Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win-Antivirus [Solved]

Started by Common1 , Jun 23 2012 07:07 AM

This topic is locked

#1
Common1

Posted 23 June 2012 - 07:07 AM

Member

Member
48 posts

Hello girls and guys

yesterday -by clicking on a malicious link- my PC got infected with the Win-Antivirus-Junk.
After that i`ve tried Combofix but it did not start, MBAM could not update and SuperAntiSpyware
..... :ph34r:

Today everything seems running very well, but i`m not sure if the comp is realy clean (even no
file has been deleted).
Would you please take a look at the OTL-Logfile below and advise me how to go on?
Thx for all your help!

OTL logfile created on: 23.06.2012 14:37:25 - Run 3
OTL by OldTimer - Version 3.2.52.0 Folder = H:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,87% Memory free
7,09 Gb Paging File | 6,37 Gb Available in Paging File | 89,88% Paging File free
Paging file location(s): H:\pagefile.sys 4092 6092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 127,99 Gb Total Space | 88,97 Gb Free Space | 69,51% Space Free | Partition Type: NTFS

Computer Name: BUERO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.11.03 16:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- H:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.01.16 05:11:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- H:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 08:52:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- H:\Programme\Outlook Express\msimn.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.13 08:09:16 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.13 07:58:58 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 07:58:50 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 07:57:54 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.04 08:29:54 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.06.04 08:29:50 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.06.04 00:15:02 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.06.04 00:14:00 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.06.04 00:13:53 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.06.03 19:20:05 | 008,797,856 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.01.26 18:38:42 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 13:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.01.16 05:11:49 | 001,014,232 | ---- | M] () -- H:\Programme\Mozilla Firefox\js3250.dll
MOD - [2001.11.16 13:32:52 | 000,008,192 | ---- | M] () -- H:\WINDOWS\system32\XLMON.DLL
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- H:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe
MOD - [1999.12.23 20:09:48 | 000,015,872 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numlib32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.03 19:20:05 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- H:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- H:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\pavboot.sys -- (pavboot)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- H:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- H:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.11.11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- H:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.22 21:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.07.09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.06.22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.02 09:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 01:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007.04.20 21:27:42 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006.01.07 05:32:08 | 000,041,600 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.05.30 00:00:00 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002.08.30 06:35:32 | 000,516,635 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ca100v.sys -- (Ca100v)
DRV - [2002.07.26 02:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/s...erms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2613550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Programme\AVG\AVG2012\Firefox4\ [2012.06.12 09:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: H:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.19 16:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.07 13:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: H:\Programme\Mozilla Firefox\components [2011.01.06 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: H:\Programme\Mozilla Thunderbird\components [2009.10.30 15:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: H:\Programme\Mozilla Thunderbird\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]

[2009.10.15 18:29:58 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2012.06.23 13:59:55 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions
[2010.06.01 22:57:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.19 16:24:32 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.10.24 11:15:20 | 000,000,943 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml
[2012.06.22 08:42:13 | 000,000,944 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\icqplugin.xml
[2012.06.23 13:59:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2011.01.22 10:37:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.12 20:19:40 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 22:49:38 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.09 13:53:49 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 20:17:56 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.22 12:56:28 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.09 22:21:37 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 20:08:19 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.07 13:28:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- H:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- H:\Programme\mozilla firefox\plugins\npOGAPlugin.dll
[2010.06.07 11:07:22 | 000,165,656 | ---- | M] (Tracker Software Products Ltd.) -- H:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.26 08:31:27 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] H:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] H:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NBKeyScan] H:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] H:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NUMPLUS.lnk = H:\CAD.Programme\Version.2011\strauti\numplus.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1294313601890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AEF5B26-11B9-4D14-8D55-7C496C33689F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Programme\SUPERAntiSpyware\SASWINLO.dll) - H:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.13 14:21:35 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.06.23 14:35:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.23 04:57:56 | 000,000,000 | --SD | C] -- H:\ComboFix
[2012.06.22 13:42:54 | 000,000,000 | --SD | C] -- H:\ComboFix(2)
[2012.06.12 09:32:10 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2012.06.11 14:01:58 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\2012-06-11
[2012.06.03 19:19:41 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\Vario-Pics
[2012.06.03 15:13:13 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2012.06.02 20:28:37 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.23 14:20:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.23 13:37:24 | 100,659,868 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.23 13:35:58 | 000,445,390 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat
[2012.06.23 13:35:58 | 000,429,316 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012.06.23 13:35:58 | 000,079,554 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat
[2012.06.23 13:35:58 | 000,066,894 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012.06.23 13:31:42 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012.06.22 14:18:32 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012.06.21 18:30:50 | 000,194,480 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.14 18:43:20 | 000,212,223 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt2.pdf
[2012.06.14 18:06:59 | 000,183,801 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt.pdf
[2012.06.13 08:01:05 | 000,228,000 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 07:55:23 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2012.06.06 07:30:13 | 000,415,916 | ---- | M] () -- H:\WINDOWS\System32\vsconfig.xml
[2012.06.05 07:49:00 | 000,000,208 | ---- | M] () -- H:\WINDOWS\ccolwiz.ini
[2012.06.03 19:17:39 | 000,094,370 | ---- | M] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | M] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | M] () -- H:\IMAGE0003.JPG
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.14 18:10:10 | 000,212,223 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt2.pdf
[2012.06.14 18:06:58 | 000,183,801 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\Rastatt.pdf
[2012.06.04 00:11:08 | 000,001,374 | ---- | C] () -- H:\WINDOWS\imsins.BAK
[2012.06.03 19:17:39 | 000,094,370 | ---- | C] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | C] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | C] () -- H:\IMAGE0003.JPG
[2012.04.05 17:15:52 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012.04.05 17:15:52 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012.04.05 17:15:52 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012.04.05 17:15:52 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012.04.05 17:15:52 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012.02.16 12:06:25 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2011.11.03 16:01:37 | 000,601,536 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0874_000.pdf
[2011.10.26 17:12:23 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000 (1).pdf
[2011.10.26 17:10:10 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke (1).pdf
[2011.10.26 11:43:37 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000.pdf
[2011.10.26 11:43:18 | 001,650,759 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0854_000.pdf
[2011.10.26 11:36:30 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke.pdf
[2011.03.22 16:47:44 | 000,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll
[2011.01.11 13:02:13 | 004,245,008 | ---- | C] () -- H:\WINDOWS\System32\qtp-mt334.dll
[2011.01.11 13:02:13 | 000,247,824 | ---- | C] () -- H:\WINDOWS\System32\prgiso.dll
[2011.01.11 13:02:13 | 000,013,840 | ---- | C] () -- H:\WINDOWS\System32\wnaspi32.dll
[2010.09.05 13:41:41 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat
[2010.08.05 14:47:07 | 003,539,294 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.DXF
[2010.08.05 14:46:21 | 000,495,475 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.plt
[2010.02.14 20:01:52 | 000,012,800 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 20:33:25 | 000,000,015 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\settings.dat
[2009.10.31 14:48:49 | 000,000,797 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Eudora.lnk
[2009.10.16 20:07:27 | 000,000,141 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\default.pls
[2009.10.16 18:08:52 | 000,001,024 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\.rnd

========== LOP Check ==========

[2010.03.25 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Auslogics
[2012.01.27 14:54:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVG2012
[2012.02.17 11:28:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\BGW_Sandwichanker
[2010.07.14 18:44:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Canon
[2010.04.21 19:26:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\CheckPoint
[2010.10.02 23:08:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009.10.16 19:42:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DICAD_Systeme_GmbH
[2011.11.17 22:10:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ElevatedDiagnostics
[2012.04.10 08:27:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular
[2010.11.07 20:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\FileZilla
[2010.02.17 14:26:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Foxit
[2012.05.12 14:27:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\GHISLER
[2010.01.05 15:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ
[2009.12.27 15:04:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ(2)
[2012.01.10 18:08:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ImgBurn
[2010.04.19 18:51:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OnlineArmor
[2009.10.17 16:30:53 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OpenOffice.org
[2011.09.29 15:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Opera
[2009.10.31 14:48:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Qualcomm
[2012.03.21 17:17:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TeamViewer
[2009.10.30 15:01:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Thunderbird
[2010.09.23 20:52:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.01.06 18:49:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.01.27 15:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2010.12.25 14:08:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.11.18 16:27:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2010.12.25 14:30:02 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.04.10 08:33:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.02.07 14:32:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Halfen
[2009.12.18 10:19:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.03.09 18:44:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2012.06.23 13:37:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.04.19 18:51:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineArmor
[2009.10.18 15:33:21 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.03.30 09:22:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.09.20 14:26:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.02.07 14:32:15 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{87008DBF-3612-43A9-B3F9-0E4ADAAF479E}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2001.08.18 14:00:00 | 000,007,111 | ---- | M] () MD5=FDA6D81BABFB01A4504B66080EADF975 -- H:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2001.08.18 14:00:00 | 000,001,997 | ---- | M] () MD5=4D1A7B8B52F0E87B54EB55A819AB68A0 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES._
[2001.08.18 14:00:00 | 000,001,997 | ---- | M] () MD5=4D1A7B8B52F0E87B54EB55A819AB68A0 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004.08.04 01:58:12 | 000,050,047 | ---- | M] () MD5=661E1AD65FFB3931FF802D77ABCE5E31 -- H:\StartCD\XPSP2\i386\services.ex_
[2004.08.04 01:58:12 | 000,050,047 | ---- | M] () MD5=661E1AD65FFB3931FF802D77ABCE5E31 -- H:\XPSP2\i386\services.ex_
[2001.08.18 14:00:00 | 000,048,137 | ---- | M] () MD5=983CDCA70060419ABF7FC1A0E2512F89 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES.EX_
[2001.08.18 14:00:00 | 000,048,137 | ---- | M] () MD5=983CDCA70060419ABF7FC1A0E2512F89 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2008.04.14 08:53:00 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:53:00 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\ServicePackFiles\i386\services.exe
[2008.04.14 04:22:59 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=4BB6A83640F1D1792AD21CE767B621C6 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\services.exe
[2009.02.09 12:04:47 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=65F6B774819BD727358157CEDEA67B8E -- H:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 11:48:30 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A07CA23EA361A01E627D911CF139B950 -- H:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:21:35 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=A3EDBE9053889FB24AB22492472B39DC -- H:\WINDOWS\system32\services.exe
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- H:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009.02.09 13:14:22 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=F0A7D59AF279326528715B206669B86C -- H:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SERVICES.EXE.000 >
[2004.08.04 00:58:12 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=EDB6B81761BD60F32F740BBC40AFB676 -- H:\WINDOWS\$NtServicePackUninstall$\services.exe.000

< MD5 for: SERVICES.EXE-2F433351.PF >
[2012.06.23 13:32:33 | 000,028,794 | ---- | M] () MD5=8A8E448DA4A8ECEF66FF93B64905E784 -- H:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf

< MD5 for: SERVICES.MS_ >
[2001.08.18 14:00:00 | 000,003,627 | ---- | M] () MD5=479A7B30DFF548B2AFCC79E4BEB12F02 -- H:\StartCD\XPCD\WXHOEM_DE (D)\I386\SERVICES.MS_
[2001.08.18 14:00:00 | 000,003,627 | ---- | M] () MD5=479A7B30DFF548B2AFCC79E4BEB12F02 -- H:\XPCD\WXHOEM_DE (D)\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2001.08.18 14:00:00 | 000,033,068 | ---- | M] () MD5=D5B861FD9DC5A781FEB11F12C6E87238 -- H:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2011.01.17 18:58:56 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- H:\Programme\OpenOffice.org 3\URE\misc\services.rdb
[2011.01.17 18:57:28 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- H:\Programme\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\system32\svchost.exe
[2004.08.04 00:58:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe

< End of report >

EDIT:
Another scan with MBAM comes out clean
"no infected files found"
Right now

Edited by Common1, 23 June 2012 - 07:34 AM.

#2
blmadara

Posted 27 June 2012 - 11:09 AM

Trusted Helper

Malware Removal
767 posts

Hi Common1, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
Follow the steps exactly in the order posted.
Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

Step One: Run OTL Custom Scan

Since it's been a few days since your initial scan we'll need updated information.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scans/Fixes box at the bottom, paste in the following

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

Please select the Scan All Users checkbox.
Change the File Age dropdown list from 30 days to 60 days.
Under Extra Registry heading, select Use Safelist.
Select LOP Check and Purity Check.
Then click the Run Scan button at the top
Let the program run unhindered, until it is done
Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

Double click aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select, No.
Click Scan to start the scan.
When the scan ends click Save Log and save it to your desktop.
Post the log in your next reply.

What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.

#3
Common1

Posted 28 June 2012 - 11:39 AM

Member

Topic Starter
Member
48 posts

Hi blmadara,

thanks for your help! I appreciate your work!!
Please see the requested logs below.
(please note that my maindrive is "H:\" not "C:\". Should i run OTL one more time?)

OTL logfile created on: 28.06.2012 19:19:48 - Run 4
OTL by OldTimer - Version 3.2.52.0 Folder = H:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,75% Memory free
7,09 Gb Paging File | 6,20 Gb Available in Paging File | 87,50% Paging File free
Paging file location(s): H:\pagefile.sys 4092 6092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 127,99 Gb Total Space | 88,91 Gb Free Space | 69,47% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 50,50 Gb Free Space | 64,64% Space Free | Partition Type: NTFS
Drive J: | 24,41 Gb Total Space | 12,54 Gb Free Space | 51,38% Space Free | Partition Type: NTFS

Computer Name: BUERO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.11.03 16:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- H:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.01.16 05:11:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- H:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 08:52:54 | 000,060,416 | ---- | M] (Microsoft Corporation) -- H:\Programme\Outlook Express\msimn.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.23 15:20:10 | 009,459,912 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.13 08:09:16 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.13 07:58:58 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 07:58:50 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 07:57:54 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.04 08:29:54 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.06.04 08:29:50 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.06.04 00:15:02 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.06.04 00:14:00 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.06.04 00:13:53 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.01.26 18:38:42 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 13:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.01.16 05:11:49 | 001,014,232 | ---- | M] () -- H:\Programme\Mozilla Firefox\js3250.dll
MOD - [2001.11.16 13:32:52 | 000,008,192 | ---- | M] () -- H:\WINDOWS\system32\XLMON.DLL
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- H:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe
MOD - [1999.12.23 20:09:48 | 000,015,872 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numlib32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.23 15:20:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- H:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- H:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\pavboot.sys -- (pavboot)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- H:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- H:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.11.11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- H:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.22 21:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.07.09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.06.22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.02 09:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 01:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007.04.20 21:27:42 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006.01.07 05:32:08 | 000,041,600 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.05.30 00:00:00 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002.08.30 06:35:32 | 000,516,635 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ca100v.sys -- (Ca100v)
DRV - [2002.07.26 02:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2613550
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/s...erms}&ch_id=osd
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2613550
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Programme\AVG\AVG2012\Firefox4\ [2012.06.12 09:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: H:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.19 16:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.07 13:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: H:\Programme\Mozilla Firefox\components [2011.01.06 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: H:\Programme\Mozilla Thunderbird\components [2009.10.30 15:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: H:\Programme\Mozilla Thunderbird\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]

