14:24:43.0037        PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/04 14:24:43.0113        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/04 14:24:43.0231        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/04 14:24:43.0265        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/04 14:24:43.0287        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/04 14:24:43.0322        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/04 14:24:43.0346        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/04 14:24:43.0383        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/04 14:24:43.0427        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/04 14:24:43.0455        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/04 14:24:43.0541        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/04 14:24:43.0579        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/04 14:24:43.0619        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/04 14:24:43.0655        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/04 14:24:43.0678        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/04 14:24:43.0710        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/04 14:24:43.0743        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/04 14:24:43.0793        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/04 14:24:43.0902        RTL8167        (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/10/04 14:24:43.0938        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/04 14:24:43.0988        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/04 14:24:44.0031        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/04 14:24:44.0072        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/04 14:24:44.0115        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/04 14:24:44.0187        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/04 14:24:44.0220        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/04 14:24:44.0255        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/04 14:24:44.0277        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/04 14:24:44.0296        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/04 14:24:44.0324        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/04 14:24:44.0359        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/04 14:24:44.0390        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/04 14:24:44.0413        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/04 14:24:44.0506        SLEE_17_DRIVER  (6352fa01bd438e88250d534a1a6d22ff) C:\Windows\system32\drivers\Sleen17.sys
2010/10/04 14:24:44.0553        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/04 14:24:44.0590        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/04 14:24:44.0651        srv            (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/04 14:24:44.0700        srv2            (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/04 14:24:44.0726        srvnet          (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/04 14:24:44.0819        SSPORT          (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2010/10/04 14:24:44.0867        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/04 14:24:44.0907        STHDA          (61f801547a9f9d630637eee0440329a6) C:\Windows\system32\DRIVERS\stwrt.sys
2010/10/04 14:24:44.0964        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/04 14:24:44.0991        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/04 14:24:45.0013        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/04 14:24:45.0091        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/04 14:24:45.0235        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/04 14:24:45.0286        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/04 14:24:45.0331        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/04 14:24:45.0403        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/04 14:24:45.0431        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/04 14:24:45.0453        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/04 14:24:45.0512        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/04 14:24:45.0553        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/04 14:24:45.0600        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/04 14:24:45.0632        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/04 14:24:45.0747        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/04 14:24:45.0793        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/04 14:24:45.0814        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/04 14:24:45.0846        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/04 14:24:45.0882        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/04 14:24:45.0906        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/04 14:24:45.0950        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/04 14:24:46.0022        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/04 14:24:46.0066        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/04 14:24:46.0092        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/04 14:24:46.0113        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/04 14:24:46.0153        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/04 14:24:46.0179        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/04 14:24:46.0219        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/04 14:24:46.0247        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/04 14:24:46.0340        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/04 14:24:46.0376        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/04 14:24:46.0403        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/04 14:24:46.0440        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/04 14:24:46.0464        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/04 14:24:46.0486        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/04 14:24:46.0526        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/04 14:24:46.0562        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/04 14:24:46.0633        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/04 14:24:46.0696        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/04 14:24:46.0740        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/04 14:24:46.0771        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/04 14:24:46.0805        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 14:24:46.0823        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/04 14:24:46.0873        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/04 14:24:46.0915        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/04 14:24:47.0029        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/04 14:24:47.0065        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/04 14:24:47.0130        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/04 14:24:47.0171        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/04 14:24:47.0217        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/04 14:24:47.0276        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/04 14:24:47.0351        ================================================================================
2010/10/04 14:24:47.0351        Scan finished
2010/10/04 14:24:47.0351        ================================================================================
2. Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4739

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.10.2010 16:21:55
mbam-log-2010-10-04 (16-21-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|H:\|Z:\|)
Durchsuchte Objekte: 231043
Laufzeit: 1 Stunde(n), 41 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\VL1\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\VL1\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> No action taken.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> No action taken.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> No action taken.
3. OTL/OTL
Code:
OTL logfile created on: 04.10.2010 16:26:54 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Program Files\Sicherheit\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 80,06 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 141,07 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
Drive F: | 39,26 Gb Total Space | 38,87 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 0,77 Gb Free Space | 41,74% Space Free | Partition Type: FAT
Drive H: | 7,50 Gb Total Space | 1,05 Gb Free Space | 14,03% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive Z: | 298,02 Gb Total Space | 278,71 Gb Free Space | 93,52% Space Free | Partition Type: FAT32
 
Computer Name: VL1-PC
Current User Name: VL1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Sicherheit\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Steganos Safe 11\SteganosHotKeyService.exe (Steganos GmbH)
PRC - C:\Programme\Steganos Safe 11\fredirstarter.exe (Steganos GmbH)
PRC - C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Programme\Sicherheit\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\clicperf.dll ()
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe (IDT, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SLEE_17_DRIVER) -- C:\Windows\System32\drivers\SleeN17.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (O2MDGRDR) -- C:\Windows\System32\drivers\o2mdg.sys (O2Micro )
DRV - (O2SDGRDR) -- C:\Windows\System32\drivers\o2sdg.sys (O2Micro )
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\VL1\AppData\Roaming\5005 [2010.09.25 11:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.22 15:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 03:46:28 | 000,000,000 | ---D | M]
 
[2009.11.28 15:05:15 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Extensions
[2010.10.04 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions
[2010.04.28 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.10.04 14:52:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.10 08:44:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 08:44:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.10 08:44:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.10 08:44:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.10 08:44:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100922154750.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAFE2009 File Redirection Starter] C:\Program Files\Steganos Safe 11\fredirstarter.exe (Steganos GmbH)
O4 - HKLM..\Run: [SAFE2009 HotKeys] C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe (Steganos GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Sicherheit\Malwarebytes Anti-Malware 1.46\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\VL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\VL1\AppData\Roaming\appconf32.exe) - C:\Users\VL1\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: constvdm - (C:\Windows\system32\clicperf.dll) - C:\Windows\System32\clicperf.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.04 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\Malwarebytes
[2010.10.04 14:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.04 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.04 14:36:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.03 08:27:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.25 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\UAs
[2010.09.25 11:16:26 | 000,208,208 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe.dll
[2010.09.25 11:16:25 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\5005
[2010.09.25 11:16:15 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\xmldm
[2010.09.25 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\cock
[2010.09.23 10:02:42 | 000,000,000 | ---D | C] -- C:\Programme\Sicherheit
[2010.09.22 15:32:28 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.04 16:26:05 | 001,835,008 | -HS- | M] () -- C:\Users\VL1\NTUSER.DAT
[2010.10.04 12:03:01 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 12:03:01 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 12:01:56 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.04 12:01:56 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.04 12:01:56 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.04 12:01:56 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.04 12:01:56 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.04 11:55:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.04 11:55:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.04 11:55:20 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 11:54:38 | 003,215,999 | -H-- | M] () -- C:\Users\VL1\AppData\Local\IconCache.db
[2010.10.04 11:23:30 | 000,011,006 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2010.10.04 10:41:14 | 000,000,307 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.10.04 09:39:09 | 000,734,720 | ---- | M] () -- C:\Users\VL1\Desktop\1 Kundenadressen Süd.xls
[2010.10.03 18:15:41 | 000,035,328 | ---- | M] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.03 13:58:39 | 223,268,385 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.01 06:49:04 | 000,174,014 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:15 | 000,282,696 | ---- | M] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:18 | 000,024,958 | ---- | M] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | M] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:10 | 000,012,842 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:51 | 000,012,369 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | M] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.25 11:16:26 | 000,208,208 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe.dll
[2010.09.24 13:38:08 | 000,058,461 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:45 | 000,164,811 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.24 09:50:19 | 000,051,712 | -H-- | M] () -- C:\Windows\System32\clicperf.dll
[2010.09.23 17:10:37 | 000,011,107 | ---- | M] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | M] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | M] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.16 08:19:52 | 000,064,150 | ---- | M] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 19:05:15 | 000,047,104 | ---- | M] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.03 16:50:58 | 000,035,328 | ---- | C] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.01 06:49:03 | 000,174,014 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:14 | 000,282,696 | ---- | C] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:14 | 000,024,958 | ---- | C] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | C] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:09 | 000,012,842 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:50 | 000,012,369 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | C] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.25 11:28:00 | 000,000,307 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.09.25 11:16:26 | 000,000,065 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe.txt
[2010.09.24 13:38:04 | 000,058,461 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:41 | 000,164,811 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.24 09:50:19 | 000,051,712 | -H-- | C] () -- C:\Windows\System32\clicperf.dll
[2010.09.23 17:10:36 | 000,011,107 | ---- | C] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | C] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | C] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.19 19:42:57 | 000,019,968 | ---- | C] () -- C:\Users\VL1\Desktop\0 Kundendossier.dot
[2010.09.16 08:19:51 | 000,064,150 | ---- | C] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 17:36:06 | 000,047,104 | ---- | C] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[2010.01.31 16:26:27 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.10 14:10:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.28 16:25:03 | 000,011,006 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2009.11.28 16:24:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.11.28 16:24:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2009.11.28 16:24:42 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009.11.28 16:24:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009.11.28 16:23:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2009.11.28 16:21:20 | 000,147,456 | R--- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.11.28 16:21:20 | 000,027,136 | R--- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.11.28 16:21:20 | 000,011,264 | R--- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.11.28 16:21:20 | 000,010,752 | R--- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.11.28 15:11:32 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.11.28 15:11:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.11.28 15:11:32 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.11.20 18:55:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.20 17:09:38 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.20 17:09:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.11.20 17:08:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.09 17:23:13 | 000,047,616 | RHS- | C] () -- C:\Users\VL1\AppData\Roaming\appconf32.exe
< End of report >
4. OTL/Extras
Code:
OTL Extras logfile created on: 04.10.2010 16:26:54 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Program Files\Sicherheit\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 80,06 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 141,07 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
Drive F: | 39,26 Gb Total Space | 38,87 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 0,77 Gb Free Space | 41,74% Space Free | Partition Type: FAT
Drive H: | 7,50 Gb Total Space | 1,05 Gb Free Space | 14,03% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive Z: | 298,02 Gb Total Space | 278,71 Gb Free Space | 93,52% Space Free | Partition Type: FAT32
 