[2009.10.15 18:29:58 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2012.06.28 14:50:38 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions
[2010.06.01 22:57:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.19 16:24:32 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.10.24 11:15:20 | 000,000,943 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml
[2012.06.22 08:42:13 | 000,000,944 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\icqplugin.xml
[2012.06.28 14:50:38 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2011.01.22 10:37:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.12 20:19:40 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 22:49:38 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.09 13:53:49 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 20:17:56 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.22 12:56:28 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.09 22:21:37 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 20:08:19 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.07 13:28:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- H:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- H:\Programme\mozilla firefox\plugins\npOGAPlugin.dll
[2010.06.07 11:07:22 | 000,165,656 | ---- | M] (Tracker Software Products Ltd.) -- H:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.26 08:31:27 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] H:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] H:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NBKeyScan] H:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] H:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1935655697-436374069-725345543-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NUMPLUS.lnk = H:\CAD.Programme\Version.2011\strauti\numplus.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1294313601890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AEF5B26-11B9-4D14-8D55-7C496C33689F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Programme\SUPERAntiSpyware\SASWINLO.dll) - H:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.13 14:21:35 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012.06.28 19:20:01 | 004,731,392 | ---- | C] (AVAST Software) -- H:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe
[2012.06.24 11:47:21 | 000,000,000 | RH-D | C] -- H:\Dokumente und Einstellungen\Alex\Recent
[2012.06.24 11:45:02 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.06.24 11:43:15 | 003,862,112 | ---- | C] (Piriform Ltd) -- H:\Dokumente und Einstellungen\Alex\Desktop\ccsetup319.exe
[2012.06.24 11:15:14 | 000,000,000 | --SD | C] -- H:\ComboFix
[2012.06.24 11:02:20 | 004,566,424 | R--- | C] (Swearware) -- H:\Dokumente und Einstellungen\Alex\Desktop\ComboFix.exe
[2012.06.23 14:35:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.22 13:42:54 | 000,000,000 | --SD | C] -- H:\ComboFix(2)
[2012.06.13 07:15:00 | 000,521,728 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.12 09:32:10 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2012.06.03 19:19:41 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\Vario-Pics
[2012.06.03 15:13:13 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2012.06.02 20:28:37 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2012.05.29 08:05:04 | 016,179,464 | ---- | C] (Mozilla) -- H:\Dokumente und Einstellungen\Alex\Desktop\Firefox Setup 12.0.exe
[2012.05.19 16:24:32 | 000,000,000 | ---D | C] -- H:\Programme\Conduit
[2012.05.19 16:24:31 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit
[2012.05.19 16:24:30 | 000,000,000 | ---D | C] -- H:\Programme\ZoneAlarm-Sicherheit
[2012.05.19 16:24:13 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012.06.28 19:20:06 | 004,731,392 | ---- | M] (AVAST Software) -- H:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe
[2012.06.28 19:20:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.28 17:02:18 | 100,776,178 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.28 17:01:52 | 000,085,998 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.28 08:38:02 | 000,445,390 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat
[2012.06.28 08:38:02 | 000,429,316 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012.06.28 08:38:02 | 000,079,554 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat
[2012.06.28 08:38:02 | 000,066,894 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012.06.28 08:33:46 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012.06.28 08:33:44 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012.06.24 11:45:02 | 000,000,654 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.24 11:43:15 | 003,862,112 | ---- | M] (Piriform Ltd) -- H:\Dokumente und Einstellungen\Alex\Desktop\ccsetup319.exe
[2012.06.24 11:02:23 | 004,566,424 | R--- | M] (Swearware) -- H:\Dokumente und Einstellungen\Alex\Desktop\ComboFix.exe
[2012.06.23 15:20:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerApp.exe
[2012.06.23 15:20:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.13 08:01:05 | 000,228,000 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.06 07:30:13 | 000,415,916 | ---- | M] () -- H:\WINDOWS\System32\vsconfig.xml
[2012.06.05 07:49:00 | 000,000,208 | ---- | M] () -- H:\WINDOWS\ccolwiz.ini
[2012.06.03 19:17:39 | 000,094,370 | ---- | M] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | M] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | M] () -- H:\IMAGE0003.JPG
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.29 08:05:10 | 016,179,464 | ---- | M] (Mozilla) -- H:\Dokumente und Einstellungen\Alex\Desktop\Firefox Setup 12.0.exe
[2012.05.16 17:07:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wininet.dll
[2012.05.15 15:56:00 | 001,863,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\win32k.sys
[2012.05.15 15:56:00 | 001,863,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\win32k.sys
[2012.05.15 11:43:31 | 000,014,253 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\2010-94 Planverzeichnis-120511 (1).pdf
[2012.05.11 20:10:22 | 011,111,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ieframe.dll
[2012.05.11 16:40:25 | 001,212,416 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\urlmon.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mstime.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mstime.dll
[2012.05.11 16:40:25 | 000,206,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\occache.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\url.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\url.dll
[2012.05.11 16:40:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshtmled.dll
[2012.05.11 16:40:24 | 006,007,808 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshtml.dll
[2012.05.11 16:40:24 | 002,000,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iertutil.dll
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\inetcpl.cpl
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msfeeds.dll
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msfeeds.dll
[2012.05.11 16:40:24 | 000,521,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\licmgr10.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\licmgr10.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\jsproxy.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsproxy.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\iepeers.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iepeers.dll
[2012.05.11 16:40:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\iedkcs32.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ie4uinit.exe
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012.05.11 13:38:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\html.iec
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntoskrnl.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntkrnlpa.exe
[2012.05.02 15:46:30 | 000,139,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rdpwd.sys
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.24 11:45:02 | 000,000,654 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.03 19:17:39 | 000,094,370 | ---- | C] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | C] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | C] () -- H:\IMAGE0003.JPG
[2012.05.15 11:43:31 | 000,014,253 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\2010-94 Planverzeichnis-120511 (1).pdf
[2012.04.05 17:15:52 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012.04.05 17:15:52 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012.04.05 17:15:52 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012.04.05 17:15:52 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012.04.05 17:15:52 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012.02.16 12:06:25 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2011.11.03 16:01:37 | 000,601,536 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0874_000.pdf
[2011.10.26 17:12:23 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000 (1).pdf
[2011.10.26 17:10:10 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke (1).pdf
[2011.10.26 11:43:37 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000.pdf
[2011.10.26 11:43:18 | 001,650,759 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0854_000.pdf
[2011.10.26 11:36:30 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke.pdf
[2011.03.22 16:47:44 | 000,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll
[2011.01.11 13:02:13 | 004,245,008 | ---- | C] () -- H:\WINDOWS\System32\qtp-mt334.dll
[2011.01.11 13:02:13 | 000,247,824 | ---- | C] () -- H:\WINDOWS\System32\prgiso.dll
[2011.01.11 13:02:13 | 000,013,840 | ---- | C] () -- H:\WINDOWS\System32\wnaspi32.dll
[2010.09.05 13:41:41 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat
[2010.08.05 14:47:07 | 003,539,294 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.DXF
[2010.08.05 14:46:21 | 000,495,475 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.plt
[2010.02.14 20:01:52 | 000,012,800 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 20:33:25 | 000,000,015 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\settings.dat
[2009.10.31 14:48:49 | 000,000,797 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Eudora.lnk
[2009.10.16 20:07:27 | 000,000,141 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\default.pls
[2009.10.16 18:08:52 | 000,001,024 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\.rnd

========== LOP Check ==========

[2010.03.25 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Auslogics
[2012.01.27 14:54:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVG2012
[2012.02.17 11:28:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\BGW_Sandwichanker
[2010.07.14 18:44:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Canon
[2010.04.21 19:26:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\CheckPoint
[2010.10.02 23:08:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009.10.16 19:42:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DICAD_Systeme_GmbH
[2011.11.17 22:10:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ElevatedDiagnostics
[2012.04.10 08:27:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular
[2010.11.07 20:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\FileZilla
[2010.02.17 14:26:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Foxit
[2012.05.12 14:27:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\GHISLER
[2010.01.05 15:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ
[2009.12.27 15:04:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ(2)
[2012.01.10 18:08:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ImgBurn
[2010.04.19 18:51:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OnlineArmor
[2009.10.17 16:30:53 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OpenOffice.org
[2011.09.29 15:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Opera
[2009.10.31 14:48:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Qualcomm
[2012.03.21 17:17:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TeamViewer
[2009.10.30 15:01:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Thunderbird
[2010.09.23 20:52:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.01.06 18:49:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.01.27 15:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2010.12.25 14:08:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.11.18 16:27:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2010.12.25 14:30:02 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.04.10 08:33:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.02.07 14:32:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Halfen
[2009.12.18 10:19:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.03.09 18:44:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2012.06.28 17:02:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.04.19 18:51:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineArmor
[2009.10.18 15:33:21 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.03.30 09:22:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.09.20 14:26:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.02.07 14:32:15 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{87008DBF-3612-43A9-B3F9-0E4ADAAF479E}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- H:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- H:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\explorer.exe
[2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- H:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\svchost.exe
[2008.04.14 08:53:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- H:\WINDOWS\system32\svchost.exe
[2004.08.04 00:58:16 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- H:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2008.04.14 08:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
[2008.04.14 08:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >

< End of report >
===================================================================

OTL Extras logfile created on: 28.06.2012 19:19:48 - Run 4
OTL by OldTimer - Version 3.2.52.0 Folder = H:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 70,75% Memory free
7,09 Gb Paging File | 6,20 Gb Available in Paging File | 87,50% Paging File free
Paging file location(s): H:\pagefile.sys 4092 6092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 127,99 Gb Total Space | 88,91 Gb Free Space | 69,47% Space Free | Partition Type: NTFS
Drive I: | 78,13 Gb Total Space | 50,50 Gb Free Space | 64,64% Space Free | Partition Type: NTFS
Drive J: | 24,41 Gb Total Space | 12,54 Gb Free Space | 51,38% Space Free | Partition Type: NTFS

Computer Name: BUERO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- H:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "H:\Programme\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "H:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "H:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\Programme\ICQ6.5\ICQ.exe" = H:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"H:\Programme\Mozilla Firefox\firefox.exe" = H:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"H:\WINDOWS\system32\hasplms.exe" = H:\WINDOWS\system32\hasplms.exe:*:Enabled:HASP LLM -- (Aladdin Knowledge Systems Ltd.)
"H:\Programme\Opera\opera.exe" = H:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"H:\Programme\AVG\AVG2012\avgmfapx.exe" = H:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"H:\Programme\AVG\AVG2012\avgnsx.exe" = H:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"H:\Programme\AVG\AVG2012\avgdiagex.exe" = H:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"H:\Programme\AVG\AVG2012\avgemcx.exe" = H:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0C5A665C-EB82-237B-4703-88CACDE22C0C}" = Catalyst Control Center Graphics Previews Common
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13A74C4A-1AA2-1BAC-99C0-876663ACB9CE}" = ccc-utility
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Personal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{585CC5B5-4A18-42E7-B011-872D14C4CE74}" = Sandwichanker v1.1.10
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{664C3BDC-1BCF-4EA6-A127-E61430501031}" = Nero 8 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{707CF19F-3948-4313-A5D4-9FBC256A2A53}" = Smart Cam Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{76B55683-1A17-CB8B-B1C4-A0A3F3C2D2D5}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ACF42DD-C998-ED3C-1446-93AFA65E823D}" = ATI Catalyst Install Manager
"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}" = ALi USB2.0 Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0C2B76C-DD0E-FC4F-A5D4-C9F7970FB1CD}" = ccc-core-static
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71C3ED9-816B-4705-A3FF-FAB9DAABF2A2}" = PDF-XChange Viewer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B520C9F4-DC84-4430-B22E-D5EB6F1DCA6B}" = SPA
"{BA82F3D7-40E0-CB34-B682-ACC63E7E73B6}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"dicad_{A9FFFAA3-F9C5-46fc-BA1E-BED769F7EF20}" = STRAKON 2011
"dicad_{B63254FE-DAC2-49ba-90BE-20A6533088CE}" = STRAKON 2010
"ElsterFormular 13.1.1.8531u" = ElsterFormular
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ERUNT_is1" = ERUNT 1.1j
"ESD68 Benutzerhandbuch" = ESD68 Benutzerhandbuch
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.01
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader" = Foxit Reader
"Hardlock Device Drivers" = Hardlock Device Drivers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.51.1087" = Opera 11.51
"PhotoFiltre" = PhotoFiltre
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.0
"Secunia PSI" = Secunia PSI
"SPA" = SPA
"SpeedFan" = SpeedFan (remove only)
"Splotw32" = SPLOT32 Plotter Simulator
"VLC media player" = VLC media player 1.1.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.06.2012 08:48:32 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.06.2012 08:48:35 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 05.06.2012 07:50:51 | Computer Name = BUERO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application plan.exe, version 11.0.0.2, stamp 4dd38968, faulting
module strakon.dll, version 11.0.0.2, stamp 4dd38951, debug? 0, fault address 0x00d8d544.

Error - 07.06.2012 07:20:31 | Computer Name = BUERO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.2.202.235,
fehlgeschlagenes Modul FlashPlayerUpdateService.exe, Version 11.2.202.235, Fehleradresse
0x0000ba09.

Error - 10.06.2012 06:30:31 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CamManager.exe, Version 1.2.1.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.06.2012 06:31:02 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CamManager.exe, Version 1.2.1.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.06.2012 06:31:07 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CamManager.exe, Version 1.2.1.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10.06.2012 06:32:26 | Computer Name = BUERO | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CamManager.exe, Version 1.2.1.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 12.06.2012 03:20:14 | Computer Name = BUERO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.2.202.235,
fehlgeschlagenes Modul FlashPlayerUpdateService.exe, Version 11.2.202.235, Fehleradresse
0x0000ba09.

Error - 12.06.2012 13:11:53 | Computer Name = BUERO | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msimn.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x007b1f38.

[ System Events ]
Error - 28.06.2012 02:34:02 | Computer Name = BUERO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NEC PCI to USB Enhanced Host Controller" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1058

Error - 28.06.2012 02:34:02 | Computer Name = BUERO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatic Updates" wurde mit folgendem Fehler beendet:
%%126

Error - 28.06.2012 02:34:08 | Computer Name = BUERO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
pavboot

Error - 28.06.2012 02:34:17 | Computer Name = BUERO | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E8933C4B-2C90-4A04-A677-E958D9509F1A}

< End of report >
==============================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 19:32:00
-----------------------------
19:32:00.234 OS Version: Windows 5.1.2600 Service Pack 3
19:32:00.234 Number of processors: 4 586 0x402
19:32:00.234 ComputerName: BUERO UserName: Alex
19:32:00.828 Initialize success
19:32:10.906 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:32:10.906 Disk 0 Vendor: STM3500418AS CC37 Size: 476940MB BusType: 3
19:32:10.906 Device \Driver\usbstor -> DriverStartIo USBSTOR.SYS ba471f26
19:32:10.921 Disk 1 MBR read successfully
19:32:10.921 Disk 1 MBR scan
19:32:10.921 Disk 1 Windows XP default MBR code
19:32:10.921 Disk 1 MBR hidden
19:32:10.921 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
19:32:10.968 Disk 1 scanning H:\WINDOWS\system32\drivers
19:32:16.296 Service scanning
19:32:22.359 Service GMSIPCI G:\INSTALL\GMSIPCI.SYS **LOCKED** 21
19:32:28.093 Modules scanning
19:33:00.421 Disk 1 trace - called modules:
19:33:00.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll
19:33:00.437 1 nt!IofCallDriver -> \Device\Harddisk1\DR2[0x8af90030]
19:33:00.437 Scan finished successfully
19:33:18.703 Disk 1 MBR has been saved successfully to "H:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat"
19:33:18.703 The log file has been saved successfully to "H:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.txt"

Thank you very much!

#4
blmadara

Posted 28 June 2012 - 02:13 PM

Trusted Helper

Malware Removal
767 posts

(please note that my maindrive is "H:\" not "C:\". Should i run OTL one more time?)

Hi Common1,

Yes, I would like you to re-run OTL with the following custom scan.

Step One: Run OTL Custom Scan

Since it's been a few days since your initial scan we'll need updated information.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scans/Fixes box at the bottom, paste in the following

H:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>H:\commands.txt echo list vol /raw /hide /c
/wait
>H:\DiskReport.txt diskpart /s H:\commands.txt /raw /hide /c
/wait
type H:\diskreport.txt /c
/wait
erase H:\commands.txt /hide /c
/wait
erase H:\diskreport.txt /hide /c

Click the Run Scan button at the top
Let the program run unhindered, until it is done
Post the log it produces in your next reply.

What I need in your next post:
1. The report from the OTL scan, OTL.txt.

#5
Common1

Posted 28 June 2012 - 03:09 PM

Member

Topic Starter
Member
48 posts

Hi blmadara,

ok, here we go.

Thx again so far! :thumbsup:

OTL logfile created on: 28.06.2012 22:51:09 - Run 5
OTL by OldTimer - Version 3.2.52.0 Folder = H:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 73,83% Memory free
7,09 Gb Paging File | 6,27 Gb Available in Paging File | 88,51% Paging File free
Paging file location(s): H:\pagefile.sys 4092 6092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 127,99 Gb Total Space | 88,89 Gb Free Space | 69,45% Space Free | Partition Type: NTFS

Computer Name: BUERO | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011.12.18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- H:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.11.03 16:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- H:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010.01.16 05:11:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- H:\WINDOWS\system32\hasplms.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.23 15:20:10 | 009,459,912 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.13 08:09:16 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.13 07:58:58 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 07:58:50 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 07:57:54 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.06.04 08:29:54 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.06.04 08:29:50 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.06.04 00:15:02 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.06.04 00:14:00 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.06.04 00:13:53 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.01.26 18:38:42 | 000,270,336 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.03.16 13:22:12 | 000,014,848 | ---- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.01.16 05:11:49 | 001,014,232 | ---- | M] () -- H:\Programme\Mozilla Firefox\js3250.dll
MOD - [2001.11.16 13:32:52 | 000,008,192 | ---- | M] () -- H:\WINDOWS\system32\XLMON.DLL
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- H:\WINDOWS\system32\pdfcmnnt.dll
MOD - [1999.12.23 20:09:48 | 000,020,480 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numplus.exe
MOD - [1999.12.23 20:09:48 | 000,015,872 | ---- | M] () -- H:\CAD.Programme\Version.2011\strauti\numlib32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.23 15:20:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- H:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- H:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2009.04.21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- H:\WINDOWS\system32\hasplms.exe -- (hasplms)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG) [Disabled | Stopped] -- H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Stopped] -- system32\drivers\pavboot.sys -- (pavboot)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Alex\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.06.28 19:32:00 | 000,046,848 | ---- | M] () [Kernel | On_Demand | Unknown] -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\temp\aswMBR.sys -- (aswMBR)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.12.18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- H:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- H:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.01.27 01:34:30 | 006,406,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- H:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009.11.11 11:44:50 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- H:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.11.11 11:44:48 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.11 11:44:46 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.22 21:07:12 | 005,915,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.07.09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.06.22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.24 05:40:12 | 000,080,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.02 09:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.04.14 01:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007.04.20 21:27:42 | 000,038,448 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2006.01.07 05:32:08 | 000,041,600 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- H:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.05.30 00:00:00 | 000,004,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2002.08.30 06:35:32 | 000,516,635 | ---- | M] (Digital Camera) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Ca100v.sys -- (Ca100v)
DRV - [2002.07.26 02:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2001.09.18 13:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- H:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2613550
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/s...erms}&ch_id=osd
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2613550
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: H:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: H:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Programme\AVG\AVG2012\Firefox4\ [2012.06.12 09:32:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: H:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.05.19 16:42:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.07 13:28:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: H:\Programme\Mozilla Firefox\components [2011.01.06 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: H:\Programme\Mozilla Thunderbird\components [2009.10.30 15:01:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: H:\Programme\Mozilla Thunderbird\plugins [2012.06.02 20:27:03 | 000,000,000 | ---D | M]

[2009.10.15 18:29:58 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions
[2012.06.28 14:50:38 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions
[2010.06.01 22:57:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.19 16:24:32 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.10.24 11:15:20 | 000,000,943 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml
[2012.06.22 08:42:13 | 000,000,944 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\icqplugin.xml
[2012.06.28 14:50:38 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2011.01.22 10:37:55 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.12 20:19:40 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.27 22:49:38 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.09 13:53:49 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 20:17:56 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.22 12:56:28 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.09 22:21:37 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 20:08:19 | 000,000,000 | ---D | M] (Java Console) -- H:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.06.07 13:28:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- H:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2009.08.03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- H:\Programme\mozilla firefox\plugins\npOGAPlugin.dll
[2010.06.07 11:07:22 | 000,165,656 | ---- | M] (Tracker Software Products Ltd.) -- H:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.26 08:31:27 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - H:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] H:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] H:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISW] H:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NBKeyScan] H:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] H:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] H:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1935655697-436374069-725345543-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NUMPLUS.lnk = H:\CAD.Programme\Version.2011\strauti\numplus.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1294313601890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Microsoft XML Parser for Java file://H:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AEF5B26-11B9-4D14-8D55-7C496C33689F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (H:\Programme\SUPERAntiSpyware\SASWINLO.dll) - H:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.13 14:21:35 | 000,000,000 | ---D | M] - H:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012.06.28 19:20:01 | 004,731,392 | ---- | C] (AVAST Software) -- H:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe
[2012.06.24 11:47:21 | 000,000,000 | RH-D | C] -- H:\Dokumente und Einstellungen\Alex\Recent
[2012.06.24 11:45:02 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.06.24 11:43:15 | 003,862,112 | ---- | C] (Piriform Ltd) -- H:\Dokumente und Einstellungen\Alex\Desktop\ccsetup319.exe
[2012.06.24 11:15:14 | 000,000,000 | --SD | C] -- H:\ComboFix
[2012.06.24 11:02:20 | 004,566,424 | R--- | C] (Swearware) -- H:\Dokumente und Einstellungen\Alex\Desktop\ComboFix.exe
[2012.06.23 14:35:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.22 13:42:54 | 000,000,000 | --SD | C] -- H:\ComboFix(2)
[2012.06.13 07:15:00 | 000,521,728 | ---- | C] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.06.12 09:32:10 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2012.06.03 19:19:41 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Desktop\Vario-Pics
[2012.06.03 15:13:13 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2012.06.02 20:28:37 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2012.05.29 08:05:04 | 016,179,464 | ---- | C] (Mozilla) -- H:\Dokumente und Einstellungen\Alex\Desktop\Firefox Setup 12.0.exe
[2012.05.19 16:24:32 | 000,000,000 | ---D | C] -- H:\Programme\Conduit
[2012.05.19 16:24:31 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm-Sicherheit
[2012.05.19 16:24:30 | 000,000,000 | ---D | C] -- H:\Programme\ZoneAlarm-Sicherheit
[2012.05.19 16:24:13 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012.06.28 22:20:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.28 19:33:18 | 000,000,512 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat
[2012.06.28 19:20:06 | 004,731,392 | ---- | M] (AVAST Software) -- H:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe
[2012.06.28 17:02:18 | 100,776,178 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.28 17:01:52 | 000,085,998 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.28 08:38:02 | 000,445,390 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat
[2012.06.28 08:38:02 | 000,429,316 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012.06.28 08:38:02 | 000,079,554 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat
[2012.06.28 08:38:02 | 000,066,894 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012.06.28 08:33:46 | 000,012,598 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012.06.28 08:33:44 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012.06.24 11:45:02 | 000,000,654 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.24 11:43:15 | 003,862,112 | ---- | M] (Piriform Ltd) -- H:\Dokumente und Einstellungen\Alex\Desktop\ccsetup319.exe
[2012.06.24 11:02:23 | 004,566,424 | R--- | M] (Swearware) -- H:\Dokumente und Einstellungen\Alex\Desktop\ComboFix.exe
[2012.06.23 15:20:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerApp.exe
[2012.06.23 15:20:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- H:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.06.23 14:35:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe
[2012.06.13 08:01:05 | 000,228,000 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.06 07:30:13 | 000,415,916 | ---- | M] () -- H:\WINDOWS\System32\vsconfig.xml
[2012.06.05 07:49:00 | 000,000,208 | ---- | M] () -- H:\WINDOWS\ccolwiz.ini
[2012.06.03 19:17:39 | 000,094,370 | ---- | M] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | M] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | M] () -- H:\IMAGE0003.JPG
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\crypt32.dll
[2012.05.29 08:05:10 | 016,179,464 | ---- | M] (Mozilla) -- H:\Dokumente und Einstellungen\Alex\Desktop\Firefox Setup 12.0.exe
[2012.05.16 17:07:03 | 000,916,992 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\wininet.dll
[2012.05.15 15:56:00 | 001,863,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\win32k.sys
[2012.05.15 15:56:00 | 001,863,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\win32k.sys
[2012.05.15 11:43:31 | 000,014,253 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Desktop\2010-94 Planverzeichnis-120511 (1).pdf
[2012.05.11 20:10:22 | 011,111,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ieframe.dll
[2012.05.11 16:40:25 | 001,212,416 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\urlmon.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\mstime.dll
[2012.05.11 16:40:25 | 000,611,840 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mstime.dll
[2012.05.11 16:40:25 | 000,206,848 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\occache.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\url.dll
[2012.05.11 16:40:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\url.dll
[2012.05.11 16:40:25 | 000,067,072 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshtmled.dll
[2012.05.11 16:40:24 | 006,007,808 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\mshtml.dll
[2012.05.11 16:40:24 | 002,000,384 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iertutil.dll
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\inetcpl.cpl
[2012.05.11 16:40:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msfeeds.dll
[2012.05.11 16:40:24 | 000,629,760 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msfeeds.dll
[2012.05.11 16:40:24 | 000,521,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,055,296 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\licmgr10.dll
[2012.05.11 16:40:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\licmgr10.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\jsproxy.dll
[2012.05.11 16:40:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\jsproxy.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\iepeers.dll
[2012.05.11 16:40:21 | 000,184,320 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iepeers.dll
[2012.05.11 16:40:19 | 000,743,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iedvtool.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\iedkcs32.dll
[2012.05.11 16:40:19 | 000,387,584 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ie4uinit.exe
[2012.05.11 13:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012.05.11 13:38:02 | 000,385,024 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\html.iec
[2012.05.05 05:14:34 | 002,194,944 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012.05.05 05:14:34 | 002,071,424 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntoskrnl.exe
[2012.05.05 05:14:31 | 002,150,912 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012.05.05 05:14:31 | 002,029,056 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\ntkrnlpa.exe
[2012.05.02 15:46:30 | 000,139,656 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\System32\dllcache\rdpwd.sys
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.28 19:33:18 | 000,000,512 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat
[2012.06.24 11:45:02 | 000,000,654 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.06.03 19:17:39 | 000,094,370 | ---- | C] () -- H:\IMAGE0004.JPG
[2012.06.03 19:17:39 | 000,093,827 | ---- | C] () -- H:\IMAGE0005.JPG
[2012.06.03 19:17:38 | 000,093,558 | ---- | C] () -- H:\IMAGE0003.JPG
[2012.05.15 11:43:31 | 000,014,253 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Desktop\2010-94 Planverzeichnis-120511 (1).pdf
[2012.04.05 17:15:52 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe
[2012.04.05 17:15:52 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe
[2012.04.05 17:15:52 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe
[2012.04.05 17:15:52 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe
[2012.04.05 17:15:52 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe
[2012.02.16 12:06:25 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2011.11.03 16:01:37 | 000,601,536 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0874_000.pdf
[2011.10.26 17:12:23 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000 (1).pdf
[2011.10.26 17:10:10 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke (1).pdf
[2011.10.26 11:43:37 | 000,225,783 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0855_000.pdf
[2011.10.26 11:43:18 | 001,650,759 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\SCAN0854_000.pdf
[2011.10.26 11:36:30 | 000,791,746 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\111025_Spannbetondecke.pdf
[2011.03.22 16:47:44 | 000,116,224 | ---- | C] () -- H:\WINDOWS\System32\pdfcmnnt.dll
[2011.01.11 13:02:13 | 004,245,008 | ---- | C] () -- H:\WINDOWS\System32\qtp-mt334.dll
[2011.01.11 13:02:13 | 000,247,824 | ---- | C] () -- H:\WINDOWS\System32\prgiso.dll
[2011.01.11 13:02:13 | 000,013,840 | ---- | C] () -- H:\WINDOWS\System32\wnaspi32.dll
[2010.09.05 13:41:41 | 000,000,056 | -H-- | C] () -- H:\WINDOWS\System32\ezsidmv.dat
[2010.08.05 14:47:07 | 003,539,294 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.DXF
[2010.08.05 14:46:21 | 000,495,475 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\grds.plt
[2010.02.14 20:01:52 | 000,012,800 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 20:33:25 | 000,000,015 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\settings.dat
[2009.10.31 14:48:49 | 000,000,797 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Eudora.lnk
[2009.10.16 20:07:27 | 000,000,141 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\default.pls
[2009.10.16 18:08:52 | 000,001,024 | ---- | C] () -- H:\Dokumente und Einstellungen\Alex\.rnd

========== LOP Check ==========

[2010.03.25 21:23:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Auslogics
[2012.01.27 14:54:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\AVG2012
[2012.02.17 11:28:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\BGW_Sandwichanker
[2010.07.14 18:44:17 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Canon
[2010.04.21 19:26:54 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\CheckPoint
[2010.10.02 23:08:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009.10.16 19:42:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DICAD_Systeme_GmbH
[2011.11.17 22:10:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ElevatedDiagnostics
[2012.04.10 08:27:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular
[2010.11.07 20:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\FileZilla
[2010.02.17 14:26:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Foxit
[2012.05.12 14:27:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\GHISLER
[2010.01.05 15:09:05 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ
[2009.12.27 15:04:09 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ICQ(2)
[2012.01.10 18:08:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ImgBurn
[2010.04.19 18:51:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OnlineArmor
[2009.10.17 16:30:53 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OpenOffice.org
[2011.09.29 15:54:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Opera
[2009.10.31 14:48:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Qualcomm
[2012.03.21 17:17:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TeamViewer
[2009.10.30 15:01:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Thunderbird
[2010.09.23 20:52:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.01.06 18:49:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2012.01.27 15:09:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2010.12.25 14:08:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.11.18 16:27:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2010.12.25 14:30:02 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.04.10 08:33:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.02.07 14:32:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Halfen
[2009.12.18 10:19:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2011.03.09 18:44:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2012.06.28 17:02:19 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2010.04.19 18:51:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OnlineArmor
[2009.10.18 15:33:21 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011.03.30 09:22:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011.09.20 14:26:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2012.02.07 14:32:15 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{87008DBF-3612-43A9-B3F9-0E4ADAAF479E}

========== Purity Check ==========

========== Custom Scans ==========

< H:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type H:\diskreport.txt /c >
Microsoft DiskPart Version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
Auf Computer: BUERO
Volume Bst Bezeichnung DS Typ Größe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD 0 B
Volume 1 H NTFS Partition 128 GB OK System
Volume 2 C Wechselmed 0 B
Volume 3 E Wechselmed 0 B
Volume 4 F Wechselmed 0 B
Volume 5 G Wechselmed 0 B

< End of report >

#6
blmadara

Posted 29 June 2012 - 11:26 AM

Trusted Helper

Malware Removal
767 posts

Hi Common1,

Step One: Remove CCleaner

You are using a registry cleaning program(s), specifically CCleaner.
These are optional removals. However, anytime you are run a registry cleaner you run the risk of permanently damaging your registry. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to remove them, please at least refrain from using any registry cleaning programs for the remainder of my fix.

Please remove the following programs using Add/Remove programs if they are listed:
CCleaner

Step Two: Backup Registry with ERUNT

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry

Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Step Three: OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2613550
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2613550
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
[2011.10.24 11:15:20 | 000,000,943 | ---- | M] () -- H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (no name) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-1935655697-436374069-725345543-1004\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
[1 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=DWORD:0

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Four: Download and run TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step Five: How is your computer running?

Please let me know how your computer is running and if there are any problems.

What I need in your next post:
1. The log returned by the OTL Fix.
2. The TDSSKiller log, C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.
3. Let me know how your computer is running.

#7
Common1

Posted 29 June 2012 - 03:24 PM

Member

Topic Starter
Member
48 posts

Good evening, blmadara

Step one:
done

Step two:
done

Step three:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1935655697-436374069-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll not found.
Registry key HKEY_USERS\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.selectedEngine
File H:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\q01mdkem.default\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File H:\Programme\ZoneAlarm-Sicherheit\prxtbZon0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File Sicherheit\prxtbZon0.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56CF4856-ECB4-4E46-A897-A378821F97B9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56CF4856-ECB4-4E46-A897-A378821F97B9}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56CF4856-ECB4-4E46-A897-A378821F97B9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56CF4856-ECB4-4E46-A897-A378821F97B9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56CF4856-ECB4-4E46-A897-A378821F97B9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56CF4856-ECB4-4E46-A897-A378821F97B9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1935655697-436374069-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}\ not found.
File Sicherheit\prxtbZon0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
File/Folder H:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|DWORD:0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
H:\Dokumente und Einstellungen\Alex\Desktop\cmd.bat deleted successfully.
H:\Dokumente und Einstellungen\Alex\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
H:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BUERO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Alex
->Temp folder emptied: 1817910 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22487686 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405271 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31,00 mb

OTL by OldTimer - Version 3.2.52.0 log created on 06292012_225010

Files\Folders moved on Reboot...
H:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Temp\~DF9CE7.tmp moved successfully.
File move failed. H:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
File\Folder H:\WINDOWS\temp\ZLT07493.TMP not found!

Registry entries deleted on Reboot...