Computer Name: VL1-PC
Current User Name: VL1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC5CEC91-F421-4D5F-86EA-5D51E815B8EC}" = Steganos Safe 11
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD3F214C-B6E5-4C8A-8EBF-DC041E57497C}" = Dell Sicherungs- und Wiederherstellungs-Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BASICR" = Microsoft Office Basic 2007
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSC" = McAfee SecurityCenter
"Personal Backup_is1" = Personal Backup 4.5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"tetris 2oo5_is1" = tetris 2oo5 - Version 1.2
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.09.2010 07:35:04 | Computer Name = VL1-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 08.09.2010 09:33:47 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
Error - 09.09.2010 08:02:29 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
Error - 14.09.2010 21:00:17 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
Error - 14.09.2010 21:00:17 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
Error - 16.09.2010 14:02:50 | Computer Name = VL1-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 16.09.2010 14:07:32 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
Error - 16.09.2010 15:39:55 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Scan2Pc.exe, Version: 2.3.0.0, Zeitstempel:
 0x4883ebe1  Name des fehlerhaften Moduls: NetModule.dll, Version: 1.0.0.2, Zeitstempel:
 0x484d25be  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00006c99  ID des fehlerhaften Prozesses:
 0xa64  Startzeit der fehlerhaften Anwendung: 0x01cb5496aadea3e6  Pfad der fehlerhaften
 Anwendung: C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll  Berichtskennung: 2e0607b3-c1ca-11df-8a24-0024e8f62566
 
Error - 19.09.2010 11:43:48 | Computer Name = VL1-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 19.09.2010 11:49:11 | Computer Name = VL1-PC | Source = System Restore | ID = 8193
Description =
 
[ OSession Events ]
Error - 14.08.2010 05:37:00 | Computer Name = VL1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 95
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2010 13:05:47 | Computer Name = VL1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Y:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 20.06.2010 11:19:53 | Computer Name = VL1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Y:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 21.06.2010 07:31:25 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 21.06.2010 07:31:37 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.06.2010 03:37:46 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.06.2010 03:37:56 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 24.06.2010 02:58:51 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 24.06.2010 02:59:01 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 25.06.2010 10:45:07 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 25.06.2010 10:45:17 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
 
< End of report >
Viele Grüße
FF

Chris4You 05.10.2010 06:56
Hi,


Bitte folgende Files prüfen (sieht schon wieder nach einer neuen Version des Bankers aus...):

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Windows\System32\clicperf.dll
C:\Users\VL1\AppData\Roaming\appconf32.exe
C:\Users\VL1\AppData\Roaming\AcroIEHelpe.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Folgende Dateien hier hochladen:
Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Folge den Anweisungen dort und lade die Datei:
Code:
C:\Windows\System32\clicperf.dll
C:\Users\VL1\AppData\Roaming\appconf32.exe
hoch.

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O20 - HKLM Winlogon: UserInit - (C:\Users\VL1\AppData\Roaming\appconf32.exe) - C:\Users\VL1\AppData\Roaming\appconf32.exe ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O36 - AppCertDlls: constvdm - (C:\Windows\system32\clicperf.dll) - C:\Windows\System32\clicperf.dll ()

:Commands
[emptytemp]
[EMPTYFLASH]
[purity]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

FF-Nutzer 05.10.2010 10:21
Hallo,

ich habe das jetzt alles abgearbeitet:

VIRUSTOTAL
Den Scan mit "clickperf.dll" habe ich gemacht, und danach mit der "print"-Funktion ein *.pdf generiert. Leider lässt es sich hier nicht anhängen, da zu groß. Result: 8/43

Code:
Antivirus Version Last Update Result
AhnLab-V3 2010.10.05.00 2010.10.04 -
AntiVir 7.10.12.119 2010.10.05 TR/Crypt.XPACK.Gen3
Antiy-AVL 2.0.3.7 2010.10.05 -
Authentium 5.2.0.5 2010.10.05 -
Avast 4.8.1351.0 2010.10.04 Win32:Spyware-gen
Avast5 5.0.594.0 2010.10.04 Win32:Spyware-gen
AVG 9.0.0.851 2010.10.04 -
BitDefender 7.2 2010.10.05 -
CAT-QuickHeal 11.00 2010.10.05 -
ClamAV 0.96.2.0-git 2010.10.05 -
Comodo 6285 2010.10.05 -
DrWeb 5.0.2.03300 2010.10.05 -
Emsisoft 5.0.0.50 2010.10.05 -
eSafe 7.0.17.0 2010.10.03 -
eTrust-Vet 36.1.7892 2010.10.04 -
F-Prot 4.6.2.117 2010.10.04 -
F-Secure 9.0.15370.0 2010.10.05 -
Fortinet 4.2.249.0 2010.10.05 -
GData 21 2010.10.05 Win32:Spyware-gen
Ikarus T3.1.1.90.0 2010.10.05 -
Jiangmin 13.0.900 2010.10.03 -
K7AntiVirus 9.63.2672 2010.10.04 -
Kaspersky 7.0.0.125 2010.10.05 -
McAfee 5.400.0.1158 2010.10.05 -
McAfee-GW-Edition 2010.1C 2010.10.04 -
Microsoft 1.6201 2010.10.05 VirTool:Win32/Obfuscator.JL
NOD32 5503 2010.10.04 -
Norman 6.06.07 2010.10.04 -
nProtect 2010-10-05.01 2010.10.05 Trojan-Spy/W32.Agent.51712.T
Panda 10.0.2.7 2010.10.04 -
PCTools 7.0.3.5 2010.10.02 -
Prevx 3.0 2010.10.05 High Risk Cloaked Malware
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.05 Mal/EncPk-TV
Sunbelt 6985 2010.10.05 -
SUPERAntiSpyware 4.40.0.1006 2010.10.05 -
Symantec 20101.2.0.161 2010.10.05 -
TheHacker 6.7.0.1.048 2010.10.04 -
TrendMicro 9.120.0.1004 2010.10.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.05 -
VBA32 3.12.14.1 2010.10.04 -
ViRobot 2010.10.4.4074 2010.10.05 -
VirusBuster 12.67.2.0 2010.10.04 -

Additonal information
MD5 : af4dc3fa4e6ed836ab9e3b148d96f98c
SHA1 : 942aa94fc5e84110ba9a5b755a6714cc0a13990e
SHA256: 20947dd290b0c3ae980ab4cc5e823e9744ada434f78bae87a8492fdefc79ba31
Den Scan mit "appconf32.exe" habe ich gemacht, hier bricht der Scan nach wenigen Augenblicken ab und man sieht nur die leeren Oberfläche von Virustotal.