Step four:
done

22:26:38.0171 1660 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
22:26:40.0171 1660 ============================================================
22:26:40.0171 1660 Current date / time: 2012/06/29 22:26:40.0171
22:26:40.0171 1660 SystemInfo:
22:26:40.0171 1660
22:26:40.0171 1660 OS Version: 5.1.2600 ServicePack: 3.0
22:26:40.0171 1660 Product type: Workstation
22:26:40.0171 1660 ComputerName: BUERO
22:26:40.0171 1660 UserName: Alex
22:26:40.0171 1660 Windows directory: H:\WINDOWS
22:26:40.0171 1660 System windows directory: H:\WINDOWS
22:26:40.0171 1660 Processor architecture: Intel x86
22:26:40.0171 1660 Number of processors: 4
22:26:40.0171 1660 Page size: 0x1000
22:26:40.0171 1660 Boot type: Normal boot
22:26:40.0171 1660 ============================================================
22:26:41.0328 1660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:26:41.0343 1660 ============================================================
22:26:41.0343 1660 \Device\Harddisk0\DR0:
22:26:41.0343 1660 MBR partitions:
22:26:41.0343 1660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
22:26:41.0343 1660 ============================================================
22:26:41.0390 1660 H: <-> \Device\Harddisk0\DR0\Partition0
22:26:41.0390 1660 ============================================================
22:26:41.0390 1660 Initialize success
22:26:41.0390 1660 ============================================================
22:27:55.0796 2532 ============================================================
22:27:55.0796 2532 Scan started
22:27:55.0796 2532 Mode: Manual; SigCheck; TDLFS;
22:27:55.0796 2532 ============================================================
22:27:56.0109 2532 Abiosdsk - ok
22:27:56.0109 2532 abp480n5 - ok
22:27:56.0156 2532 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\WINDOWS\system32\DRIVERS\ACPI.sys
22:27:56.0343 2532 ACPI - ok
22:27:56.0375 2532 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) H:\WINDOWS\system32\drivers\ACPIEC.sys
22:27:56.0437 2532 ACPIEC - ok
22:27:56.0500 2532 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:56.0515 2532 AdobeFlashPlayerUpdateSvc - ok
22:27:56.0515 2532 adpu160m - ok
22:27:56.0531 2532 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
22:27:56.0609 2532 aec - ok
22:27:56.0640 2532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
22:27:56.0687 2532 AFD - ok
22:27:56.0703 2532 Aha154x - ok
22:27:56.0703 2532 aic78u2 - ok
22:27:56.0703 2532 aic78xx - ok
22:27:56.0734 2532 aksfridge (730e9d3bb324fb1899005aea63c6782d) H:\WINDOWS\system32\drivers\aksfridge.sys
22:27:56.0765 2532 aksfridge - ok
22:27:56.0765 2532 akshasp (64fc197d24a2b240598f29ce0a6660c0) H:\WINDOWS\system32\DRIVERS\akshasp.sys
22:27:56.0796 2532 akshasp - ok
22:27:56.0812 2532 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) H:\WINDOWS\system32\DRIVERS\aksusb.sys
22:27:56.0812 2532 aksusb - ok
22:27:56.0843 2532 Alerter (738d80cc01d7bc7584be917b7f544394) H:\WINDOWS\system32\alrsvc.dll
22:27:56.0921 2532 Alerter - ok
22:27:56.0937 2532 ALG (190cd73d4984f94d823f9444980513e5) H:\WINDOWS\System32\alg.exe
22:27:56.0984 2532 ALG - ok
22:27:56.0984 2532 AliIde - ok
22:27:57.0046 2532 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) H:\WINDOWS\system32\drivers\Ambfilt.sys
22:27:57.0093 2532 Ambfilt ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0093 2532 Ambfilt - detected UnsignedFile.Multi.Generic (1)
22:27:57.0125 2532 amsint - ok
22:27:57.0125 2532 AppMgmt - ok
22:27:57.0125 2532 asc - ok
22:27:57.0125 2532 asc3350p - ok
22:27:57.0125 2532 asc3550 - ok
22:27:57.0156 2532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:27:57.0171 2532 aspnet_state - ok
22:27:57.0187 2532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:27:57.0265 2532 AsyncMac - ok
22:27:57.0281 2532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
22:27:57.0359 2532 atapi - ok
22:27:57.0359 2532 Atdisk - ok
22:27:57.0406 2532 Ati HotKey Poller (281d26df656e53dab568214ee282ec46) H:\WINDOWS\system32\Ati2evxx.exe
22:27:57.0437 2532 Ati HotKey Poller - ok
22:27:57.0484 2532 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) H:\WINDOWS\system32\ati2sgag.exe
22:27:57.0515 2532 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0515 2532 ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:27:57.0718 2532 ati2mtag (c2b6f2161abd498d2b453050ffc81812) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:27:57.0843 2532 ati2mtag - ok
22:27:57.0921 2532 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) H:\WINDOWS\system32\drivers\AtiHdmi.sys
22:27:57.0937 2532 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
22:27:57.0937 2532 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
22:27:57.0953 2532 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:27:58.0031 2532 Atmarpc - ok
22:27:58.0046 2532 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) H:\WINDOWS\System32\audiosrv.dll
22:27:58.0140 2532 AudioSrv - ok
22:27:58.0156 2532 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
22:27:58.0234 2532 audstub - ok
22:27:58.0421 2532 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) H:\Programme\AVG\AVG2012\AVGIDSAgent.exe
22:27:58.0546 2532 AVGIDSAgent - ok
22:27:58.0609 2532 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) H:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:27:58.0687 2532 AVGIDSDriver - ok
22:27:58.0703 2532 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) H:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:27:58.0718 2532 AVGIDSFilter - ok
22:27:58.0734 2532 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) H:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:27:58.0750 2532 AVGIDSHX - ok
22:27:58.0750 2532 AVGIDSShim (baf975b72062f53d327788e99d64197e) H:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:27:58.0765 2532 AVGIDSShim - ok
22:27:58.0781 2532 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) H:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:27:58.0781 2532 Avgldx86 - ok
22:27:58.0796 2532 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) H:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:27:58.0796 2532 Avgmfx86 - ok
22:27:58.0796 2532 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) H:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:27:58.0812 2532 Avgrkx86 - ok
22:27:58.0890 2532 Avgtdix (1263f2554ace925c237a40b4c568d815) H:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:27:58.0890 2532 Avgtdix - ok
22:27:58.0968 2532 avgwd (ea1145debcd508fd25bd1e95c4346929) H:\Programme\AVG\AVG2012\avgwdsvc.exe
22:27:58.0984 2532 avgwd - ok
22:27:59.0000 2532 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
22:27:59.0078 2532 Beep - ok
22:27:59.0109 2532 BITS (d6f603772a789bb3228f310d650b8bd1) H:\WINDOWS\system32\qmgr.dll
22:27:59.0187 2532 BITS - ok
22:27:59.0203 2532 Browser (b42057f06bbb98b31876c0b3f2b54e33) H:\WINDOWS\System32\browser.dll
22:27:59.0296 2532 Browser - ok
22:27:59.0328 2532 Ca100v (9b908a67f3b344b60cdaaf984ad547d1) H:\WINDOWS\system32\Drivers\Ca100v.sys
22:27:59.0375 2532 Ca100v - ok
22:27:59.0453 2532 catchme - ok
22:27:59.0468 2532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
22:27:59.0546 2532 cbidf2k - ok
22:27:59.0562 2532 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:27:59.0656 2532 CCDECODE - ok
22:27:59.0656 2532 cd20xrnt - ok
22:27:59.0656 2532 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
22:27:59.0750 2532 Cdaudio - ok
22:27:59.0765 2532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
22:27:59.0828 2532 Cdfs - ok
22:27:59.0843 2532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
22:27:59.0921 2532 Cdrom - ok
22:27:59.0921 2532 Changer - ok
22:27:59.0937 2532 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) H:\WINDOWS\system32\cisvc.exe
22:28:00.0015 2532 cisvc - ok
22:28:00.0031 2532 ClipSrv (778a30ed3c134eb7e406afc407e9997d) H:\WINDOWS\system32\clipsrv.exe
22:28:00.0125 2532 ClipSrv - ok
22:28:00.0156 2532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:28:00.0171 2532 clr_optimization_v2.0.50727_32 - ok
22:28:00.0171 2532 CmdIde - ok
22:28:00.0171 2532 COMSysApp - ok
22:28:00.0171 2532 Cpqarray - ok
22:28:00.0203 2532 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) H:\WINDOWS\System32\cryptsvc.dll
22:28:00.0281 2532 CryptSvc - ok
22:28:00.0281 2532 dac2w2k - ok
22:28:00.0281 2532 dac960nt - ok
22:28:00.0296 2532 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\system32\rpcss.dll
22:28:00.0328 2532 DcomLaunch - ok
22:28:00.0359 2532 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) H:\WINDOWS\System32\dhcpcsvc.dll
22:28:00.0437 2532 Dhcp - ok
22:28:00.0437 2532 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
22:28:00.0515 2532 Disk - ok
22:28:00.0515 2532 dmadmin - ok
22:28:00.0546 2532 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\WINDOWS\system32\drivers\dmboot.sys
22:28:00.0640 2532 dmboot - ok
22:28:00.0656 2532 dmio (53720ab12b48719d00e327da470a619a) H:\WINDOWS\system32\drivers\dmio.sys
22:28:00.0734 2532 dmio - ok
22:28:00.0750 2532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
22:28:00.0828 2532 dmload - ok
22:28:00.0843 2532 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) H:\WINDOWS\System32\dmserver.dll
22:28:00.0921 2532 dmserver - ok
22:28:00.0921 2532 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
22:28:01.0000 2532 DMusic - ok
22:28:01.0031 2532 Dnscache (407f3227ac618fd1ca54b335b083de07) H:\WINDOWS\System32\dnsrslvr.dll
22:28:01.0062 2532 Dnscache - ok
22:28:01.0093 2532 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) H:\WINDOWS\System32\dot3svc.dll
22:28:01.0156 2532 Dot3svc - ok
22:28:01.0156 2532 dpti2o - ok
22:28:01.0171 2532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
22:28:01.0250 2532 drmkaud - ok
22:28:01.0250 2532 EapHost (4e4f2fddab0a0736d7671134dcce91fb) H:\WINDOWS\System32\eapsvc.dll
22:28:01.0328 2532 EapHost - ok
22:28:01.0343 2532 ERSvc (877c18558d70587aa7823a1a308ac96b) H:\WINDOWS\System32\ersvc.dll
22:28:01.0421 2532 ERSvc - ok
22:28:01.0453 2532 Eventlog (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
22:28:01.0468 2532 Eventlog - ok
22:28:01.0500 2532 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) H:\WINDOWS\System32\es.dll
22:28:01.0515 2532 EventSystem - ok
22:28:01.0578 2532 EverestDriver (dabebf61afd356c2f040e7dbc53ad511) H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt
22:28:01.0578 2532 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
22:28:01.0578 2532 EverestDriver - detected UnsignedFile.Multi.Generic (1)
22:28:01.0593 2532 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
22:28:01.0671 2532 Fastfat - ok
22:28:01.0703 2532 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:28:01.0750 2532 FastUserSwitchingCompatibility - ok
22:28:01.0765 2532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys
22:28:01.0828 2532 Fdc - ok
22:28:01.0859 2532 Fips (b0678a548587c5f1967b0d70bacad6c1) H:\WINDOWS\system32\drivers\Fips.sys
22:28:01.0937 2532 Fips - ok
22:28:01.0937 2532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
22:28:02.0015 2532 Flpydisk - ok
22:28:02.0031 2532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
22:28:02.0109 2532 FltMgr - ok
22:28:02.0171 2532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:28:02.0187 2532 FontCache3.0.0.0 - ok
22:28:02.0203 2532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
22:28:02.0265 2532 Fs_Rec - ok
22:28:02.0265 2532 Ftdisk (8f1955ce42e1484714b542f341647778) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:28:02.0359 2532 Ftdisk - ok
22:28:02.0375 2532 giveio (77ebf3e9386daa51551af429052d88d0) H:\WINDOWS\system32\giveio.sys
22:28:02.0390 2532 giveio ( UnsignedFile.Multi.Generic ) - warning
22:28:02.0390 2532 giveio - detected UnsignedFile.Multi.Generic (1)
22:28:02.0390 2532 GMSIPCI - ok
22:28:02.0406 2532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
22:28:02.0484 2532 Gpc - ok
22:28:02.0515 2532 hardlock (a9d587e31dbee3e9bd97fefece0ba874) H:\WINDOWS\system32\drivers\hardlock.sys
22:28:02.0531 2532 hardlock - ok
22:28:02.0531 2532 hasplms - ok
22:28:02.0562 2532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:28:02.0640 2532 HDAudBus - ok
22:28:02.0703 2532 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:28:02.0796 2532 helpsvc - ok
22:28:02.0812 2532 HidServ (b35da85e60c0103f2e4104532da2f12b) H:\WINDOWS\System32\hidserv.dll
22:28:02.0890 2532 HidServ - ok
22:28:02.0906 2532 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
22:28:02.0984 2532 hidusb - ok
22:28:03.0015 2532 hkmsvc (ed29f14101523a6e0e808107405d452c) H:\WINDOWS\System32\kmsvc.dll
22:28:03.0078 2532 hkmsvc - ok
22:28:03.0109 2532 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) H:\WINDOWS\system32\drivers\hotcore3.sys
22:28:03.0109 2532 hotcore3 - ok
22:28:03.0109 2532 hpn - ok
22:28:03.0125 2532 hpt3xx - ok
22:28:03.0140 2532 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
22:28:03.0171 2532 HTTP - ok
22:28:03.0187 2532 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) H:\WINDOWS\System32\w3ssl.dll
22:28:03.0265 2532 HTTPFilter - ok
22:28:03.0265 2532 i2omgmt - ok
22:28:03.0265 2532 i2omp - ok
22:28:03.0343 2532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:28:03.0375 2532 idsvc - ok
22:28:03.0390 2532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\drivers\Imapi.sys
22:28:03.0468 2532 Imapi - ok
22:28:03.0500 2532 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) H:\WINDOWS\system32\imapi.exe
22:28:03.0578 2532 ImapiService - ok
22:28:03.0578 2532 ini910u - ok
22:28:03.0765 2532 IntcAzAudAddService (60d33814c478ad436082a05d7e50a0b6) H:\WINDOWS\system32\drivers\RtkHDAud.sys
22:28:03.0890 2532 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
22:28:03.0890 2532 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
22:28:03.0937 2532 IntelIde - ok
22:28:03.0953 2532 ip6fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
22:28:04.0031 2532 ip6fw - ok
22:28:04.0046 2532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:28:04.0125 2532 IpFilterDriver - ok
22:28:04.0125 2532 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
22:28:04.0203 2532 IpInIp - ok
22:28:04.0218 2532 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
22:28:04.0296 2532 IpNat - ok
22:28:04.0312 2532 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
22:28:04.0515 2532 IPSec - ok
22:28:04.0531 2532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
22:28:04.0562 2532 IRENUM - ok
22:28:04.0578 2532 isapnp (6dfb88f64135c525433e87648bda30de) H:\WINDOWS\system32\DRIVERS\isapnp.sys
22:28:04.0656 2532 isapnp - ok
22:28:04.0718 2532 ISWKL (08a811bfd207dfdec588881c18bacbaa) H:\Programme\CheckPoint\ZAForceField\ISWKL.sys
22:28:04.0718 2532 ISWKL - ok
22:28:04.0765 2532 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) H:\Programme\CheckPoint\ZAForceField\IswSvc.exe
22:28:04.0781 2532 IswSvc - ok
22:28:04.0812 2532 Kbdclass (1704d8c4c8807b889e43c649b478a452) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:28:04.0875 2532 Kbdclass - ok
22:28:04.0906 2532 kbdhid (b6d6c117d771c98130497265f26d1882) H:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:28:04.0984 2532 kbdhid - ok
22:28:05.0000 2532 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
22:28:05.0078 2532 kmixer - ok
22:28:05.0109 2532 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
22:28:05.0156 2532 KSecDD - ok
22:28:05.0187 2532 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) H:\WINDOWS\System32\srvsvc.dll
22:28:05.0218 2532 lanmanserver - ok
22:28:05.0234 2532 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) H:\WINDOWS\System32\wkssvc.dll
22:28:05.0265 2532 lanmanworkstation - ok
22:28:05.0265 2532 lbrtfdc - ok
22:28:05.0296 2532 LmHosts (636714b7d43c8d0c80449123fd266920) H:\WINDOWS\System32\lmhsvc.dll
22:28:05.0375 2532 LmHosts - ok
22:28:05.0375 2532 Messenger (b7550a7107281d170ce85524b1488c98) H:\WINDOWS\System32\msgsvc.dll
22:28:05.0453 2532 Messenger - ok
22:28:05.0468 2532 mf (a7da20ab18a1bdae28b0f349e57da0d1) H:\WINDOWS\system32\DRIVERS\mf.sys
22:28:05.0531 2532 mf - ok
22:28:05.0562 2532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
22:28:05.0625 2532 mnmdd - ok
22:28:05.0640 2532 mnmsrvc (c2f1d365fd96791b037ee504868065d3) H:\WINDOWS\System32\mnmsrvc.exe
22:28:05.0718 2532 mnmsrvc - ok
22:28:05.0734 2532 Modem (6fb74ebd4ec57a6f1781de3852cc3362) H:\WINDOWS\system32\drivers\Modem.sys
22:28:05.0812 2532 Modem - ok
22:28:05.0859 2532 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) H:\WINDOWS\system32\drivers\Monfilt.sys
22:28:05.0890 2532 Monfilt ( UnsignedFile.Multi.Generic ) - warning
22:28:05.0890 2532 Monfilt - detected UnsignedFile.Multi.Generic (1)
22:28:05.0953 2532 Mouclass (b24ce8005deab254c0251e15cb71d802) H:\WINDOWS\system32\DRIVERS\mouclass.sys
22:28:06.0031 2532 Mouclass - ok
22:28:06.0046 2532 mouhid (66a6f73c74e1791464160a7065ce711a) H:\WINDOWS\system32\DRIVERS\mouhid.sys
22:28:06.0125 2532 mouhid - ok
22:28:06.0125 2532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
22:28:06.0203 2532 MountMgr - ok
22:28:06.0203 2532 mraid35x - ok
22:28:06.0203 2532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:28:06.0281 2532 MRxDAV - ok
22:28:06.0312 2532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:28:06.0343 2532 MRxSmb - ok
22:28:06.0359 2532 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) H:\WINDOWS\System32\msdtc.exe
22:28:06.0437 2532 MSDTC - ok
22:28:06.0437 2532 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
22:28:06.0500 2532 Msfs - ok
22:28:06.0515 2532 MSIServer - ok
22:28:06.0515 2532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
22:28:06.0578 2532 MSKSSRV - ok
22:28:06.0593 2532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:28:06.0656 2532 MSPCLOCK - ok
22:28:06.0671 2532 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
22:28:06.0750 2532 MSPQM - ok
22:28:06.0781 2532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:28:06.0843 2532 mssmbios - ok
22:28:06.0875 2532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
22:28:06.0953 2532 MSTEE - ok
22:28:06.0968 2532 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
22:28:07.0000 2532 Mup - ok