Eine Datei "AcroIEHelpe.dll" habe ich nicht, dafür eine Datei "AcroIEHelpe020.dll". Diesen Scan habe ich gemacht und danach mit der "print"-Funktion ein *.pdf generiert. Leider lässt es sich hier nicht anhängen, da zu groß. Result: 0/43


HOCHLADEN
Die Dateien "clickperf.dll" und "appconf32.exe" habe ich wie beschrieben hochgeladen.

OTL
Alles so durchgeführt, hier ist der Log:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\VL1\AppData\Roaming\appconf32.exe deleted successfully.
File move failed. C:\Users\VL1\AppData\Roaming\appconf32.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\constvdm:C:\Windows\system32\clicperf.dll deleted successfully.
C:\Windows\System32\clicperf.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: VL1
->Temp folder emptied: 2550785 bytes
->Temporary Internet Files folder emptied: 505652 bytes
->Java cache emptied: 61904829 bytes
->FireFox cache emptied: 41383580 bytes
->Flash cache emptied: 29605 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 636360 bytes
RecycleBin emptied: 203971 bytes
 
Total Files Cleaned = 102,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: VL1
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 

 
OTL by OldTimer - Version 3.2.14.1 log created on 10052010_104029

Files\Folders moved on Reboot...
C:\Users\VL1\AppData\Roaming\appconf32.exe moved successfully.

Registry entries deleted on Reboot...
CurIT
Hier stelle ich mich wahrscheinlich zu blöd an. Ich habe alles soweit gemacht, nur wie starte ich meinen Rechner (DELL Vostro 1520) im abgesicherten Modus. Mit F8 funktioniert das bei mir nicht.

Schwitz!!!

Danke für die Hilfe
FF

Chris4You 05.10.2010 13:19
Hi,

lass Cureit einfach im normalen Modus von der Leine...

chris

FF-Nutzer 05.10.2010 23:06
Hallo,

habe ich gemacht. Bei der Hälfte des Vollscan ist der Rechner dabei unerwartet runtergefahren.

Code:
Problemsignatur:
  Problemereignisname:        BlueScreen
  Betriebsystemversion:        6.1.7600.2.0.0.256.48
  Gebietsschema-ID:        1031

Zusatzinformationen zum Problem:
  BCCode:        19
  BCP1:        00000003
  BCP2:        847004D8
  BCP3:        00F0F0F0
  BCP4:        00F0F0F0
  OS Version:        6_1_7600
  Service Pack:        0_0
  Product:        256_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\100510-9531-01.dmp
  C:\Users\VL1\AppData\Local\Temp\WER-20467-0.sysdata.xml

Lesen Sie unsere Datenschutzbestimmungen online:
  hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
  C:\Windows\system32\de-DE\erofflps.txt
Beim zweiten Mal (wieder bei der Hälfte des Vollscann) ist er dann komplett hängen geblieben. Ich habe ihn vom Netzt getrennt und den Accu rausgenommen. Danach hat er mir beim Hochfahren den abgesicherten Modus angeboten.

CRuIT im abgesicherten Modus hat funktioniert.

Code:
7da917a1a3781.bup\stream000;C:\Documents and Settings\VL1\DoctorWeb\Quarantine\7da917a1a3781.bup;Trojan.PWS.Spy.9751;;
7da917a1a3781.bup;C:\Documents and Settings\VL1\DoctorWeb\Quarantine;Container enthält infizierte Objekte;Verschoben.;
OTL____0.exe;C:\Documents and Settings\VL1\DoctorWeb\Quarantine;Trojan.Siggen2.4953;Nicht desinfizierbar.Verschoben.;
mcupdate.exe;C:\Program Files\McAfee.com\Agent;Wahrscheinlich DLOADER.Trojan;;
mcupdate.exe;C:\Programme\McAfee.com\Agent;Wahrscheinlich DLOADER.Trojan;;
Allerdings hatten die beiden ersten Versuche andere Funde, beim ersten Versuch hatte das Programm z.B. schon 8 Funde.

Grüße
FF

Chris4You 06.10.2010 06:35
Hi,

sag mal, läut bei Dir der Releaskandidat von Win7 noch (Windows 6.1.7600)?
Oder was ist das für eine Version...?

Besteht die Browserumleitung noch?

Wir fahren mal ein spezielles OTL-Script ab...
  • Starte bitte die OTL.exe
  • Vista/Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox

Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button
  • Klick auf OK
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chris

FF-Nutzer 06.10.2010 07:18
ok, habe ich gamacht.
Allerdings gibt es diesmal keine Datei "extra.txt". Es wurd nur eine "otl.txt" generiert.

OTL Logfile:
Code:
OTL logfile created on: 06.10.2010 08:06:32 - Run 2
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Program Files\Sicherheit\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 79,85 Gb Free Space | 81,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 141,07 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
Drive F: | 39,26 Gb Total Space | 38,87 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 0,77 Gb Free Space | 41,74% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 298,02 Gb Total Space | 278,69 Gb Free Space | 93,52% Space Free | Partition Type: FAT32
 
Computer Name: VL1-PC
Current User Name: VL1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Sicherheit\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Steganos Safe 11\SteganosHotKeyService.exe (Steganos GmbH)
PRC - C:\Programme\Steganos Safe 11\fredirstarter.exe (Steganos GmbH)
PRC - C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
PRC - C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE (Dell Inc.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Programme\Sicherheit\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe (IDT, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (O2FLASH) -- C:\Windows\System32\drivers\o2flash.exe (O2Micro International)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SLEE_17_DRIVER) -- C:\Windows\System32\drivers\SleeN17.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (O2MDGRDR) -- C:\Windows\System32\drivers\o2mdg.sys (O2Micro )
DRV - (O2SDGRDR) -- C:\Windows\System32\drivers\o2sdg.sys (O2Micro )
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\VL1\AppData\Roaming\5006 [2010.10.05 10:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.22 15:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 03:46:28 | 000,000,000 | ---D | M]
 