22:28:07.0015 2532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:28:07.0093 2532 NABTSFEC - ok
22:28:07.0109 2532 napagent (46bb15ae2ac7d025d6d2567b876817bd) H:\WINDOWS\System32\qagentrt.dll
22:28:07.0171 2532 napagent - ok
22:28:07.0203 2532 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
22:28:07.0281 2532 NDIS - ok
22:28:07.0296 2532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:28:07.0375 2532 NdisIP - ok
22:28:07.0406 2532 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:28:07.0437 2532 NdisTapi - ok
22:28:07.0453 2532 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:28:07.0531 2532 Ndisuio - ok
22:28:07.0531 2532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:28:07.0609 2532 NdisWan - ok
22:28:07.0640 2532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
22:28:07.0687 2532 NDProxy - ok
22:28:07.0781 2532 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) H:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
22:28:07.0828 2532 Nero BackItUp Scheduler 3 - ok
22:28:07.0859 2532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
22:28:07.0937 2532 NetBIOS - ok
22:28:07.0953 2532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
22:28:08.0015 2532 NetBT - ok
22:28:08.0046 2532 NetDDE (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
22:28:08.0125 2532 NetDDE - ok
22:28:08.0125 2532 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
22:28:08.0187 2532 NetDDEdsdm - ok
22:28:08.0203 2532 Netlogon (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:28:08.0296 2532 Netlogon - ok
22:28:08.0312 2532 Netman (e6d88f1f6745bf00b57e7855a2ab696c) H:\WINDOWS\System32\netman.dll
22:28:08.0390 2532 Netman - ok
22:28:08.0453 2532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:28:08.0468 2532 NetTcpPortSharing - ok
22:28:08.0484 2532 Nla (f1b67b6b0751ae0e6e964b02821206a3) H:\WINDOWS\System32\mswsock.dll
22:28:08.0500 2532 Nla - ok
22:28:08.0562 2532 NMIndexingService (cb992ae1506985d9167e85883b4c3240) H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
22:28:08.0593 2532 NMIndexingService - ok
22:28:08.0625 2532 NmPar (241c985de3ab9f73568fe3b181dc70f4) H:\WINDOWS\system32\DRIVERS\NmPar.sys
22:28:08.0640 2532 NmPar ( UnsignedFile.Multi.Generic ) - warning
22:28:08.0640 2532 NmPar - detected UnsignedFile.Multi.Generic (1)
22:28:08.0656 2532 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
22:28:08.0734 2532 Npfs - ok
22:28:08.0765 2532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
22:28:08.0843 2532 Ntfs - ok
22:28:08.0875 2532 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\System32\lsass.exe
22:28:08.0937 2532 NtLmSsp - ok
22:28:08.0968 2532 NtmsSvc (56af4064996fa5bac9c449b1514b4770) H:\WINDOWS\system32\ntmssvc.dll
22:28:09.0031 2532 NtmsSvc - ok
22:28:09.0062 2532 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
22:28:09.0125 2532 Null - ok
22:28:09.0140 2532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:28:09.0234 2532 NwlnkFlt - ok
22:28:09.0234 2532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:28:09.0296 2532 NwlnkFwd - ok
22:28:09.0328 2532 ousbehci (9ac47b8dc5789e4c50bb9babcaefd2c2) H:\WINDOWS\system32\Drivers\ousbehci.sys
22:28:09.0343 2532 ousbehci ( UnsignedFile.Multi.Generic ) - warning
22:28:09.0343 2532 ousbehci - detected UnsignedFile.Multi.Generic (1)
22:28:09.0359 2532 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) H:\WINDOWS\system32\Drivers\omcamvid.sys
22:28:09.0390 2532 OVT511Plus - ok
22:28:09.0406 2532 Parport (f84785660305b9b903fb3bca8ba29837) H:\WINDOWS\system32\drivers\Parport.sys
22:28:09.0484 2532 Parport - ok
22:28:09.0484 2532 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
22:28:09.0562 2532 PartMgr - ok
22:28:09.0578 2532 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\WINDOWS\system32\drivers\ParVdm.sys
22:28:09.0656 2532 ParVdm - ok
22:28:09.0656 2532 pavboot - ok
22:28:09.0656 2532 PCI (387e8dedc343aa2d1efbc30580273acd) H:\WINDOWS\system32\DRIVERS\pci.sys
22:28:09.0734 2532 PCI - ok
22:28:09.0734 2532 PCIDump - ok
22:28:09.0750 2532 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) H:\WINDOWS\system32\DRIVERS\pciide.sys
22:28:09.0828 2532 PCIIde - ok
22:28:09.0843 2532 Pcmcia (a2a966b77d61847d61a3051df87c8c97) H:\WINDOWS\system32\drivers\Pcmcia.sys
22:28:09.0906 2532 Pcmcia - ok
22:28:09.0906 2532 PDCOMP - ok
22:28:09.0906 2532 PDFRAME - ok
22:28:09.0921 2532 PDRELI - ok
22:28:09.0921 2532 PDRFRAME - ok
22:28:09.0921 2532 perc2 - ok
22:28:09.0921 2532 perc2hib - ok
22:28:09.0953 2532 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) H:\WINDOWS\system32\IoctlSvc.exe
22:28:09.0953 2532 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:28:09.0953 2532 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:28:09.0968 2532 PlugPlay (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
22:28:09.0984 2532 PlugPlay - ok
22:28:09.0984 2532 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:28:10.0046 2532 PolicyAgent - ok
22:28:10.0062 2532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
22:28:10.0125 2532 PptpMiniport - ok
22:28:10.0140 2532 Processor (2cb55427c58679f49ad600fccba76360) H:\WINDOWS\system32\DRIVERS\processr.sys
22:28:10.0203 2532 Processor - ok
22:28:10.0203 2532 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:28:10.0265 2532 ProtectedStorage - ok
22:28:10.0281 2532 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
22:28:10.0343 2532 PSched - ok
22:28:10.0359 2532 PSI (365622e1f0b6d5f9871d76e89bf0501a) H:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:28:10.0375 2532 PSI ( UnsignedFile.Multi.Generic ) - warning
22:28:10.0375 2532 PSI - detected UnsignedFile.Multi.Generic (1)
22:28:10.0375 2532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
22:28:10.0453 2532 Ptilink - ok
22:28:10.0468 2532 PuranDefrag (2507deaa4fc8ee0a499fa53fed81863e) H:\WINDOWS\system32\PuranDefragS.exe
22:28:10.0484 2532 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
22:28:10.0484 2532 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
22:28:10.0515 2532 PxHelp20 (153d02480a0a2f45785522e814c634b6) H:\WINDOWS\system32\Drivers\PxHelp20.sys
22:28:10.0515 2532 PxHelp20 - ok
22:28:10.0515 2532 ql1080 - ok
22:28:10.0515 2532 Ql10wnt - ok
22:28:10.0515 2532 ql12160 - ok
22:28:10.0531 2532 ql1240 - ok
22:28:10.0531 2532 ql1280 - ok
22:28:10.0531 2532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
22:28:10.0609 2532 RasAcd - ok
22:28:10.0625 2532 RasAuto (f5ba6caccdb66c8f048e867563203246) H:\WINDOWS\System32\rasauto.dll
22:28:10.0687 2532 RasAuto - ok
22:28:10.0718 2532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:28:10.0796 2532 Rasl2tp - ok
22:28:10.0828 2532 RasMan (f9a7b66ea345726edb5862a46b1eccd5) H:\WINDOWS\System32\rasmans.dll
22:28:10.0890 2532 RasMan - ok
22:28:10.0890 2532 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:28:10.0968 2532 RasPppoe - ok
22:28:10.0968 2532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
22:28:11.0046 2532 Raspti - ok
22:28:11.0046 2532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
22:28:11.0109 2532 Rdbss - ok
22:28:11.0125 2532 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:28:11.0203 2532 RDPCDD - ok
22:28:11.0234 2532 RDPWD (6589db6e5969f8eee594cf71171c5028) H:\WINDOWS\system32\drivers\RDPWD.sys
22:28:11.0265 2532 RDPWD - ok
22:28:11.0296 2532 RDSessMgr (263af18af0f3db99f574c95f284ccec9) H:\WINDOWS\system32\sessmgr.exe
22:28:11.0375 2532 RDSessMgr - ok
22:28:11.0390 2532 redbook (ed761d453856f795a7fe056e42c36365) H:\WINDOWS\system32\DRIVERS\redbook.sys
22:28:11.0468 2532 redbook - ok
22:28:11.0500 2532 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) H:\WINDOWS\System32\mprdim.dll
22:28:11.0562 2532 RemoteAccess - ok
22:28:11.0562 2532 RpcLocator (2a02e21867497df20b8fc95631395169) H:\WINDOWS\System32\locator.exe
22:28:11.0640 2532 RpcLocator - ok
22:28:11.0671 2532 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\System32\rpcss.dll
22:28:11.0687 2532 RpcSs - ok
22:28:11.0718 2532 RSVP (4bdd71b4b521521499dfd14735c4f398) H:\WINDOWS\System32\rsvp.exe
22:28:11.0796 2532 RSVP - ok
22:28:11.0828 2532 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:28:11.0828 2532 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
22:28:11.0828 2532 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
22:28:11.0859 2532 SamSs (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:28:11.0921 2532 SamSs - ok
22:28:11.0984 2532 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) H:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
22:28:12.0000 2532 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
22:28:12.0000 2532 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
22:28:12.0015 2532 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) H:\Programme\SUPERAntiSpyware\SASENUM.SYS
22:28:12.0031 2532 SASENUM ( UnsignedFile.Multi.Generic ) - warning
22:28:12.0031 2532 SASENUM - detected UnsignedFile.Multi.Generic (1)
22:28:12.0046 2532 SASKUTIL (c7d81c10d3befeee41f3408714637438) H:\Programme\SUPERAntiSpyware\SASKUTIL.sys
22:28:12.0062 2532 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
22:28:12.0062 2532 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
22:28:12.0078 2532 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) H:\WINDOWS\System32\SCardSvr.exe
22:28:12.0156 2532 SCardSvr - ok
22:28:12.0203 2532 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) H:\WINDOWS\system32\schedsvc.dll
22:28:12.0281 2532 Schedule - ok
22:28:12.0296 2532 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
22:28:12.0328 2532 Secdrv - ok
22:28:12.0343 2532 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) H:\WINDOWS\System32\seclogon.dll
22:28:12.0421 2532 seclogon - ok
22:28:12.0437 2532 SENS (2aac9b6ed9eddffb721d6452e34d67e3) H:\WINDOWS\system32\sens.dll
22:28:12.0500 2532 SENS - ok
22:28:12.0515 2532 serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
22:28:12.0578 2532 serenum - ok
22:28:12.0578 2532 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) H:\WINDOWS\system32\DRIVERS\serial.sys
22:28:12.0656 2532 Serial - ok
22:28:12.0671 2532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
22:28:12.0734 2532 Sfloppy - ok
22:28:12.0750 2532 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) H:\WINDOWS\System32\ipnathlp.dll
22:28:12.0843 2532 SharedAccess - ok
22:28:12.0859 2532 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:28:12.0875 2532 ShellHWDetection - ok
22:28:12.0875 2532 Simbad - ok
22:28:12.0890 2532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
22:28:12.0968 2532 SLIP - ok
22:28:12.0968 2532 Sparrow - ok
22:28:13.0000 2532 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) H:\WINDOWS\system32\speedfan.sys
22:28:13.0000 2532 speedfan - ok
22:28:13.0015 2532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
22:28:13.0093 2532 splitter - ok
22:28:13.0125 2532 Spooler (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe
22:28:13.0156 2532 Spooler - ok
22:28:13.0171 2532 sr (50fa898f8c032796d3b1b9951bb5a90f) H:\WINDOWS\system32\DRIVERS\sr.sys
22:28:13.0203 2532 sr - ok
22:28:13.0234 2532 srservice (fe77a85495065f3ad59c5c65b6c54182) H:\WINDOWS\system32\srsvc.dll
22:28:13.0281 2532 srservice - ok
22:28:13.0312 2532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
22:28:13.0359 2532 Srv - ok
22:28:13.0375 2532 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) H:\WINDOWS\System32\ssdpsrv.dll
22:28:13.0406 2532 SSDPSRV - ok
22:28:13.0437 2532 stisvc (bc2c5985611c5356b24aeb370953ded9) H:\WINDOWS\system32\wiaservc.dll
22:28:13.0515 2532 stisvc - ok
22:28:13.0531 2532 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:28:13.0625 2532 streamip - ok
22:28:13.0640 2532 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
22:28:13.0718 2532 swenum - ok
22:28:13.0734 2532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
22:28:13.0796 2532 swmidi - ok
22:28:13.0796 2532 SwPrv - ok
22:28:13.0812 2532 symc810 - ok
22:28:13.0812 2532 symc8xx - ok
22:28:13.0812 2532 sym_hi - ok
22:28:13.0812 2532 sym_u3 - ok
22:28:13.0828 2532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
22:28:13.0890 2532 sysaudio - ok
22:28:13.0906 2532 SysmonLog (2903fffa2523926d6219428040dce6b9) H:\WINDOWS\system32\smlogsvc.exe
22:28:13.0968 2532 SysmonLog - ok
22:28:13.0984 2532 TapiSrv (05903cac4b98908d55ea5774775b382e) H:\WINDOWS\System32\tapisrv.dll
22:28:14.0078 2532 TapiSrv - ok
22:28:14.0109 2532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
22:28:14.0125 2532 Tcpip - ok
22:28:14.0140 2532 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
22:28:14.0218 2532 TDPIPE - ok
22:28:14.0218 2532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
22:28:14.0296 2532 TDTCP - ok
22:28:14.0312 2532 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
22:28:14.0375 2532 TermDD - ok
22:28:14.0406 2532 TermService (b7de02c863d8f5a005a7bf375375a6a4) H:\WINDOWS\System32\termsrv.dll
22:28:14.0484 2532 TermService - ok
22:28:14.0515 2532 Themes (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:28:14.0531 2532 Themes - ok
22:28:14.0531 2532 TosIde - ok
22:28:14.0546 2532 TrkWks (626504572b175867f30f3215c04b3e2f) H:\WINDOWS\system32\trkwks.dll
22:28:14.0625 2532 TrkWks - ok
22:28:14.0640 2532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
22:28:14.0718 2532 Udfs - ok
22:28:14.0718 2532 ultra - ok
22:28:14.0750 2532 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) H:\WINDOWS\system32\wdfmgr.exe
22:28:14.0765 2532 UMWdf - ok
22:28:14.0781 2532 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
22:28:14.0875 2532 Update - ok
22:28:14.0890 2532 upnphost (1dfd8975d8c89214b98d9387c1125b49) H:\WINDOWS\System32\upnphost.dll
22:28:14.0921 2532 upnphost - ok
22:28:14.0937 2532 UPS (9b11e6118958e63e1fef129466e2bda7) H:\WINDOWS\System32\ups.exe
22:28:15.0000 2532 UPS - ok
22:28:15.0015 2532 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) H:\WINDOWS\system32\Drivers\Bulk100.sys
22:28:15.0015 2532 USBCamera - ok
22:28:15.0046 2532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:28:15.0109 2532 usbccgp - ok
22:28:15.0140 2532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
22:28:15.0218 2532 usbehci - ok
22:28:15.0234 2532 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
22:28:15.0296 2532 usbhub - ok
22:28:15.0312 2532 usbohci (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
22:28:15.0375 2532 usbohci - ok
22:28:15.0390 2532 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
22:28:15.0453 2532 usbprint - ok
22:28:15.0468 2532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
22:28:15.0531 2532 usbscan - ok
22:28:15.0546 2532 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:28:15.0609 2532 usbstor - ok
22:28:15.0609 2532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
22:28:15.0687 2532 VgaSave - ok
22:28:15.0687 2532 ViaIde - ok
22:28:15.0703 2532 VolSnap (a5a712f4e880874a477af790b5186e1d) H:\WINDOWS\system32\drivers\VolSnap.sys
22:28:15.0765 2532 VolSnap - ok
22:28:15.0812 2532 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) H:\WINDOWS\system32\vsdatant.sys
22:28:15.0828 2532 Vsdatant - ok
22:28:15.0859 2532 vsmon - ok
22:28:15.0890 2532 VSS (68f106273be29e7b7ef8266977268e78) H:\WINDOWS\System32\vssvc.exe
22:28:15.0921 2532 VSS - ok
22:28:15.0968 2532 W32Time (7b353059e665f8b7ad2bbeaef597cf45) H:\WINDOWS\system32\w32time.dll
22:28:16.0031 2532 W32Time - ok
22:28:16.0046 2532 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
22:28:16.0109 2532 Wanarp - ok
22:28:16.0125 2532 WDICA - ok
22:28:16.0125 2532 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
22:28:16.0203 2532 wdmaud - ok
22:28:16.0218 2532 WebClient (81727c9873e3905a2ffc1ebd07265002) H:\WINDOWS\System32\webclnt.dll
22:28:16.0296 2532 WebClient - ok
22:28:16.0343 2532 winmgmt (6f3f3973d97714cc5f906a19fe883729) H:\WINDOWS\system32\wbem\WMIsvc.dll
22:28:16.0406 2532 winmgmt - ok
22:28:16.0437 2532 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) H:\WINDOWS\system32\mspmsnsv.dll
22:28:16.0453 2532 WmdmPmSN - ok
22:28:16.0484 2532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) H:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:28:16.0546 2532 WmiAcpi - ok
22:28:16.0578 2532 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) H:\WINDOWS\System32\wbem\wmiapsrv.exe
22:28:16.0656 2532 WmiApSrv - ok
22:28:16.0671 2532 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) H:\WINDOWS\System32\drivers\ws2ifsl.sys
22:28:16.0734 2532 WS2IFSL - ok
22:28:16.0765 2532 wscsvc (300b3e84faf1a5c1f791c159ba28035d) H:\WINDOWS\system32\wscsvc.dll
22:28:16.0843 2532 wscsvc - ok
22:28:16.0859 2532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:28:16.0921 2532 WSTCODEC - ok
22:28:16.0921 2532 wuauserv - ok
22:28:16.0953 2532 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) H:\WINDOWS\System32\wzcsvc.dll
22:28:17.0031 2532 WZCSVC - ok
22:28:17.0046 2532 xmlprov (0ada34871a2e1cd2caafed1237a47750) H:\WINDOWS\System32\xmlprov.dll
22:28:17.0109 2532 xmlprov - ok
22:28:17.0125 2532 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:28:17.0406 2532 \Device\Harddisk0\DR0 - ok
22:28:17.0406 2532 Boot (0x1200) (a95a8dfa1a45f4bdec64ad96617330f5) \Device\Harddisk0\DR0\Partition0
22:28:17.0406 2532 \Device\Harddisk0\DR0\Partition0 - ok
22:28:17.0406 2532 ============================================================
22:28:17.0406 2532 Scan finished
22:28:17.0406 2532 ============================================================
22:28:17.0515 2512 Detected object count: 16
22:28:17.0515 2512 Actual detected object count: 16
22:29:13.0718 2512 Ambfilt ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 Ambfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 Monfilt ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 Monfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 NmPar ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 NmPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 ousbehci ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 ousbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 PSI ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 PSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:13.0718 2512 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
22:29:13.0718 2512 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:29:57.0921 3348 ============================================================
22:29:57.0921 3348 Scan started
22:29:57.0921 3348 Mode: Manual; SigCheck; TDLFS;
22:29:57.0921 3348 ============================================================
22:29:58.0078 3348 Abiosdsk - ok
22:29:58.0078 3348 abp480n5 - ok
22:29:58.0109 3348 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\WINDOWS\system32\DRIVERS\ACPI.sys
22:29:58.0265 3348 ACPI - ok
22:29:58.0296 3348 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) H:\WINDOWS\system32\drivers\ACPIEC.sys
22:29:58.0359 3348 ACPIEC - ok
22:29:58.0421 3348 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:29:58.0437 3348 AdobeFlashPlayerUpdateSvc - ok
22:29:58.0437 3348 adpu160m - ok
22:29:58.0453 3348 aec (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
22:29:58.0531 3348 aec - ok
22:29:58.0546 3348 AFD (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
22:29:58.0578 3348 AFD - ok
22:29:58.0578 3348 Aha154x - ok
22:29:58.0578 3348 aic78u2 - ok
22:29:58.0578 3348 aic78xx - ok
22:29:58.0625 3348 aksfridge (730e9d3bb324fb1899005aea63c6782d) H:\WINDOWS\system32\drivers\aksfridge.sys
22:29:58.0656 3348 aksfridge - ok
22:29:58.0671 3348 akshasp (64fc197d24a2b240598f29ce0a6660c0) H:\WINDOWS\system32\DRIVERS\akshasp.sys
22:29:58.0687 3348 akshasp - ok
22:29:58.0703 3348 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) H:\WINDOWS\system32\DRIVERS\aksusb.sys
22:29:58.0734 3348 aksusb - ok
22:29:58.0750 3348 Alerter (738d80cc01d7bc7584be917b7f544394) H:\WINDOWS\system32\alrsvc.dll
22:29:58.0828 3348 Alerter - ok
22:29:58.0843 3348 ALG (190cd73d4984f94d823f9444980513e5) H:\WINDOWS\System32\alg.exe
22:29:58.0890 3348 ALG - ok
22:29:58.0890 3348 AliIde - ok
22:29:58.0953 3348 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) H:\WINDOWS\system32\drivers\Ambfilt.sys
22:29:59.0000 3348 Ambfilt ( UnsignedFile.Multi.Generic ) - warning
22:29:59.0000 3348 Ambfilt - detected UnsignedFile.Multi.Generic (1)
22:29:59.0015 3348 amsint - ok
22:29:59.0031 3348 AppMgmt - ok
22:29:59.0031 3348 asc - ok
22:29:59.0031 3348 asc3350p - ok
22:29:59.0031 3348 asc3550 - ok
22:29:59.0062 3348 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:29:59.0078 3348 aspnet_state - ok
22:29:59.0093 3348 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:29:59.0171 3348 AsyncMac - ok
22:29:59.0187 3348 atapi (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
22:29:59.0265 3348 atapi - ok
22:29:59.0265 3348 Atdisk - ok
22:29:59.0312 3348 Ati HotKey Poller (281d26df656e53dab568214ee282ec46) H:\WINDOWS\system32\Ati2evxx.exe
22:29:59.0343 3348 Ati HotKey Poller - ok
22:29:59.0390 3348 ATI Smart (b9cb37e2393fca35d0505cda5703cbdc) H:\WINDOWS\system32\ati2sgag.exe
22:29:59.0421 3348 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
22:29:59.0421 3348 ATI Smart - detected UnsignedFile.Multi.Generic (1)
22:29:59.0593 3348 ati2mtag (c2b6f2161abd498d2b453050ffc81812) H:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:29:59.0703 3348 ati2mtag - ok
22:29:59.0781 3348 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) H:\WINDOWS\system32\drivers\AtiHdmi.sys
22:29:59.0796 3348 AtiHdmiService ( UnsignedFile.Multi.Generic ) - warning
22:29:59.0796 3348 AtiHdmiService - detected UnsignedFile.Multi.Generic (1)
22:29:59.0828 3348 Atmarpc (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:29:59.0890 3348 Atmarpc - ok
22:29:59.0921 3348 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) H:\WINDOWS\System32\audiosrv.dll
22:30:00.0000 3348 AudioSrv - ok
22:30:00.0031 3348 audstub (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
22:30:00.0093 3348 audstub - ok
22:30:00.0296 3348 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) H:\Programme\AVG\AVG2012\AVGIDSAgent.exe
22:30:00.0421 3348 AVGIDSAgent - ok
22:30:00.0484 3348 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) H:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:30:00.0500 3348 AVGIDSDriver - ok
22:30:00.0500 3348 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) H:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:30:00.0515 3348 AVGIDSFilter - ok
22:30:00.0531 3348 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) H:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:30:00.0546 3348 AVGIDSHX - ok
22:30:00.0546 3348 AVGIDSShim (baf975b72062f53d327788e99d64197e) H:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:30:00.0562 3348 AVGIDSShim - ok
22:30:00.0578 3348 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) H:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:30:00.0578 3348 Avgldx86 - ok
22:30:00.0593 3348 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) H:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:30:00.0593 3348 Avgmfx86 - ok
22:30:00.0593 3348 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) H:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:30:00.0609 3348 Avgrkx86 - ok
22:30:00.0625 3348 Avgtdix (1263f2554ace925c237a40b4c568d815) H:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:30:00.0640 3348 Avgtdix - ok
22:30:00.0703 3348 avgwd (ea1145debcd508fd25bd1e95c4346929) H:\Programme\AVG\AVG2012\avgwdsvc.exe
22:30:00.0718 3348 avgwd - ok
22:30:00.0750 3348 Beep (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
22:30:00.0812 3348 Beep - ok
22:30:00.0843 3348 BITS (d6f603772a789bb3228f310d650b8bd1) H:\WINDOWS\system32\qmgr.dll
22:30:00.0921 3348 BITS - ok
22:30:00.0937 3348 Browser (b42057f06bbb98b31876c0b3f2b54e33) H:\WINDOWS\System32\browser.dll
22:30:01.0015 3348 Browser - ok
22:30:01.0046 3348 Ca100v (9b908a67f3b344b60cdaaf984ad547d1) H:\WINDOWS\system32\Drivers\Ca100v.sys
22:30:01.0062 3348 Ca100v - ok
22:30:01.0140 3348 catchme - ok
22:30:01.0171 3348 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
22:30:01.0250 3348 cbidf2k - ok
22:30:01.0296 3348 CCDECODE (0be5aef125be881c4f854c554f2b025c) H:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:30:01.0359 3348 CCDECODE - ok
22:30:01.0359 3348 cd20xrnt - ok
22:30:01.0375 3348 Cdaudio (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
22:30:01.0453 3348 Cdaudio - ok
22:30:01.0468 3348 Cdfs (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
22:30:01.0531 3348 Cdfs - ok
22:30:01.0546 3348 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
22:30:01.0625 3348 Cdrom - ok
22:30:01.0625 3348 Changer - ok
22:30:01.0640 3348 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) H:\WINDOWS\system32\cisvc.exe
22:30:01.0718 3348 cisvc - ok
22:30:01.0718 3348 ClipSrv (778a30ed3c134eb7e406afc407e9997d) H:\WINDOWS\system32\clipsrv.exe
22:30:01.0781 3348 ClipSrv - ok
22:30:01.0828 3348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:01.0828 3348 clr_optimization_v2.0.50727_32 - ok
22:30:01.0828 3348 CmdIde - ok
22:30:01.0843 3348 COMSysApp - ok
22:30:01.0843 3348 Cpqarray - ok
22:30:01.0859 3348 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) H:\WINDOWS\System32\cryptsvc.dll
22:30:01.0937 3348 CryptSvc - ok
22:30:01.0937 3348 dac2w2k - ok
22:30:01.0937 3348 dac960nt - ok
22:30:01.0968 3348 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\system32\rpcss.dll
22:30:01.0984 3348 DcomLaunch - ok
22:30:02.0031 3348 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) H:\WINDOWS\System32\dhcpcsvc.dll
22:30:02.0093 3348 Dhcp - ok
22:30:02.0109 3348 Disk (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
22:30:02.0171 3348 Disk - ok
22:30:02.0171 3348 dmadmin - ok
22:30:02.0203 3348 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\WINDOWS\system32\drivers\dmboot.sys
22:30:02.0281 3348 dmboot - ok
22:30:02.0296 3348 dmio (53720ab12b48719d00e327da470a619a) H:\WINDOWS\system32\drivers\dmio.sys
22:30:02.0375 3348 dmio - ok
22:30:02.0390 3348 dmload (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
22:30:02.0468 3348 dmload - ok
22:30:02.0484 3348 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) H:\WINDOWS\System32\dmserver.dll
22:30:02.0546 3348 dmserver - ok
22:30:02.0562 3348 DMusic (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
22:30:02.0625 3348 DMusic - ok
22:30:02.0656 3348 Dnscache (407f3227ac618fd1ca54b335b083de07) H:\WINDOWS\System32\dnsrslvr.dll
22:30:02.0656 3348 Dnscache - ok
22:30:02.0687 3348 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) H:\WINDOWS\System32\dot3svc.dll
22:30:02.0750 3348 Dot3svc - ok
22:30:02.0750 3348 dpti2o - ok
22:30:02.0765 3348 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
22:30:02.0828 3348 drmkaud - ok
22:30:02.0843 3348 EapHost (4e4f2fddab0a0736d7671134dcce91fb) H:\WINDOWS\System32\eapsvc.dll
22:30:02.0906 3348 EapHost - ok
22:30:02.0937 3348 ERSvc (877c18558d70587aa7823a1a308ac96b) H:\WINDOWS\System32\ersvc.dll
22:30:03.0000 3348 ERSvc - ok
22:30:03.0031 3348 Eventlog (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
22:30:03.0062 3348 Eventlog - ok
22:30:03.0093 3348 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) H:\WINDOWS\System32\es.dll
22:30:03.0109 3348 EventSystem - ok
22:30:03.0171 3348 EverestDriver (dabebf61afd356c2f040e7dbc53ad511) H:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt
22:30:03.0171 3348 EverestDriver ( UnsignedFile.Multi.Generic ) - warning
22:30:03.0171 3348 EverestDriver - detected UnsignedFile.Multi.Generic (1)
22:30:03.0187 3348 Fastfat (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
22:30:03.0265 3348 Fastfat - ok
22:30:03.0296 3348 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:30:03.0312 3348 FastUserSwitchingCompatibility - ok
22:30:03.0312 3348 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\drivers\Fdc.sys
22:30:03.0375 3348 Fdc - ok
22:30:03.0406 3348 Fips (b0678a548587c5f1967b0d70bacad6c1) H:\WINDOWS\system32\drivers\Fips.sys
22:30:03.0484 3348 Fips - ok
22:30:03.0484 3348 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
22:30:03.0546 3348 Flpydisk - ok
22:30:03.0562 3348 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
22:30:03.0640 3348 FltMgr - ok
22:30:03.0718 3348 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:30:03.0734 3348 FontCache3.0.0.0 - ok
22:30:03.0750 3348 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
22:30:03.0828 3348 Fs_Rec - ok
22:30:03.0859 3348 Ftdisk (8f1955ce42e1484714b542f341647778) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:30:03.0921 3348 Ftdisk - ok
22:30:03.0937 3348 giveio (77ebf3e9386daa51551af429052d88d0) H:\WINDOWS\system32\giveio.sys
22:30:03.0953 3348 giveio ( UnsignedFile.Multi.Generic ) - warning
22:30:03.0953 3348 giveio - detected UnsignedFile.Multi.Generic (1)
22:30:03.0953 3348 GMSIPCI - ok
22:30:03.0968 3348 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
22:30:04.0046 3348 Gpc - ok
22:30:04.0078 3348 hardlock (a9d587e31dbee3e9bd97fefece0ba874) H:\WINDOWS\system32\drivers\hardlock.sys
22:30:04.0093 3348 hardlock - ok
22:30:04.0093 3348 hasplms - ok
22:30:04.0125 3348 HDAudBus (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:30:04.0203 3348 HDAudBus - ok
22:30:04.0250 3348 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:30:04.0328 3348 helpsvc - ok
22:30:04.0343 3348 HidServ (b35da85e60c0103f2e4104532da2f12b) H:\WINDOWS\System32\hidserv.dll
22:30:04.0421 3348 HidServ - ok
22:30:04.0437 3348 hidusb (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
22:30:04.0500 3348 hidusb - ok
22:30:04.0531 3348 hkmsvc (ed29f14101523a6e0e808107405d452c) H:\WINDOWS\System32\kmsvc.dll
22:30:04.0593 3348 hkmsvc - ok
22:30:04.0625 3348 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) H:\WINDOWS\system32\drivers\hotcore3.sys
22:30:04.0625 3348 hotcore3 - ok
22:30:04.0625 3348 hpn - ok
22:30:04.0640 3348 hpt3xx - ok
22:30:04.0656 3348 HTTP (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
22:30:04.0671 3348 HTTP - ok
22:30:04.0687 3348 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) H:\WINDOWS\System32\w3ssl.dll
22:30:04.0765 3348 HTTPFilter - ok
22:30:04.0765 3348 i2omgmt - ok
22:30:04.0765 3348 i2omp - ok
22:30:04.0843 3348 idsvc (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:30:04.0875 3348 idsvc - ok
22:30:04.0890 3348 Imapi (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\drivers\Imapi.sys
22:30:04.0968 3348 Imapi - ok
22:30:04.0984 3348 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) H:\WINDOWS\system32\imapi.exe
22:30:05.0046 3348 ImapiService - ok
22:30:05.0046 3348 ini910u - ok
22:30:05.0234 3348 IntcAzAudAddService (60d33814c478ad436082a05d7e50a0b6) H:\WINDOWS\system32\drivers\RtkHDAud.sys
22:30:05.0359 3348 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
22:30:05.0359 3348 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
22:30:05.0406 3348 IntelIde - ok
22:30:05.0421 3348 ip6fw (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
22:30:05.0484 3348 ip6fw - ok
22:30:05.0515 3348 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:30:05.0578 3348 IpFilterDriver - ok
22:30:05.0593 3348 IpInIp (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
22:30:05.0656 3348 IpInIp - ok
22:30:05.0671 3348 IpNat (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
22:30:05.0750 3348 IpNat - ok
22:30:05.0765 3348 IPSec (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
22:30:05.0828 3348 IPSec - ok
22:30:05.0843 3348 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
22:30:05.0890 3348 IRENUM - ok
22:30:05.0906 3348 isapnp (6dfb88f64135c525433e87648bda30de) H:\WINDOWS\system32\DRIVERS\isapnp.sys
22:30:05.0984 3348 isapnp - ok
22:30:06.0031 3348 ISWKL (08a811bfd207dfdec588881c18bacbaa) H:\Programme\CheckPoint\ZAForceField\ISWKL.sys
22:30:06.0046 3348 ISWKL - ok
22:30:06.0078 3348 IswSvc (5b2ccef06f96dfb22893ab8f0b3f891d) H:\Programme\CheckPoint\ZAForceField\IswSvc.exe
22:30:06.0093 3348 IswSvc - ok
22:30:06.0109 3348 Kbdclass (1704d8c4c8807b889e43c649b478a452) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:30:06.0187 3348 Kbdclass - ok
22:30:06.0203 3348 kbdhid (b6d6c117d771c98130497265f26d1882) H:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:30:06.0281 3348 kbdhid - ok
22:30:06.0296 3348 kmixer (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
22:30:06.0375 3348 kmixer - ok
22:30:06.0406 3348 KSecDD (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
22:30:06.0421 3348 KSecDD - ok
22:30:06.0453 3348 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) H:\WINDOWS\System32\srvsvc.dll
22:30:06.0468 3348 lanmanserver - ok
22:30:06.0500 3348 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) H:\WINDOWS\System32\wkssvc.dll
22:30:06.0500 3348 lanmanworkstation - ok
22:30:06.0500 3348 lbrtfdc - ok
22:30:06.0546 3348 LmHosts (636714b7d43c8d0c80449123fd266920) H:\WINDOWS\System32\lmhsvc.dll
22:30:06.0609 3348 LmHosts - ok
22:30:06.0640 3348 Messenger (b7550a7107281d170ce85524b1488c98) H:\WINDOWS\System32\msgsvc.dll
22:30:06.0718 3348 Messenger - ok
22:30:06.0734 3348 mf (a7da20ab18a1bdae28b0f349e57da0d1) H:\WINDOWS\system32\DRIVERS\mf.sys
22:30:06.0796 3348 mf - ok
22:30:06.0812 3348 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
22:30:06.0875 3348 mnmdd - ok
22:30:06.0890 3348 mnmsrvc (c2f1d365fd96791b037ee504868065d3) H:\WINDOWS\System32\mnmsrvc.exe
22:30:06.0968 3348 mnmsrvc - ok
22:30:06.0984 3348 Modem (6fb74ebd4ec57a6f1781de3852cc3362) H:\WINDOWS\system32\drivers\Modem.sys
22:30:07.0046 3348 Modem - ok
22:30:07.0109 3348 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) H:\WINDOWS\system32\drivers\Monfilt.sys
22:30:07.0125 3348 Monfilt ( UnsignedFile.Multi.Generic ) - warning
22:30:07.0125 3348 Monfilt - detected UnsignedFile.Multi.Generic (1)
22:30:07.0187 3348 Mouclass (b24ce8005deab254c0251e15cb71d802) H:\WINDOWS\system32\DRIVERS\mouclass.sys
22:30:07.0265 3348 Mouclass - ok
22:30:07.0281 3348 mouhid (66a6f73c74e1791464160a7065ce711a) H:\WINDOWS\system32\DRIVERS\mouhid.sys
22:30:07.0359 3348 mouhid - ok
22:30:07.0359 3348 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
22:30:07.0437 3348 MountMgr - ok
22:30:07.0437 3348 mraid35x - ok
22:30:07.0437 3348 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:30:07.0515 3348 MRxDAV - ok
22:30:07.0546 3348 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:30:07.0562 3348 MRxSmb - ok
22:30:07.0593 3348 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) H:\WINDOWS\System32\msdtc.exe
22:30:07.0656 3348 MSDTC - ok
22:30:07.0656 3348 Msfs (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
22:30:07.0718 3348 Msfs - ok
22:30:07.0734 3348 MSIServer - ok
22:30:07.0734 3348 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
22:30:07.0796 3348 MSKSSRV - ok
22:30:07.0812 3348 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:30:07.0875 3348 MSPCLOCK - ok
22:30:07.0890 3348 MSPQM (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
22:30:07.0953 3348 MSPQM - ok
22:30:07.0984 3348 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:30:08.0046 3348 mssmbios - ok
22:30:08.0062 3348 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) H:\WINDOWS\system32\drivers\MSTEE.sys
22:30:08.0140 3348 MSTEE - ok
22:30:08.0171 3348 Mup (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
22:30:08.0187 3348 Mup - ok
22:30:08.0218 3348 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:30:08.0281 3348 NABTSFEC - ok
22:30:08.0296 3348 napagent (46bb15ae2ac7d025d6d2567b876817bd) H:\WINDOWS\System32\qagentrt.dll
22:30:08.0375 3348 napagent - ok
22:30:08.0390 3348 NDIS (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
22:30:08.0453 3348 NDIS - ok
22:30:08.0468 3348 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) H:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:30:08.0546 3348 NdisIP - ok
22:30:08.0578 3348 NdisTapi (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:30:08.0593 3348 NdisTapi - ok
22:30:08.0609 3348 Ndisuio (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:30:08.0671 3348 Ndisuio - ok
22:30:08.0687 3348 NdisWan (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:30:08.0750 3348 NdisWan - ok
22:30:08.0781 3348 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
22:30:08.0796 3348 NDProxy - ok
22:30:08.0906 3348 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) H:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
22:30:08.0921 3348 Nero BackItUp Scheduler 3 - ok
22:30:08.0953 3348 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