[2009.11.28 15:05:15 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Extensions
[2010.10.06 00:09:01 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions
[2010.04.28 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.10.06 00:09:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.10 08:44:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 08:44:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.10 08:44:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.10 08:44:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.10 08:44:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100922154750.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAFE2009 File Redirection Starter] C:\Program Files\Steganos Safe 11\fredirstarter.exe (Steganos GmbH)
O4 - HKLM..\Run: [SAFE2009 HotKeys] C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe (Steganos GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\VL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.05 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\VL1\DoctorWeb
[2010.10.05 10:40:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.05 10:20:04 | 000,212,304 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe020.dll
[2010.10.05 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\5006
[2010.10.04 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\Malwarebytes
[2010.10.04 14:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.04 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.04 14:36:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.25 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\UAs
[2010.09.25 11:16:25 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\5005
[2010.09.25 11:16:15 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\xmldm
[2010.09.25 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\cock
[2010.09.23 10:02:42 | 000,000,000 | ---D | C] -- C:\Programme\Sicherheit
[2010.09.22 15:32:28 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.08.30 10:13:07 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.08.30 10:13:00 | 000,386,712 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.08.30 10:13:00 | 000,312,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.08.30 10:13:00 | 000,164,808 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.08.30 10:13:00 | 000,152,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.08.30 10:13:00 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.08.30 10:13:00 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.08.30 10:13:00 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.08.30 10:13:00 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.08.30 10:13:00 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.06 08:04:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.06 08:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.06 08:04:39 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.06 08:01:52 | 001,835,008 | -HS- | M] () -- C:\Users\VL1\NTUSER.DAT
[2010.10.06 08:01:43 | 001,483,487 | -H-- | M] () -- C:\Users\VL1\AppData\Local\IconCache.db
[2010.10.06 07:17:00 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.06 07:17:00 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.06 07:17:00 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.06 07:17:00 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.06 07:17:00 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.06 00:04:33 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 00:04:33 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.05 21:14:42 | 248,275,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.05 11:57:57 | 000,011,006 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2010.10.04 10:41:14 | 000,000,307 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.10.04 09:39:09 | 000,734,720 | ---- | M] () -- C:\Users\VL1\Desktop\1 Kundenadressen Süd.xls
[2010.10.03 18:15:41 | 000,035,328 | ---- | M] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.01 06:49:04 | 000,174,014 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:15 | 000,282,696 | ---- | M] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:18 | 000,024,958 | ---- | M] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | M] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:10 | 000,012,842 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:51 | 000,012,369 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | M] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.24 13:38:08 | 000,058,461 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:45 | 000,164,811 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.23 17:10:37 | 000,011,107 | ---- | M] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | M] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | M] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.16 08:19:52 | 000,064,150 | ---- | M] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 19:05:15 | 000,047,104 | ---- | M] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[2010.08.24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.08.24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.08.24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.08.24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.08.24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.08.24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.08.24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.08.24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.08.24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010.08.24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.08.14 12:25:59 | 000,002,178 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk
[2010.08.13 09:03:05 | 000,294,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.11 17:13:31 | 000,028,160 | ---- | M] () -- C:\Users\VL1\Documents\Notizen Reiseablauf obert berlin.doc
[2010.08.10 19:47:21 | 000,027,648 | ---- | M] () -- C:\Users\VL1\Desktop\2010 Reiseplan Nürnberg.doc
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.03 16:50:58 | 000,035,328 | ---- | C] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.01 06:49:03 | 000,174,014 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:14 | 000,282,696 | ---- | C] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:14 | 000,024,958 | ---- | C] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | C] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:09 | 000,012,842 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:50 | 000,012,369 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | C] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.25 11:28:00 | 000,000,307 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.09.25 11:16:26 | 000,000,065 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe.txt
[2010.09.24 13:38:04 | 000,058,461 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:41 | 000,164,811 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.23 17:10:36 | 000,011,107 | ---- | C] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | C] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | C] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.19 19:42:57 | 000,019,968 | ---- | C] () -- C:\Users\VL1\Desktop\0 Kundendossier.dot
[2010.09.16 08:19:51 | 000,064,150 | ---- | C] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 17:36:06 | 000,047,104 | ---- | C] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[2010.08.11 17:13:31 | 000,028,160 | ---- | C] () -- C:\Users\VL1\Documents\Notizen Reiseablauf obert berlin.doc
[2010.08.10 09:32:25 | 000,027,648 | ---- | C] () -- C:\Users\VL1\Desktop\2010 Reiseplan Nürnberg.doc
[2010.01.31 16:26:27 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.10 14:10:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.28 16:25:03 | 000,011,006 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2009.11.28 16:24:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.11.28 16:24:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2009.11.28 16:24:42 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009.11.28 16:24:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009.11.28 16:23:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2009.11.28 16:21:20 | 000,147,456 | R--- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.11.28 16:21:20 | 000,027,136 | R--- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.11.28 16:21:20 | 000,011,264 | R--- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.11.28 16:21:20 | 000,010,752 | R--- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.11.28 15:11:32 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.11.28 15:11:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.11.28 15:11:32 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.11.20 18:55:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.20 17:09:38 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.20 17:09:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.11.20 17:08:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010.09.25 11:20:01 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\5005
[2010.10.05 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\5006
[2010.09.25 11:16:14 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\cock
[2010.04.28 13:29:23 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\GARMIN
[2010.01.31 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\PersBackup
[2009.11.28 16:25:05 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\SmarThru4
[2010.01.31 16:00:24 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\Steganos
[2010.04.15 18:42:40 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\TeamViewer
[2010.10.01 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\UAs
[2010.10.06 07:28:14 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\xmldm
[2010.07.06 09:24:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Drivers\storage\R229669\IaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< c:\windows\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2009.11.20 17:10:46 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2009.11.20 17:10:18 | 000,000,000 | ---D | M] -- C:\Programme\Cisco
[2009.12.11 13:54:05 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2009.11.20 17:17:25 | 000,000,000 | ---D | M] -- C:\Programme\CyberLink
[2009.11.20 17:09:37 | 000,000,000 | ---D | M] -- C:\Programme\Dell
[2009.11.20 17:08:54 | 000,000,000 | ---D | M] -- C:\Programme\Dell Inc
[2009.11.20 18:58:41 | 000,000,000 | ---D | M] -- C:\Programme\DellTPad
[2009.07.14 10:57:01 | 000,000,000 | ---D | M] -- C:\Programme\DVD Maker
[2009.11.28 15:11:26 | 000,000,000 | ---D | M] -- C:\Programme\EASEUS
[2009.11.28 15:10:33 | 000,000,000 | ---D | M] -- C:\Programme\Easeus Partition Master
[2009.11.28 15:04:20 | 000,000,000 | ---D | M] -- C:\Programme\Firefox
[2009.12.10 14:08:30 | 000,000,000 | ---D | M] -- C:\Programme\FreePdf
[2009.12.10 14:10:19 | 000,000,000 | ---D | M] -- C:\Programme\FreePDF_XP
[2009.11.28 14:39:27 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2009.11.20 10:03:34 | 000,000,000 | ---D | M] -- C:\Programme\IDT
[2010.04.29 10:41:07 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2009.11.20 17:08:47 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2010.08.13 09:02:04 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2009.12.09 10:30:38 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2010.10.04 11:22:27 | 000,000,000 | ---D | M] -- C:\Programme\McAfee
[2010.08.31 08:32:00 | 000,000,000 | ---D | M] -- C:\Programme\McAfee.com
[2009.11.20 17:15:27 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2009.12.24 23:27:09 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2009.11.20 17:12:53 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2009.11.20 17:17:16 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight
[2009.11.20 17:16:06 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition
[2009.11.20 17:16:54 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework
[2009.11.20 17:12:52 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio
[2009.11.20 17:12:58 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2009.11.20 17:12:48 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2010.10.06 08:05:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2009.11.30 16:58:02 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2010.04.29 10:41:07 | 000,000,000 | ---D | M] -- C:\Programme\PC Inspector File Recovery
[2009.12.14 15:14:43 | 000,000,000 | ---D | M] -- C:\Programme\Personal Backup
[2009.11.28 16:24:42 | 000,000,000 | ---D | M] -- C:\Programme\Readiris10
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2009.11.20 17:13:57 | 000,000,000 | ---D | M] -- C:\Programme\Roxio
[2009.11.28 16:20:48 | 000,000,000 | ---D | M] -- C:\Programme\Samsung
[2010.10.05 10:59:00 | 000,000,000 | ---D | M] -- C:\Programme\Sicherheit
[2009.11.28 16:25:05 | 000,000,000 | ---D | M] -- C:\Programme\SmarThru 4
[2010.01.31 14:46:13 | 000,000,000 | ---D | M] -- C:\Programme\Steganos Safe 11
[2010.03.26 15:22:21 | 000,000,000 | ---D | M] -- C:\Programme\tetris 2oo5
[2009.07.14 06:53:23 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2010.02.01 10:56:01 | 000,000,000 | ---D | M] -- C:\Programme\VR-NetWorld
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.07.14 10:57:00 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2009.11.20 17:17:10 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2009.11.20 17:15:13 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2010.05.12 16:54:50 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2009.12.01 10:08:28 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2009.11.28 14:39:27 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Viewer
[2009.07.14 06:52:32 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2009.12.11 16:44:16 | 000,000,000 | ---D | M] -- C:\Programme\WinRar
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 01:00:19

< End of report >
--- --- ---
FF

Chris4You 06.10.2010 08:05
Hi,

java mal updaten, sonst sehe ich im augenblick nichts mehr...

chris

FF-Nutzer 06.10.2010 08:24
Das Problem besteht aber mit Google immer noch. Wie update ich Java?

FF

Chris4You 06.10.2010 08:45
Hm,

nur im Firefox oder auch im IE?

Der TDSSKiller hat nichts gefunden, lass Ihn nochmal laufen (ev. neu runterziehen)... poste das Log...seltsam...

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris

FF-Nutzer 06.10.2010 16:06
Liste der Anhänge anzeigen (Anzahl: 1)
Hey,

langsam nervt es.
TDSS hat augenscheinlich nichts gefunden,

Code:
2010/10/06 13:58:13.0748        TDSS rootkit removing tool 2.4.4.0 Oct  4 2010 09:06:59
2010/10/06 13:58:13.0748        ================================================================================
2010/10/06 13:58:13.0748        SystemInfo:
2010/10/06 13:58:13.0748       
2010/10/06 13:58:13.0748        OS Version: 6.1.7600 ServicePack: 0.0
2010/10/06 13:58:13.0748        Product type: Workstation
2010/10/06 13:58:13.0748        ComputerName: VL1-PC
2010/10/06 13:58:13.0748        UserName: VL1
2010/10/06 13:58:13.0748        Windows directory: C:\Windows
2010/10/06 13:58:13.0748        System windows directory: C:\Windows
2010/10/06 13:58:13.0748        Processor architecture: Intel x86
2010/10/06 13:58:13.0748        Number of processors: 2
2010/10/06 13:58:13.0748        Page size: 0x1000
2010/10/06 13:58:13.0748        Boot type: Normal boot
2010/10/06 13:58:13.0748        ================================================================================
2010/10/06 13:58:14.0435        Initialize success
2010/10/06 13:58:32.0172        ================================================================================
2010/10/06 13:58:32.0172        Scan started
2010/10/06 13:58:32.0172        Mode: Manual;
2010/10/06 13:58:32.0172        ================================================================================
2010/10/06 13:58:32.0796        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/06 13:58:32.0843        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/06 13:58:32.0874        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/06 13:58:32.0905        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/06 13:58:32.0952        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/06 13:58:32.0967        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/06 13:58:33.0077        AFD            (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/10/06 13:58:33.0108        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/06 13:58:33.0139        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/10/06 13:58:33.0186        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/06 13:58:33.0217        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/10/06 13:58:33.0233        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/06 13:58:33.0279        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/06 13:58:33.0311        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/06 13:58:33.0420        amdsata        (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/06 13:58:33.0451        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/06 13:58:33.0498        amdxata        (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/06 13:58:33.0560        ApfiltrService  (fb7c669774ffcacd77b5969ee5d9a19b) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/10/06 13:58:33.0591        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/10/06 13:58:33.0701        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/10/06 13:58:33.0732        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/06 13:58:33.0779        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/06 13:58:33.0825        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/06 13:58:33.0903        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/10/06 13:58:34.0013        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/10/06 13:58:34.0059        BCM42RLY        (eb4434444e2721d721a8ac8d5d2ad26b) C:\Windows\system32\drivers\BCM42RLY.sys
2010/10/06 13:58:34.0184        BCM43XX        (919832d1a7d067119cd5ee29ba76327a) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/06 13:58:34.0293        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/10/06 13:58:34.0340        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/06 13:58:34.0356        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/06 13:58:34.0387        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/06 13:58:34.0403        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/06 13:58:34.0449        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/10/06 13:58:34.0481        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/06 13:58:34.0559        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/06 13:58:34.0590        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/06 13:58:34.0605        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/06 13:58:34.0668        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/06 13:58:34.0715        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/06 13:58:34.0824        cfwids          (426ee59b25988bb3382fc0a3655deaa2) C:\Windows\system32\drivers\cfwids.sys
2010/10/06 13:58:34.0871        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/06 13:58:34.0902        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/10/06 13:58:34.0933        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/06 13:58:34.0964        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/06 13:58:34.0995        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/10/06 13:58:35.0089        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/06 13:58:35.0120        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/06 13:58:35.0167        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/06 13:58:35.0214        CSC            (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/10/06 13:58:35.0261        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/10/06 13:58:35.0354        DgiVecp        (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2010/10/06 13:58:35.0401        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/10/06 13:58:35.0479        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/10/06 13:58:35.0557        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/10/06 13:58:35.0619        DXGKrnl        (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/06 13:58:35.0807        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/10/06 13:58:35.0963        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/06 13:58:36.0025        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
2010/10/06 13:58:36.0072        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/06 13:58:36.0103        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
2010/10/06 13:58:36.0212        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/10/06 13:58:36.0243        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/10/06 13:58:36.0275        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/06 13:58:36.0306        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/10/06 13:58:36.0337        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/10/06 13:58:36.0368        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/06 13:58:36.0399        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/10/06 13:58:36.0509        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/10/06 13:58:36.0540        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/06 13:58:36.0571        fvevol          (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/06 13:58:36.0602        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/06 13:58:36.0633        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/06 13:58:36.0680        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/06 13:58:36.0696        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/06 13:58:36.0711        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/06 13:58:36.0805        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/06 13:58:36.0867        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/06 13:58:36.0899        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/06 13:58:36.0945        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/10/06 13:58:37.0023        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/06 13:58:37.0101        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/06 13:58:37.0148        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/06 13:58:37.0179        iaStorV        (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/06 13:58:37.0351        igfx            (45d1a22c0e932768729dd422e175a448) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/06 13:58:37.0507        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/06 13:58:37.0569        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/06 13:58:37.0601        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/06 13:58:37.0632        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/06 13:58:37.0663        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/06 13:58:37.0694        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/10/06 13:58:37.0710        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/10/06 13:58:37.0741        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/06 13:58:37.0835        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/06 13:58:37.0881        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/06 13:58:37.0928        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/06 13:58:37.0959        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/06 13:58:37.0991        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/06 13:58:38.0115        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/06 13:58:38.0162        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/06 13:58:38.0193        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/06 13:58:38.0225        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/06 13:58:38.0256        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/06 13:58:38.0287        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/10/06 13:58:38.0443        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/06 13:58:38.0490        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/06 13:58:38.0537        mfeapfk        (5bd0c401a8ee4a54f6176c0a10d595ae) C:\Windows\system32\drivers\mfeapfk.sys
2010/10/06 13:58:38.0568        mfeavfk        (f3bb4dc61b4dc662bdc778cf1634fae1) C:\Windows\system32\drivers\mfeavfk.sys
2010/10/06 13:58:38.0693        mfebopk        (b1498db38d129ed31650422fc8bab9c5) C:\Windows\system32\drivers\mfebopk.sys
2010/10/06 13:58:38.0755        mfefirek        (51e9ccea45c78858a229afb6e682cf41) C:\Windows\system32\drivers\mfefirek.sys
2010/10/06 13:58:38.0786        mfehidk        (32f7298664874715ce469a79078853c4) C:\Windows\system32\drivers\mfehidk.sys
2010/10/06 13:58:38.0817        mfenlfk        (e920bfd5837aed4aef903cf1c7d3949e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/10/06 13:58:38.0864        mferkdet        (858337b64484cd80eee7d2eba5ac61bc) C:\Windows\system32\drivers\mferkdet.sys
2010/10/06 13:58:38.0927        mfewfpk        (dcfbf068951fb4086c6aef99c6330516) C:\Windows\system32\drivers\mfewfpk.sys
2010/10/06 13:58:38.0958        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/10/06 13:58:39.0051        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/06 13:58:39.0098        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/06 13:58:39.0161        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/06 13:58:39.0207        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/10/06 13:58:39.0239        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/06 13:58:39.0270        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/06 13:58:39.0317        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/10/06 13:58:39.0410        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/06 13:58:39.0441        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/06 13:58:39.0473        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/06 13:58:39.0504        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/06 13:58:39.0519        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/06 13:58:39.0582        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/10/06 13:58:39.0597        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/06 13:58:39.0629        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/06 13:58:39.0753        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/06 13:58:39.0785        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/06 13:58:39.0800        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/10/06 13:58:39.0831        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/10/06 13:58:39.0863        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/06 13:58:39.0878        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/10/06 13:58:39.0894        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/06 13:58:39.0925        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/10/06 13:58:39.0972        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/06 13:58:40.0097        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/10/06 13:58:40.0128        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/06 13:58:40.0159        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/06 13:58:40.0175        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/06 13:58:40.0206        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/06 13:58:40.0237        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/10/06 13:58:40.0331        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/06 13:58:40.0377        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/06 13:58:40.0424        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/06 13:58:40.0455        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/10/06 13:58:40.0487        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/06 13:58:40.0533        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/10/06 13:58:40.0643        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/10/06 13:58:40.0674        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/06 13:58:40.0721        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/06 13:58:40.0752        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/06 13:58:40.0799        O2MDGRDR        (07ad3cddf8984f56652cce6be8946526) C:\Windows\system32\DRIVERS\o2mdg.sys
2010/10/06 13:58:40.0830        O2SDGRDR        (45e4fe55db8c0549b8cef1b107f87b70) C:\Windows\system32\DRIVERS\o2sdg.sys
2010/10/06 13:58:40.0939        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/06 13:58:41.0017        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/10/06 13:58:41.0033        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/10/06 13:58:41.0064        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/10/06 13:58:41.0095        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/10/06 13:58:41.0126        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/06 13:58:41.0157        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/06 13:58:41.0235        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/10/06 13:58:41.0298        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/10/06 13:58:41.0391        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/06 13:58:41.0423        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/10/06 13:58:41.0516        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/06 13:58:41.0579        PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/06 13:58:41.0672        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/06 13:58:41.0766        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/06 13:58:41.0828        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/06 13:58:41.0859        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/06 13:58:41.0891        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/06 13:58:41.0937        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/06 13:58:41.0969        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/06 13:58:42.0000        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/06 13:58:42.0031        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/06 13:58:42.0078        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/06 13:58:42.0125        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/06 13:58:42.0187        RDPDR          (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/10/06 13:58:42.0234        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/06 13:58:42.0265        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/06 13:58:42.0296        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/10/06 13:58:42.0343        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/10/06 13:58:42.0421        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/06 13:58:42.0515        RTL8167        (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/10/06 13:58:42.0577        s3cap          (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/06 13:58:42.0639        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/06 13:58:42.0671        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/06 13:58:42.0733        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/06 13:58:42.0811        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/06 13:58:42.0842        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/10/06 13:58:42.0873        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/06 13:58:42.0920        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/06 13:58:42.0936        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/06 13:58:42.0983        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/06 13:58:43.0014        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/06 13:58:43.0076        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/10/06 13:58:43.0123        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/06 13:58:43.0154        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/06 13:58:43.0232        SLEE_17_DRIVER  (6352fa01bd438e88250d534a1a6d22ff) C:\Windows\system32\drivers\Sleen17.sys
2010/10/06 13:58:43.0310        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/10/06 13:58:43.0357        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/10/06 13:58:43.0435        srv            (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/06 13:58:43.0466        srv2            (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/06 13:58:43.0497        srvnet          (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/06 13:58:43.0575        SSPORT          (5f77725ec309de1242d8efc8e9259a9f) C:\Windows\system32\Drivers\SSPORT.sys
2010/10/06 13:58:43.0638        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/06 13:58:43.0700        STHDA          (61f801547a9f9d630637eee0440329a6) C:\Windows\system32\DRIVERS\stwrt.sys
2010/10/06 13:58:43.0778        storflt        (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/06 13:58:43.0794        storvsc        (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/06 13:58:43.0856        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/06 13:58:43.0950        Tcpip          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/10/06 13:58:44.0059        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/06 13:58:44.0121        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/06 13:58:44.0153        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/10/06 13:58:44.0168        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/10/06 13:58:44.0199        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/06 13:58:44.0215        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/06 13:58:44.0277        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/06 13:58:44.0355        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/06 13:58:44.0402        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/06 13:58:44.0449        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/06 13:58:44.0511        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/06 13:58:44.0543        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/06 13:58:44.0605        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/06 13:58:44.0636        usbccgp        (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/06 13:58:44.0683        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/06 13:58:44.0730        usbehci        (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/06 13:58:44.0808        usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/06 13:58:44.0839        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/06 13:58:44.0886        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/06 13:58:44.0901        USBSTOR        (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/06 13:58:44.0933        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/06 13:58:44.0964        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/06 13:58:45.0026        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/06 13:58:45.0073        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/10/06 13:58:45.0135        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/06 13:58:45.0198        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/10/06 13:58:45.0229        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/10/06 13:58:45.0260        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/06 13:58:45.0291        vmbus          (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/06 13:58:45.0338        VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/06 13:58:45.0369        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/06 13:58:45.0432        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/10/06 13:58:45.0494        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/06 13:58:45.0541        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/06 13:58:45.0572        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/06 13:58:45.0619        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/06 13:58:45.0697        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/06 13:58:45.0759        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/06 13:58:45.0791        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/06 13:58:45.0837        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/10/06 13:58:45.0900        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/06 13:58:45.0962        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/06 13:58:46.0009        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/10/06 13:58:46.0103        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/06 13:58:46.0196        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/06 13:58:46.0243        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/10/06 13:58:46.0305        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/06 13:58:46.0399        ================================================================================
2010/10/06 13:58:46.0399        Scan finished
2010/10/06 13:58:46.0399        ================================================================================
SuperAntiSpareware scheinbar auch nichts.
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 10/06/2010 bei 04:56 PM

Version der Applikation : 4.44.1000

Version der Kern-Datenbank : 5639
Version der Spur-Datenbank : 3451

Scan Art      : kompletter Scann
Totale Scann-Zeit : 02:49:25

Gescannte Speicherelemente  : 734
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 9529
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 102408
Erfasste Datei-Elemente  : 0
Firefox scheint aber jetzt stabil zu arbeiten, es schließt sich bis jetzt nicht mehr. Dass Problem scheint vom Tisch.

Was bleibt, ist das Google-Problem, allerdings in verschärfte Form!!!!!

Bisher öffnete Google einfach nur Mist, vom Porno bis zu irgendwelchen Linkseiten wie zb. Gomeo. Jetzt kommen aber scheinbar wirklich gefährliche Sachen hoch. Bei ganz normalen Internetadressen wie www.ttline.com oder Lufthansa.de wird das Fenster weiß und ein Feld öffnet sich mit folgendem Text:

"Die Seite mit der Adresse h**p://xybohyf.co.cc meldet:
Windows Security has found critical process activity on your system an will perform fast scan of system files. -> [ok]"

Natürlich habe ich kein [ok] gedrückt, aber selbst wenn ich das Feld mit [x] schließe beginnt im Fenster irgendein Prozeß zu laufen. Ich schließe dann sofort das Fenster. Die h**p:// - Adresse ist immer anders, aber immer ohne "www.". Der englische Text ist auch immer der gleiche. Und es beginnt immer irgendein Prozess zu laufen.

Und ja: Das gleiche Problem habe ich auch mit dem IE.

Mein Virenprogramm McAfee hat dann im laufenden Scan auch noch folgendes gemeldet. Ich habe mal ein Print gemacht und angehangen.

Mensch, was habe ich mir da bloß für einen Mist eingefangen ...
Auf jeden Fall danke ich Dir ....

FF

Chris4You 06.10.2010 18:23
Hi,

poste noch mal ein OTL-Log...
Javaupdate: http://www.java.com/de/download/
Ich kann das Bild das du gepostet hast nicht richtig erkennen, es scheint aber ein PlugIn zu sein... Das muss allerdings ein allgemeingültiges sein, für FF und IE... PDF/Adobe?
Prüfe die Proxy-Settings, normalerweise sollte dort nichts stehen:
http://windows.microsoft.com/de-DE/w...ernet-Explorer
Vielleicht habe ich was übersehen... werde mal schauen ob noch ein anderer drüberschauen kann...

chris

FF-Nutzer 06.10.2010 20:57
N´Abend,
hier die beiden aktuellen OTL logs:

EXTRA
Code:
OTL Extras logfile created on: 06.10.2010 21:03:42 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Program Files\Sicherheit\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 79,74 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 141,07 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
Drive F: | 39,26 Gb Total Space | 38,87 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 0,77 Gb Free Space | 41,74% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VL1-PC
Current User Name: VL1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC5CEC91-F421-4D5F-86EA-5D51E815B8EC}" = Steganos Safe 11
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD3F214C-B6E5-4C8A-8EBF-DC041E57497C}" = Dell Sicherungs- und Wiederherstellungs-Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BASICR" = Microsoft Office Basic 2007
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.1.1 Home Edition
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"MSC" = McAfee SecurityCenter
"Personal Backup_is1" = Personal Backup 4.5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"SmarThru PC Fax" = SmarThru PC Fax
"tetris 2oo5_is1" = tetris 2oo5 - Version 1.2
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.09.2010 12:38:44 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x322e3930  ID des fehlerhaften
 Prozesses: 0xb50  Startzeit der fehlerhaften Anwendung: 0x01cb60bdb270a639  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 305712cb-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:38:47 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
 Zeitstempel: 0x4c8fcc44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017f87  ID des fehlerhaften
 Prozesses: 0xb50  Startzeit der fehlerhaften Anwendung: 0x01cb60bdb270a639  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\MOZCRT19.dll  Berichtskennung: 31efe137-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:39:18 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x322e3930  ID des fehlerhaften
 Prozesses: 0x12cc  Startzeit der fehlerhaften Anwendung: 0x01cb60bdf6472100  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 44afa9ae-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:39:22 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
 Zeitstempel: 0x4c8fcc44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017f87  ID des fehlerhaften
 Prozesses: 0x12cc  Startzeit der fehlerhaften Anwendung: 0x01cb60bdf6472100  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\MOZCRT19.dll  Berichtskennung: 472b337e-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:39:52 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x322e3930  ID des fehlerhaften
 Prozesses: 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01cb60be0d91bd40  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 58e40c6d-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:39:55 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
 Zeitstempel: 0x4c8fcc44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017f87  ID des fehlerhaften
 Prozesses: 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01cb60be0d91bd40  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\MOZCRT19.dll  Berichtskennung: 5a6f30da-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:43:18 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x5d7d5d7d  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01cb60be1f10fb3e  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: d36617aa-ccb1-11df-b28d-0024e8f62566
 
Error - 30.09.2010 12:43:20 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3909,
 Zeitstempel: 0x4c8fdc07  Name des fehlerhaften Moduls: MOZCRT19.dll, Version: 8.0.0.0,
 Zeitstempel: 0x4c8fcc44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00017f87  ID des fehlerhaften
 Prozesses: 0x61c  Startzeit der fehlerhaften Anwendung: 0x01cb60be1f10fb3e  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Mozilla Firefox\MOZCRT19.dll  Berichtskennung: d478b0ab-ccb1-11df-b28d-0024e8f62566
 
Error - 01.10.2010 13:02:24 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.4518.1014,
 Zeitstempel: 0x45428028  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdadb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075c70  ID des fehlerhaften
 Prozesses: 0x1310  Startzeit der fehlerhaften Anwendung: 0x01cb618a69d89696  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a9119df1-cd7d-11df-b28d-0024e8f62566
 
Error - 01.10.2010 14:26:52 | Computer Name = VL1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc6b7  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050fa6  ID des fehlerhaften
 Prozesses: 0x10b4  Startzeit der fehlerhaften Anwendung: 0x01cb619635fec325  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: 75c54503-cd89-11df-b28d-0024e8f62566
 
[ OSession Events ]
Error - 14.08.2010 05:37:00 | Computer Name = VL1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 95
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.06.2010 13:05:47 | Computer Name = VL1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Y:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 20.06.2010 11:19:53 | Computer Name = VL1-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "Y:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 21.06.2010 07:31:25 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 21.06.2010 07:31:37 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.06.2010 03:37:46 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 22.06.2010 03:37:56 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 24.06.2010 02:58:51 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 24.06.2010 02:59:01 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 25.06.2010 10:45:07 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 25.06.2010 10:45:17 | Computer Name = VL1-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
 
< End of report >
otl
Code:
OTL logfile created on: 06.10.2010 21:03:42 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Program Files\Sicherheit\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 79,74 Gb Free Space | 81,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146,48 Gb Total Space | 141,07 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
Drive F: | 39,26 Gb Total Space | 38,87 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 0,77 Gb Free Space | 41,74% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: VL1-PC
Current User Name: VL1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.06 21:02:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Programme\Sicherheit\OTL\OTL.exe
PRC - [2010.09.28 16:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\Sicherheit\SASW\SUPERAntiSpyware.exe
PRC - [2010.09.17 03:46:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.08.24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010.08.24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010.08.24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2010.07.01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.01.19 15:26:02 | 000,080,384 | ---- | M] (Steganos GmbH) -- C:\Programme\Steganos Safe 11\SteganosHotKeyService.exe
PRC - [2010.01.19 15:25:50 | 000,017,408 | ---- | M] (Steganos GmbH) -- C:\Programme\Steganos Safe 11\fredirstarter.exe
PRC - [2009.11.13 16:21:46 | 003,820,296 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.07.17 06:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009.07.17 06:57:36 | 000,026,112 | ---- | M] () -- C:\Programme\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009.07.17 06:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009.07.15 20:47:20 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.15 20:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.06.29 09:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2009.06.29 09:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2009.06.29 09:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2009.06.29 09:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2009.06.25 04:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009.01.15 01:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.08.11 09:49:51 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.08.07 08:58:04 | 000,495,616 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
PRC - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.06 21:02:05 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Programme\Sicherheit\OTL\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.08.24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010.08.24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010.08.24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010.04.15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010.03.10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009.07.17 06:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009.07.15 20:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.15 01:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007.02.12 10:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.08.24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010.08.24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010.08.24 14:57:38 | 000,164,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010.08.24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010.08.24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010.08.24 14:57:38 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010.08.24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010.08.24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\Sicherheit\SASW\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\Sicherheit\SASW\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.18 15:12:02 | 000,093,920 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.09.16 17:55:00 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.08.26 13:45:10 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.07.17 07:22:50 | 000,167,936 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.17 07:04:10 | 005,922,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009.07.17 06:57:14 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009.07.17 06:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009.07.15 20:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.29 09:59:00 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009.05.22 11:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009.05.07 11:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2007.10.22 08:55:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2007.08.13 10:22:57 | 000,005,120 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.goggle.de"
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
 
FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\VL1\AppData\Roaming\5006 [2010.10.05 10:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.22 15:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 03:46:28 | 000,000,000 | ---D | M]
 
[2009.11.28 15:05:15 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Extensions
[2010.10.06 00:09:01 | 000,000,000 | ---D | M] -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions
[2010.04.28 13:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VL1\AppData\Roaming\mozilla\Firefox\Profiles\3pajumxj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.10.06 00:09:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.10 08:44:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 08:44:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.10 08:44:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.10 08:44:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.10 08:44:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100922154750.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SAFE2009 File Redirection Starter] C:\Program Files\Steganos Safe 11\fredirstarter.exe (Steganos GmbH)
O4 - HKLM..\Run: [SAFE2009 HotKeys] C:\Program Files\Steganos Safe 11\SteganosHotKeyService.exe (Steganos GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\Sicherheit\SASW\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\VL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Programme\Personal Backup\Personal Backup 4\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.53.180.102 193.189.244.205
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.06 14:02:13 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.06 14:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.05 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\VL1\DoctorWeb
[2010.10.05 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\5006
[2010.10.04 14:36:22 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\Malwarebytes
[2010.10.04 14:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.04 14:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.04 14:36:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.03 08:27:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.25 11:16:29 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\UAs
[2010.09.25 11:16:25 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\5005
[2010.09.25 11:16:15 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\xmldm
[2010.09.25 11:16:14 | 000,000,000 | ---D | C] -- C:\Users\VL1\AppData\Roaming\cock
[2010.09.23 10:02:42 | 000,000,000 | ---D | C] -- C:\Programme\Sicherheit
[2010.09.22 15:32:28 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.06 21:06:05 | 001,835,008 | -HS- | M] () -- C:\Users\VL1\NTUSER.DAT
[2010.10.06 20:59:46 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 20:59:46 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 20:57:00 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.06 20:57:00 | 000,647,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.06 20:57:00 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.06 20:57:00 | 000,127,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.06 20:57:00 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.06 20:52:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.06 20:52:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.06 20:52:31 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.06 20:51:53 | 002,041,620 | -H-- | M] () -- C:\Users\VL1\AppData\Local\IconCache.db
[2010.10.06 17:30:45 | 000,735,232 | ---- | M] () -- C:\Users\VL1\Desktop\1 Kundenadressen Süd.xls
[2010.10.06 15:16:54 | 000,030,686 | ---- | M] () -- C:\Users\VL1\Documents\MCAfee.jpg
[2010.10.06 15:14:40 | 000,323,440 | ---- | M] () -- C:\Users\VL1\Documents\Dok1-1.pdf
[2010.10.06 15:09:47 | 000,158,482 | ---- | M] () -- C:\Users\VL1\Documents\Dok1.pdf
[2010.10.06 14:41:15 | 000,144,972 | ---- | M] () -- C:\Users\VL1\Documents\Dok1.docx
[2010.10.06 14:02:10 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.06 13:39:34 | 000,010,962 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2010.10.05 21:14:42 | 248,275,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.04 10:41:14 | 000,000,307 | ---- | M] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.10.03 18:15:41 | 000,035,328 | ---- | M] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.01 06:49:04 | 000,174,014 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | M] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:15 | 000,282,696 | ---- | M] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:18 | 000,024,958 | ---- | M] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | M] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:10 | 000,012,842 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:51 | 000,012,369 | ---- | M] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | M] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.24 13:38:08 | 000,058,461 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:45 | 000,164,811 | ---- | M] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.23 17:10:37 | 000,011,107 | ---- | M] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | M] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | M] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.16 08:19:52 | 000,064,150 | ---- | M] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 19:05:15 | 000,047,104 | ---- | M] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[1 C:\Users\VL1\AppData\Roaming\*.tmp files -> C:\Users\VL1\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.06 15:16:54 | 000,030,686 | ---- | C] () -- C:\Users\VL1\Documents\MCAfee.jpg
[2010.10.06 15:14:39 | 000,323,440 | ---- | C] () -- C:\Users\VL1\Documents\Dok1-1.pdf
[2010.10.06 15:09:45 | 000,158,482 | ---- | C] () -- C:\Users\VL1\Documents\Dok1.pdf
[2010.10.06 14:41:14 | 000,144,972 | ---- | C] () -- C:\Users\VL1\Documents\Dok1.docx
[2010.10.06 14:02:10 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.03 16:50:58 | 000,035,328 | ---- | C] () -- C:\Users\VL1\Documents\Reiseplan Ingolstadt 11.-15.10.2010.doc
[2010.10.01 06:49:03 | 000,174,014 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7) geä mboe.xlsx
[2010.09.30 18:02:19 | 000,174,000 | ---- | C] () -- C:\Users\VL1\Desktop\Kalk 1129 (Vers. 1.7).xlsx
[2010.09.30 18:01:14 | 000,282,696 | ---- | C] () -- C:\Users\VL1\Desktop\Leipzig (nh Hotel Vertrag 2011-2012).pdf
[2010.09.30 17:59:14 | 000,024,958 | ---- | C] () -- C:\Users\VL1\Desktop\VR-NetWorld.pdf
[2010.09.30 09:25:51 | 000,012,158 | ---- | C] () -- C:\Users\VL1\Desktop\Müller Pforzheim.docx
[2010.09.30 09:24:09 | 000,012,842 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 ATV Gespräc2h.docx
[2010.09.30 09:23:50 | 000,012,369 | ---- | C] () -- C:\Users\VL1\Documents\2010-09-29 Gespräch.docx
[2010.09.30 09:14:57 | 000,012,147 | ---- | C] () -- C:\Users\VL1\Documents\Müller Pforzheim.docx
[2010.09.25 11:28:00 | 000,000,307 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\urhtps.dat
[2010.09.25 11:16:26 | 000,000,065 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\AcroIEHelpe.txt
[2010.09.24 13:38:04 | 000,058,461 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co.2...pdf
[2010.09.24 13:34:41 | 000,164,811 | ---- | C] () -- C:\Users\VL1\Documents\www.octopustravel.co....pdf
[2010.09.23 17:10:36 | 000,011,107 | ---- | C] () -- C:\Users\VL1\Desktop\Rad.docx
[2010.09.23 10:03:49 | 000,001,967 | ---- | C] () -- C:\Users\VL1\Desktop\HijackThis.lnk
[2010.09.20 07:17:52 | 000,151,478 | ---- | C] () -- C:\Users\VL1\Desktop\Reiseanzeigen ] Musikstadt ....pdf
[2010.09.19 19:42:57 | 000,019,968 | ---- | C] () -- C:\Users\VL1\Desktop\0 Kundendossier.dot
[2010.09.16 08:19:51 | 000,064,150 | ---- | C] () -- C:\Users\VL1\Desktop\Flughafen Hahn rechnet mit ....pdf
[2010.09.12 17:36:06 | 000,047,104 | ---- | C] () -- C:\Users\VL1\Desktop\Zusammenfassung Weimar.doc
[2010.01.31 16:26:27 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.10 14:10:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.11.28 16:25:03 | 000,010,962 | ---- | C] () -- C:\Users\VL1\AppData\Roaming\SmarThruOptions.xml
[2009.11.28 16:24:48 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2009.11.28 16:24:47 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2009.11.28 16:24:42 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2009.11.28 16:24:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2009.11.28 16:23:10 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2009.11.28 16:21:20 | 000,147,456 | R--- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009.11.28 16:21:20 | 000,027,136 | R--- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009.11.28 16:21:20 | 000,011,264 | R--- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009.11.28 16:21:20 | 000,010,752 | R--- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009.11.28 15:11:32 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009.11.28 15:11:32 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009.11.28 15:11:32 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009.11.20 18:55:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.20 17:09:38 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.20 17:09:38 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.11.20 17:08:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >
Java habe ich installiert, danke für den Link.

Ich bin Deinem Link gefolgt, und habe die Schritte des Hilfethemas durchgezogen. In den IE Internetoptionen /Einstellungen lokales Netzwerk ist bei Proxyserver kein Haken und die Felder sind leer.

Gruß
FF


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131