22:30:09.0015 3348 NetBIOS - ok
22:30:09.0046 3348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
22:30:09.0109 3348 NetBT - ok
22:30:09.0125 3348 NetDDE (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
22:30:09.0203 3348 NetDDE - ok
22:30:09.0203 3348 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
22:30:09.0265 3348 NetDDEdsdm - ok
22:30:09.0281 3348 Netlogon (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:30:09.0359 3348 Netlogon - ok
22:30:09.0375 3348 Netman (e6d88f1f6745bf00b57e7855a2ab696c) H:\WINDOWS\System32\netman.dll
22:30:09.0453 3348 Netman - ok
22:30:09.0531 3348 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:30:09.0531 3348 NetTcpPortSharing - ok
22:30:09.0562 3348 Nla (f1b67b6b0751ae0e6e964b02821206a3) H:\WINDOWS\System32\mswsock.dll
22:30:09.0578 3348 Nla - ok
22:30:09.0640 3348 NMIndexingService (cb992ae1506985d9167e85883b4c3240) H:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
22:30:09.0656 3348 NMIndexingService - ok
22:30:09.0703 3348 NmPar (241c985de3ab9f73568fe3b181dc70f4) H:\WINDOWS\system32\DRIVERS\NmPar.sys
22:30:09.0718 3348 NmPar ( UnsignedFile.Multi.Generic ) - warning
22:30:09.0718 3348 NmPar - detected UnsignedFile.Multi.Generic (1)
22:30:09.0734 3348 Npfs (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
22:30:09.0796 3348 Npfs - ok
22:30:09.0828 3348 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
22:30:09.0906 3348 Ntfs - ok
22:30:09.0921 3348 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\System32\lsass.exe
22:30:09.0984 3348 NtLmSsp - ok
22:30:10.0015 3348 NtmsSvc (56af4064996fa5bac9c449b1514b4770) H:\WINDOWS\system32\ntmssvc.dll
22:30:10.0093 3348 NtmsSvc - ok
22:30:10.0109 3348 Null (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
22:30:10.0171 3348 Null - ok
22:30:10.0187 3348 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:30:10.0265 3348 NwlnkFlt - ok
22:30:10.0281 3348 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:30:10.0343 3348 NwlnkFwd - ok
22:30:10.0359 3348 ousbehci (9ac47b8dc5789e4c50bb9babcaefd2c2) H:\WINDOWS\system32\Drivers\ousbehci.sys
22:30:10.0375 3348 ousbehci ( UnsignedFile.Multi.Generic ) - warning
22:30:10.0375 3348 ousbehci - detected UnsignedFile.Multi.Generic (1)
22:30:10.0390 3348 OVT511Plus (c5739be3a8eecdf951955a38e1741f45) H:\WINDOWS\system32\Drivers\omcamvid.sys
22:30:10.0406 3348 OVT511Plus - ok
22:30:10.0421 3348 Parport (f84785660305b9b903fb3bca8ba29837) H:\WINDOWS\system32\drivers\Parport.sys
22:30:10.0500 3348 Parport - ok
22:30:10.0515 3348 PartMgr (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
22:30:10.0578 3348 PartMgr - ok
22:30:10.0593 3348 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\WINDOWS\system32\drivers\ParVdm.sys
22:30:10.0671 3348 ParVdm - ok
22:30:10.0671 3348 pavboot - ok
22:30:10.0671 3348 PCI (387e8dedc343aa2d1efbc30580273acd) H:\WINDOWS\system32\DRIVERS\pci.sys
22:30:10.0750 3348 PCI - ok
22:30:10.0750 3348 PCIDump - ok
22:30:10.0765 3348 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) H:\WINDOWS\system32\DRIVERS\pciide.sys
22:30:10.0843 3348 PCIIde - ok
22:30:10.0859 3348 Pcmcia (a2a966b77d61847d61a3051df87c8c97) H:\WINDOWS\system32\drivers\Pcmcia.sys
22:30:10.0921 3348 Pcmcia - ok
22:30:10.0921 3348 PDCOMP - ok
22:30:10.0937 3348 PDFRAME - ok
22:30:10.0937 3348 PDRELI - ok
22:30:10.0937 3348 PDRFRAME - ok
22:30:10.0937 3348 perc2 - ok
22:30:10.0937 3348 perc2hib - ok
22:30:10.0968 3348 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) H:\WINDOWS\system32\IoctlSvc.exe
22:30:10.0968 3348 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:30:10.0968 3348 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:30:11.0000 3348 PlugPlay (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
22:30:11.0000 3348 PlugPlay - ok
22:30:11.0000 3348 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:30:11.0062 3348 PolicyAgent - ok
22:30:11.0078 3348 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
22:30:11.0140 3348 PptpMiniport - ok
22:30:11.0140 3348 Processor (2cb55427c58679f49ad600fccba76360) H:\WINDOWS\system32\DRIVERS\processr.sys
22:30:11.0218 3348 Processor - ok
22:30:11.0218 3348 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:30:11.0281 3348 ProtectedStorage - ok
22:30:11.0281 3348 PSched (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
22:30:11.0343 3348 PSched - ok
22:30:11.0359 3348 PSI (365622e1f0b6d5f9871d76e89bf0501a) H:\WINDOWS\system32\DRIVERS\psi_mf.sys
22:30:11.0359 3348 PSI ( UnsignedFile.Multi.Generic ) - warning
22:30:11.0359 3348 PSI - detected UnsignedFile.Multi.Generic (1)
22:30:11.0375 3348 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
22:30:11.0437 3348 Ptilink - ok
22:30:11.0468 3348 PuranDefrag (2507deaa4fc8ee0a499fa53fed81863e) H:\WINDOWS\system32\PuranDefragS.exe
22:30:11.0484 3348 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
22:30:11.0484 3348 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
22:30:11.0500 3348 PxHelp20 (153d02480a0a2f45785522e814c634b6) H:\WINDOWS\system32\Drivers\PxHelp20.sys
22:30:11.0515 3348 PxHelp20 - ok
22:30:11.0515 3348 ql1080 - ok
22:30:11.0515 3348 Ql10wnt - ok
22:30:11.0515 3348 ql12160 - ok
22:30:11.0515 3348 ql1240 - ok
22:30:11.0531 3348 ql1280 - ok
22:30:11.0531 3348 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
22:30:11.0593 3348 RasAcd - ok
22:30:11.0625 3348 RasAuto (f5ba6caccdb66c8f048e867563203246) H:\WINDOWS\System32\rasauto.dll
22:30:11.0687 3348 RasAuto - ok
22:30:11.0703 3348 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:30:11.0781 3348 Rasl2tp - ok
22:30:11.0796 3348 RasMan (f9a7b66ea345726edb5862a46b1eccd5) H:\WINDOWS\System32\rasmans.dll
22:30:11.0875 3348 RasMan - ok
22:30:11.0875 3348 RasPppoe (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:30:11.0937 3348 RasPppoe - ok
22:30:11.0937 3348 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
22:30:12.0015 3348 Raspti - ok
22:30:12.0031 3348 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
22:30:12.0078 3348 Rdbss - ok
22:30:12.0093 3348 RDPCDD (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:30:12.0156 3348 RDPCDD - ok
22:30:12.0187 3348 RDPWD (6589db6e5969f8eee594cf71171c5028) H:\WINDOWS\system32\drivers\RDPWD.sys
22:30:12.0203 3348 RDPWD - ok
22:30:12.0234 3348 RDSessMgr (263af18af0f3db99f574c95f284ccec9) H:\WINDOWS\system32\sessmgr.exe
22:30:12.0296 3348 RDSessMgr - ok
22:30:12.0328 3348 redbook (ed761d453856f795a7fe056e42c36365) H:\WINDOWS\system32\DRIVERS\redbook.sys
22:30:12.0390 3348 redbook - ok
22:30:12.0421 3348 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) H:\WINDOWS\System32\mprdim.dll
22:30:12.0484 3348 RemoteAccess - ok
22:30:12.0484 3348 RpcLocator (2a02e21867497df20b8fc95631395169) H:\WINDOWS\System32\locator.exe
22:30:12.0562 3348 RpcLocator - ok
22:30:12.0593 3348 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\System32\rpcss.dll
22:30:12.0609 3348 RpcSs - ok
22:30:12.0640 3348 RSVP (4bdd71b4b521521499dfd14735c4f398) H:\WINDOWS\System32\rsvp.exe
22:30:12.0703 3348 RSVP - ok
22:30:12.0734 3348 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:30:12.0750 3348 RTLE8023xp ( UnsignedFile.Multi.Generic ) - warning
22:30:12.0750 3348 RTLE8023xp - detected UnsignedFile.Multi.Generic (1)
22:30:12.0781 3348 SamSs (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
22:30:12.0843 3348 SamSs - ok
22:30:12.0890 3348 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) H:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
22:30:12.0906 3348 SASDIFSV ( UnsignedFile.Multi.Generic ) - warning
22:30:12.0906 3348 SASDIFSV - detected UnsignedFile.Multi.Generic (1)
22:30:12.0921 3348 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) H:\Programme\SUPERAntiSpyware\SASENUM.SYS
22:30:12.0921 3348 SASENUM ( UnsignedFile.Multi.Generic ) - warning
22:30:12.0921 3348 SASENUM - detected UnsignedFile.Multi.Generic (1)
22:30:12.0937 3348 SASKUTIL (c7d81c10d3befeee41f3408714637438) H:\Programme\SUPERAntiSpyware\SASKUTIL.sys
22:30:12.0937 3348 SASKUTIL ( UnsignedFile.Multi.Generic ) - warning
22:30:12.0937 3348 SASKUTIL - detected UnsignedFile.Multi.Generic (1)
22:30:12.0968 3348 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) H:\WINDOWS\System32\SCardSvr.exe
22:30:13.0046 3348 SCardSvr - ok
22:30:13.0078 3348 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) H:\WINDOWS\system32\schedsvc.dll
22:30:13.0140 3348 Schedule - ok
22:30:13.0156 3348 Secdrv (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
22:30:13.0203 3348 Secdrv - ok
22:30:13.0218 3348 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) H:\WINDOWS\System32\seclogon.dll
22:30:13.0296 3348 seclogon - ok
22:30:13.0312 3348 SENS (2aac9b6ed9eddffb721d6452e34d67e3) H:\WINDOWS\system32\sens.dll
22:30:13.0375 3348 SENS - ok
22:30:13.0375 3348 serenum (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
22:30:13.0437 3348 serenum - ok
22:30:13.0453 3348 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) H:\WINDOWS\system32\DRIVERS\serial.sys
22:30:13.0531 3348 Serial - ok
22:30:13.0531 3348 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
22:30:13.0593 3348 Sfloppy - ok
22:30:13.0640 3348 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) H:\WINDOWS\System32\ipnathlp.dll
22:30:13.0718 3348 SharedAccess - ok
22:30:13.0750 3348 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:30:13.0765 3348 ShellHWDetection - ok
22:30:13.0765 3348 Simbad - ok
22:30:13.0781 3348 SLIP (866d538ebe33709a5c9f5c62b73b7d14) H:\WINDOWS\system32\DRIVERS\SLIP.sys
22:30:13.0859 3348 SLIP - ok
22:30:13.0859 3348 Sparrow - ok
22:30:13.0890 3348 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) H:\WINDOWS\system32\speedfan.sys
22:30:13.0890 3348 speedfan - ok
22:30:13.0906 3348 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
22:30:13.0984 3348 splitter - ok
22:30:14.0015 3348 Spooler (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe
22:30:14.0031 3348 Spooler - ok
22:30:14.0046 3348 sr (50fa898f8c032796d3b1b9951bb5a90f) H:\WINDOWS\system32\DRIVERS\sr.sys
22:30:14.0078 3348 sr - ok
22:30:14.0093 3348 srservice (fe77a85495065f3ad59c5c65b6c54182) H:\WINDOWS\system32\srsvc.dll
22:30:14.0140 3348 srservice - ok
22:30:14.0156 3348 Srv (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
22:30:14.0203 3348 Srv - ok
22:30:14.0203 3348 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) H:\WINDOWS\System32\ssdpsrv.dll
22:30:14.0250 3348 SSDPSRV - ok
22:30:14.0281 3348 stisvc (bc2c5985611c5356b24aeb370953ded9) H:\WINDOWS\system32\wiaservc.dll
22:30:14.0359 3348 stisvc - ok
22:30:14.0375 3348 streamip (77813007ba6265c4b6098187e6ed79d2) H:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:30:14.0437 3348 streamip - ok
22:30:14.0453 3348 swenum (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
22:30:14.0531 3348 swenum - ok
22:30:14.0546 3348 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
22:30:14.0609 3348 swmidi - ok
22:30:14.0609 3348 SwPrv - ok
22:30:14.0609 3348 symc810 - ok
22:30:14.0609 3348 symc8xx - ok
22:30:14.0609 3348 sym_hi - ok
22:30:14.0609 3348 sym_u3 - ok
22:30:14.0625 3348 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
22:30:14.0687 3348 sysaudio - ok
22:30:14.0703 3348 SysmonLog (2903fffa2523926d6219428040dce6b9) H:\WINDOWS\system32\smlogsvc.exe
22:30:14.0765 3348 SysmonLog - ok
22:30:14.0781 3348 TapiSrv (05903cac4b98908d55ea5774775b382e) H:\WINDOWS\System32\tapisrv.dll
22:30:14.0859 3348 TapiSrv - ok
22:30:14.0906 3348 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
22:30:14.0921 3348 Tcpip - ok
22:30:14.0953 3348 TDPIPE (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
22:30:15.0015 3348 TDPIPE - ok
22:30:15.0031 3348 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
22:30:15.0109 3348 TDTCP - ok
22:30:15.0125 3348 TermDD (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
22:30:15.0187 3348 TermDD - ok
22:30:15.0218 3348 TermService (b7de02c863d8f5a005a7bf375375a6a4) H:\WINDOWS\System32\termsrv.dll
22:30:15.0296 3348 TermService - ok
22:30:15.0328 3348 Themes (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
22:30:15.0328 3348 Themes - ok
22:30:15.0343 3348 TosIde - ok
22:30:15.0343 3348 TrkWks (626504572b175867f30f3215c04b3e2f) H:\WINDOWS\system32\trkwks.dll
22:30:15.0421 3348 TrkWks - ok
22:30:15.0437 3348 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
22:30:15.0515 3348 Udfs - ok
22:30:15.0515 3348 ultra - ok
22:30:15.0546 3348 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) H:\WINDOWS\system32\wdfmgr.exe
22:30:15.0562 3348 UMWdf - ok
22:30:15.0593 3348 Update (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
22:30:15.0671 3348 Update - ok
22:30:15.0687 3348 upnphost (1dfd8975d8c89214b98d9387c1125b49) H:\WINDOWS\System32\upnphost.dll
22:30:15.0734 3348 upnphost - ok
22:30:15.0734 3348 UPS (9b11e6118958e63e1fef129466e2bda7) H:\WINDOWS\System32\ups.exe
22:30:15.0796 3348 UPS - ok
22:30:15.0812 3348 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) H:\WINDOWS\system32\Drivers\Bulk100.sys
22:30:15.0812 3348 USBCamera - ok
22:30:15.0843 3348 usbccgp (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:30:15.0906 3348 usbccgp - ok
22:30:15.0937 3348 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
22:30:16.0015 3348 usbehci - ok
22:30:16.0031 3348 usbhub (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
22:30:16.0093 3348 usbhub - ok
22:30:16.0109 3348 usbohci (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
22:30:16.0171 3348 usbohci - ok
22:30:16.0218 3348 usbprint (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
22:30:16.0281 3348 usbprint - ok
22:30:16.0296 3348 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
22:30:16.0359 3348 usbscan - ok
22:30:16.0359 3348 usbstor (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:30:16.0421 3348 usbstor - ok
22:30:16.0421 3348 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
22:30:16.0500 3348 VgaSave - ok
22:30:16.0500 3348 ViaIde - ok
22:30:16.0515 3348 VolSnap (a5a712f4e880874a477af790b5186e1d) H:\WINDOWS\system32\drivers\VolSnap.sys
22:30:16.0578 3348 VolSnap - ok
22:30:16.0609 3348 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) H:\WINDOWS\system32\vsdatant.sys
22:30:16.0625 3348 Vsdatant - ok
22:30:16.0687 3348 vsmon - ok
22:30:16.0703 3348 VSS (68f106273be29e7b7ef8266977268e78) H:\WINDOWS\System32\vssvc.exe
22:30:16.0750 3348 VSS - ok
22:30:16.0781 3348 W32Time (7b353059e665f8b7ad2bbeaef597cf45) H:\WINDOWS\system32\w32time.dll
22:30:16.0859 3348 W32Time - ok
22:30:16.0875 3348 Wanarp (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
22:30:16.0937 3348 Wanarp - ok
22:30:16.0937 3348 WDICA - ok
22:30:16.0953 3348 wdmaud (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
22:30:17.0031 3348 wdmaud - ok
22:30:17.0031 3348 WebClient (81727c9873e3905a2ffc1ebd07265002) H:\WINDOWS\System32\webclnt.dll
22:30:17.0109 3348 WebClient - ok
22:30:17.0156 3348 winmgmt (6f3f3973d97714cc5f906a19fe883729) H:\WINDOWS\system32\wbem\WMIsvc.dll
22:30:17.0234 3348 winmgmt - ok
22:30:17.0250 3348 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) H:\WINDOWS\system32\mspmsnsv.dll
22:30:17.0250 3348 WmdmPmSN - ok
22:30:17.0265 3348 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) H:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:30:17.0343 3348 WmiAcpi - ok
22:30:17.0359 3348 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) H:\WINDOWS\System32\wbem\wmiapsrv.exe
22:30:17.0437 3348 WmiApSrv - ok
22:30:17.0468 3348 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) H:\WINDOWS\System32\drivers\ws2ifsl.sys
22:30:17.0531 3348 WS2IFSL - ok
22:30:17.0546 3348 wscsvc (300b3e84faf1a5c1f791c159ba28035d) H:\WINDOWS\system32\wscsvc.dll
22:30:17.0625 3348 wscsvc - ok
22:30:17.0640 3348 WSTCODEC (c98b39829c2bbd34e454150633c62c78) H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:30:17.0703 3348 WSTCODEC - ok
22:30:17.0718 3348 wuauserv - ok
22:30:17.0750 3348 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) H:\WINDOWS\System32\wzcsvc.dll
22:30:17.0812 3348 WZCSVC - ok
22:30:17.0828 3348 xmlprov (0ada34871a2e1cd2caafed1237a47750) H:\WINDOWS\System32\xmlprov.dll
22:30:17.0890 3348 xmlprov - ok
22:30:17.0906 3348 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
22:30:18.0203 3348 \Device\Harddisk0\DR0 - ok
22:30:18.0203 3348 Boot (0x1200) (a95a8dfa1a45f4bdec64ad96617330f5) \Device\Harddisk0\DR0\Partition0
22:30:18.0203 3348 \Device\Harddisk0\DR0\Partition0 - ok
22:30:18.0203 3348 ============================================================
22:30:18.0203 3348 Scan finished
22:30:18.0203 3348 ============================================================
22:30:18.0218 3456 Detected object count: 16
22:30:18.0218 3456 Actual detected object count: 16
22:30:47.0281 3456 Ambfilt ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0281 3456 Ambfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 AtiHdmiService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 AtiHdmiService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 Monfilt ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 Monfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 NmPar ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 NmPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 ousbehci ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 ousbehci ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 PSI ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 PSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 RTLE8023xp ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 RTLE8023xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 SASDIFSV ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 SASDIFSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 SASENUM ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 SASENUM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:30:47.0296 3456 SASKUTIL ( UnsignedFile.Multi.Generic ) - skipped by user
22:30:47.0296 3456 SASKUTIL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Step five:
This comp is running fast and very smoth now. And i gues it is clean.
You did a GREAT job -blmadara- and i can`t thank you enough for your help.
Please let me know if i should do anything else for my own and others security.

East or west - you are the best!

Kindley Yours
Alex

Edited by Common1, 30 June 2012 - 06:14 AM.

#8
blmadara

Posted 30 June 2012 - 04:02 PM

Trusted Helper

Malware Removal
767 posts

Hi Common1,

We're not quite finished yet,

Step One: Download and run MBAM
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy & Paste the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Two: ESET File Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Step Three: Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What I need in your next post:
1. The MBAM log.
2. The ESET log, H:\Program Files\EsetOnlineScanner\log.txt
3. The Security Check log, checkup.txt.

#9
Common1

Posted 01 July 2012 - 06:19 AM

Member

Topic Starter
Member
48 posts

Hi blmadara,

Step 1: MBAM-Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.01.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Alex :: BUERO [Administrator]

01.07.2012 13:48:31
mbam-log-2012-07-01 (13-48-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252344
Laufzeit: 2 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Step 2: ESET-onlinescan

For some reasons ESET did not start.
(after i accepted the EULA and clicked the "start"-button
i got the error message that the site has problems to load)
Made a screenshot of it.

Maybe we can use a different one?

Step 3: Security check

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
AVG 2012
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm-Sicherheit Toolbar
ZoneAlarm Security
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware Free Edition
Secunia PSI
Malwarebytes Anti-Malware Version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.3.300.262
Mozilla Firefox (3.6) Firefox out of Date!
Mozilla Thunderbird (2.0.0 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive H::
````````````````````End of Log``````````````````````

Again thanks a lot for your help!

#10
blmadara

Posted 02 July 2012 - 10:23 AM

Trusted Helper

Malware Removal
767 posts

Hi Common1,

Again thanks a lot for your help!

You're welcome!!

Step One: Update JAVA

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Step Two: Update Firefox

Your version of firefox is not up to date. Download the latest version of Firefox here, save it to your desktop, and install it.

Step Three: Update Thunderbird

Your version of Thunderbird is not up to date. Download the latest version here, save it to your desktop, and install it.

Step Four: Defragment your hard drive

Download Puran Disc Defragmenter and save it to your desktop.

When installing, please make sure to uncheck the Download and Install Babylon 9 - Recommended checkbox.

Click on Boot Time Defrag button and choose Restart-Defrag-Restart.

Posted Image

Step Five: Kaspersky Online Scanner

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
Click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View report... at the bottom.
Click the Save report... button.
Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

What I need in your next post:
1. The Kaspersky report, KasReport.txt.

#11
Common1

Posted 03 July 2012 - 10:05 AM

Member

Topic Starter
Member
48 posts

Hi blmadara,

bad news... :angry:

could not install Kaspersky.

Now i`m going to do the other steps.

Cheers

Attached Thumbnails

Edited by Common1, 03 July 2012 - 10:05 AM.

#12
blmadara

Posted 05 July 2012 - 10:37 AM

Trusted Helper

Malware Removal
767 posts

Hi Common1,

Did you update JAVA before you tried to install Kaspersky? If not, try and install it again after updating your JAVA and let me know what happened.

#13
Common1

Posted 06 July 2012 - 08:32 AM

Member

Topic Starter
Member
48 posts

Hello blmadara,

yes, i updated JAVA before my attempt with Kaspersky.
No idea why it dosn`t work.

All the other steps are done.

Kind regards

#14
blmadara

Posted 10 July 2012 - 08:55 AM

Trusted Helper

Malware Removal
767 posts

Hi Common1,

Step One: Download and Run AVP Tool by Kaspersky

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next
It will by default install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then choose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

What I need in your next post:
1. The Kaspersky results.

#15
Common1

Posted 13 July 2012 - 04:49 AM

Member

Topic Starter
Member
48 posts

Hi blmadara,

sorry for the delay in responding - i had a little trouble with running the scan
and i had to do it twice (each of them took more than 8 hours because of the amount of data
in my external drives "I.\" and "J:\" ...i think) :unsure: