Tojaner Kills Me
ich habe mir vor kurzem einen trojaner eingefangen. phänomen: ca. alle 3 minuten öffnet sich der IE von alleine und haut mir Werbung um die Ohren. Wenn ich offline bin tut er das gleiche, nur ohne inhalt. Mozilla und Chrome gehen langsamer, die Maschine braucht länger als gewöhnlich um hoch zu fahren.
ich habe antivir alles durch scannen lassen. beim ersten mal hat er den trojaner gefunden und ich hab ihn dann entfernt. danach war das problem aber nicht behoben. antivir zeigt mir am laufenden band an, dass er den trojaner gefunden hat oder andere programme bzw. dateien die als Viren bezeichnet werden. Das System wird laufend von Antivir geprüft. Das Problem wird jeoch nicht entgültig behoben
zwischen drinn hab ich den windows defender alles checken lassen, ebenfalls ohne ergebniss.
habe auch versucht den Look2Me-Destroyer anzuwenden. aber es passiert einfach nichts nachdem ein fenster sagt dass in 1 minute der scanner neu startet dh. das programm lässt sich nicht ausführen
Ich habe einen Systemscann mit OTL durchgeführt. Den Report poste ich hier.
OTL logfile created on: 07.10.2010 22:50:56 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = 
\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 92,98 Gb Free Space | 64,53% Space Free | Partition Type: NTFS
Drive | 144,00 Gb Total Space | 49,84 Gb Free Space | 34,61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DAN-PC
Current User Name: dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.10.07 22:49:06 | 000,576,512 | ---- | M] (OldTimer Tools) -- \Downloads\OTL.exe
PRC - [2010.10.05 19:56:52 | 000,254,464 | ---- | M] (Simon Tatham) -- C:\Users\dan\AppData\Local\Temp\Onj.exe
PRC - [2010.10.05 19:56:44 | 000,254,464 | ---- | M] (Simon Tatham) -- C:\Users\dan\AppData\Local\Temp\Ong.exe
PRC - [2010.09.21 06:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\dan\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.05.27 02:56:46 | 000,184,320 | ---- | M] () -- C:\Users\dan\AppData\Roaming\Aseccy\irma.exe
PRC - [2010.04.19 19:43:06 | 000,433,832 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2010.04.19 19:43:06 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 09:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 08:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.24 12:18:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.30 15:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 15:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.05.23 06:11:56 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 05:43:52 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 09:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.04.25 13:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 07:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 03:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 05:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:25:01 | 000,364,032 | ---- | M] () -- C:\Users\dan\AppData\Roaming\sdra64.exe
PRC - [2008.01.21 03:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.10.26 19:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2010.10.07 22:49:06 | 000,576,512 | ---- | M] (OldTimer Tools) -- \Downloads\OTL.exe
MOD - [2008.01.21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 03:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2010.04.19 19:43:06 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 08:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.05.23 06:11:56 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 05:43:52 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.21 03:25:06 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2008.01.21 03:25:06 | 000,371,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008.01.21 03:25:06 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.04.14 02:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\cvsmgwpl.sys -- (cvsmgwpl)
DRV - [2010.03.01 08:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 12:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.01.13 08:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.30 11:42:52 | 000,044,320 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.06.16 13:38:10 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.06.08 23:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 20:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008.04.17 08:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.05 06:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.02.14 00:17:10 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 02:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 06:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.07.15 23:20:26 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007.07.15 23:20:24 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.05.23 09:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.10.19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.paypal.com
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2940552180-3800383495-966965581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.reuters.com/"
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {2EB74E73-D8EB-40A1-8F78-B46A8F7C9E48}:1.9.1
FF - prefs.js..network.proxy.http: "proxy.rrz.uni-hamburg.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.14 02:43:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.06 00:01:32 | 000,000,000 | ---D | M]
[2008.10.29 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\mozilla\Extensions
[2010.10.07 16:44:53 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\mozilla\Firefox\Profiles\cz132n72.default\extensions
[2010.06.09 09:08:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dan\AppData\Roaming\mozilla\Firefox\Profiles\cz132n72.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.09 09:08:30 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\dan\AppData\Roaming\mozilla\Firefox\Profiles\cz132n72.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.07 23:41:21 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\dan\AppData\Roaming\mozilla\Firefox\Profiles\cz132n72.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010.07.20 20:24:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.20 20:24:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.14 02:43:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.06 23:42:43 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.06.14 02:43:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.14 02:43:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.14 02:43:11 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.14 02:43:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DNP] C:\Programme\Desktop Notepad\Desktop Notepad.exe (GreetSoft)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [{753DB943-432B-C9DD-35F4-7A686DD8D7DF}] C:\Users\dan\AppData\Roaming\Ecaka\souhi.exe ()
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [{81F19DF7-B74D-82F5-52AA-6BE5ACA01AA9}] C:\Users\dan\AppData\Roaming\Aseccy\irma.exe ()
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [EPSON S21 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [iyaboyorad] C:\Users\dan\AppData\Local\ehasuyax.DLL (VoLT, 2010)
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [KOO9RV9K4Z] C:\Users\dan\AppData\Local\Temp\Ong.exe (Simon Tatham)
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [sMH2B46TDP] C:\Users\dan\AppData\Local\Temp\Onj.exe (Simon Tatham)
O4 - HKU\S-1-5-21-2940552180-3800383495-966965581-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\dan\AppData\Roaming\sdra64.exe) - C:\Users\dan\AppData\Roaming\sdra64.exe ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4a3af2bc-86ca-11de-b041-0013779fa58c}\Shell\AutoRun\command - "" = F:\UsbSystem.exe -- File not found
O33 - MountPoints2\{5c3c8085-40d2-11de-83ba-0013779fa58c}\Shell - "" = AutoRun
O33 - MountPoints2\{5c3c8085-40d2-11de-83ba-0013779fa58c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows ****** 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.clmp3enc - C:\Programme\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.MP42 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010.10.07 00:54:26 | 000,000,000 | ---D | C] -- C:\inetpub
[2010.10.06 15:58:25 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.10.06 15:58:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010.10.06 15:55:10 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.05 19:58:22 | 000,000,000 | ---D | C] -- C:\Users\dan\AppData\Local\{2EB74E73-D8EB-40A1-8F78-B46A8F7C9E48}
[2010.10.05 19:56:28 | 000,000,000 | -HSD | C] -- C:\Users\dan\AppData\Roaming\lowsec
[2010.01.03 16:47:54 | 028,912,563 | ---- | C] (eRightSoft ) -- C:\Programme\SUPER2010setup.exe
[2009.11.30 15:34:25 | 093,234,472 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[2009.10.04 15:51:32 | 000,570,016 | ---- | C] (Google Inc.) -- C:\Programme\GoogleEarthSetup.exe
[2009.09.10 16:17:01 | 032,441,648 | ---- | C] (Apple Inc.) -- C:\Programme\QuickTimeInstaller.exe
[2009.08.24 12:13:01 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RealPlayerSPGold_de.exe
[2009.07.26 11:17:49 | 071,325,984 | ---- | C] (AVG Technologies) -- C:\Programme\avg_free_stf_eu_85_392a1598.exe
[2009.07.02 17:29:35 | 001,878,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\install_flash_player (2).exe
[2008.10.31 15:04:04 | 001,851,544 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\install_flash_player.exe
[2008.01.21 03:24:21 | 000,205,312 | ---- | C] (VoLT, 2010) -- C:\Users\dan\AppData\Local\ehasuyax.dll
[2006.11.24 06:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 06:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[2002.03.11 10:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 09:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe
========== Files - Modified Within 30 Days ==========
[2010.10.07 22:56:15 | 003,670,016 | -HS- | M] () -- C:\Users\dan\ntuser.dat
[2010.10.07 22:51:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940552180-3800383495-966965581-1003UA.job
[2010.10.07 22:46:49 | 001,537,096 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.07 22:46:49 | 000,670,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.07 22:46:49 | 000,622,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.07 22:46:49 | 000,137,984 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.07 22:46:49 | 000,114,328 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.07 22:46:02 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 22:44:08 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.07 22:41:11 | 000,246,851 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.07 22:40:59 | 000,110,240 | ---- | M] () -- C:\Users\dan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.07 22:40:29 | 000,000,120 | ---- | M] () -- C:\Users\dan\AppData\Local\Qcokin.dat
[2010.10.07 22:40:19 | 000,000,000 | ---- | M] () -- C:\Users\dan\AppData\Local\Szoziw.bin
[2010.10.07 22:39:59 | 000,246,851 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.07 22:39:57 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.07 22:39:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 22:39:44 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 22:39:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.07 22:39:30 | 000,404,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.07 22:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.07 22:38:39 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.07 22:37:47 | 000,524,288 | -HS- | M] () -- C:\Users\dan\ntuser.dat{7f2f20ac-aadf-11df-a452-0013779fa58c}.TMContainer00000000000000000001.regtrans-ms
[2010.10.07 22:37:47 | 000,065,536 | -HS- | M] () -- C:\Users\dan\ntuser.dat{7f2f20ac-aadf-11df-a452-0013779fa58c}.TM.blf
[2010.10.07 22:37:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.07 22:37:31 | 003,248,988 | -H-- | M] () -- C:\Users\dan\AppData\Local\IconCache.db
[2010.10.07 22:19:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.07 22:09:28 | 001,396,736 | ---- | M] () -- C:\Users\dan\AppData\Local\filesync.metadata
[2010.10.07 22:06:32 | 000,002,253 | ---- | M] () -- \Desktop\SyncToy 2.0.lnk
[2010.10.07 21:51:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940552180-3800383495-966965581-1003Core.job
[2010.10.07 19:52:09 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{221338B1-7DFC-4D69-93F1-00F01024EB7F}.job
[2010.10.06 20:36:17 | 000,010,210 | ---- | M] () -- \eigenedat\Documents\Story of us.docx
[2010.10.06 20:23:51 | 000,181,688 | ---- | M] () -- \Desktop\Aufsatz_Symposium_ZIB_09_02.pdf
[2010.10.06 15:58:16 | 000,000,184 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.10.06 15:48:36 | 000,062,332 | ---- | M] () -- \eigenedat\Documents\lesezeichen chrome.html
[2010.10.04 10:34:56 | 000,000,680 | ---- | M] () -- C:\Users\dan\AppData\Local\d3d9caps.dat
[2010.10.01 22:38:58 | 000,028,160 | ---- | M] () -- \Desktop\Coursework for EC0902A 2010.doc
[2010.09.30 21:24:22 | 000,024,622 | ---- | M] () -- \Desktop\cv proper english.docx
[2010.09.30 21:22:22 | 000,024,624 | ---- | M] () -- \Desktop\cv example.docx
[2010.09.22 21:45:38 | 000,000,356 | ---- | M] () -- \Desktop\uni - Verknüpfung.lnk
[2010.09.22 21:44:08 | 000,000,588 | ---- | M] () -- \Desktop\Corporate Finance - Verknüpfung.lnk
[2010.09.22 21:44:01 | 000,000,663 | ---- | M] () -- \Desktop\International Business Economics - Verknüpfung.lnk
[2010.09.22 21:43:55 | 000,000,698 | ---- | M] () -- \Desktop\Political Economy of the European Union - Verknüpfung.lnk
[2010.09.22 21:43:52 | 000,000,618 | ---- | M] () -- \Desktop\strategy and management - Verknüpfung.lnk
[2010.09.19 22:30:10 | 000,030,208 | ---- | M] () -- \Desktop\Merk dir was ich schreibe.doc
[2010.09.16 19:15:07 | 000,098,816 | ---- | M] () -- C:\Users\dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2010.10.07 22:06:14 | 000,002,253 | ---- | C] () -- \Desktop\SyncToy 2.0.lnk
[2010.10.06 20:36:16 | 000,010,210 | ---- | C] () -- \eigenedat\Documents\Story of us.docx
[2010.10.06 20:23:51 | 000,181,688 | ---- | C] () -- \Desktop\Aufsatz_Symposium_ZIB_09_02.pdf
[2010.10.06 15:58:16 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.10.06 15:48:36 | 000,062,332 | ---- | C] () -- \eigenedat\Documents\lesezeichen chrome.html
[2010.10.05 21:58:47 | 000,000,120 | ---- | C] () -- C:\Users\dan\AppData\Local\Qcokin.dat
[2010.10.05 21:58:47 | 000,000,000 | ---- | C] () -- C:\Users\dan\AppData\Local\Szoziw.bin
[2010.10.05 20:13:17 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.05 19:56:49 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.01 22:38:58 | 000,028,160 | ---- | C] () -- \Desktop\Coursework for EC0902A 2010.doc
[2010.09.30 21:24:21 | 000,024,622 | ---- | C] () -- \Desktop\cv proper english.docx
[2010.09.27 18:24:52 | 000,024,624 | ---- | C] () -- \Desktop\cv example.docx
[2010.09.22 21:45:38 | 000,000,356 | ---- | C] () -- \Desktop\uni - Verknüpfung.lnk
[2010.09.22 21:44:08 | 000,000,588 | ---- | C] () -- \Desktop\Corporate Finance - Verknüpfung.lnk
[2010.09.22 21:44:01 | 000,000,663 | ---- | C] () -- \Desktop\International Business Economics - Verknüpfung.lnk
[2010.09.22 21:43:55 | 000,000,698 | ---- | C] () -- \Desktop\Political Economy of the European Union - Verknüpfung.lnk
[2010.09.22 21:43:52 | 000,000,618 | ---- | C] () -- \Desktop\strategy and management - Verknüpfung.lnk
[2010.09.19 22:30:09 | 000,030,208 | ---- | C] () -- \Desktop\Merk dir was ich schreibe.doc
[2010.09.19 22:21:45 | 000,016,420 | ---- | C] () -- \Desktop\Eines muss man Ihm lassen.docx
[2010.06.10 12:47:21 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010.06.06 23:43:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.01.03 16:49:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.01.03 16:49:20 | 000,001,829 | ---- | C] () -- C:\Program Files\SUPER © Uninstall.lnk
[2009.12.31 14:24:33 | 004,618,264 | ---- | C] () -- C:\Programme\va3.exe
[2009.12.29 14:17:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.11.12 18:22:14 | 034,119,048 | ---- | C] () -- C:\Programme\avira_antivir_personal408_de.exe
[2009.11.12 00:19:38 | 034,119,048 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2009.07.27 19:22:18 | 000,001,647 | ---- | C] () -- C:\Program Files\AVG Free 8.5.lnk
[2009.03.28 09:30:39 | 000,000,680 | ---- | C] () -- C:\Users\dan\AppData\Local\d3d9caps.dat
[2009.01.08 19:48:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.03 17:32:15 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008.11.22 18:49:36 | 000,000,000 | ---- | C] () -- C:\Users\dan\AppData\Roaming\sversion.ini
[2008.11.11 14:09:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.09 16:07:33 | 000,022,332 | ---- | C] () -- C:\Users\dan\AppData\Roaming\UserTile.png
[2008.11.09 13:14:05 | 001,396,736 | ---- | C] () -- C:\Users\dan\AppData\Local\filesync.metadata
[2008.11.05 15:23:58 | 016,446,464 | ---- | C] () -- C:\Programme\VLC_094.EXE
[2008.11.05 15:02:20 | 025,170,424 | ---- | C] () -- C:\Programme\antivir_workstation82_winu_de_h.exe
[2008.10.28 21:48:36 | 000,098,816 | ---- | C] () -- C:\Users\dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.30 18:09:24 | 135,428,177 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2008.09.30 17:35:06 | 000,000,217 | ---- | C] () -- C:\Programme\setup.ini
[2008.09.30 17:35:04 | 009,776,128 | ---- | C] () -- C:\Programme\openofficeorg30.msi
[2008.09.18 17:08:54 | 000,424,728 | ---- | C] () -- C:\Programme\setup.exe
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.07.08 15:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 15:39:09 | 000,246,851 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 15:39:09 | 000,246,851 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 15:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 15:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 13:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.18 14:59:56 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.01.21 03:25:01 | 000,364,032 | ---- | C] () -- C:\Users\dan\AppData\Roaming\sdra64.exe
[2007.10.31 10:22:10 | 000,176,128 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2007.10.25 14:05:54 | 000,884,736 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter.dll
[2007.10.17 15:42:00 | 001,511,424 | ---- | C] () -- C:\Windows\System32\HDX4MediaReveal.dll
[2007.02.15 08:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 09:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 02:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2006.08.23 00:00:00 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2006.08.23 00:00:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2006.08.23 00:00:00 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2006.08.23 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2009.03.12 00:47:20 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Academic Software Zurich
[2010.05.27 02:56:46 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Aseccy
[2010.09.03 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Ecaka
[2008.12.17 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Engelmann Media
[2010.10.07 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Etmau
[2010.10.07 21:46:47 | 000,000,000 | -HSD | M] -- C:\Users\dan\AppData\Roaming\lowsec
[2010.06.10 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\OpenOffice.org
[2008.11.09 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\PeerNetworking
[2010.06.10 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\PrimoPDF
[2009.12.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\UDC Profiles
[2010.10.07 22:40:29 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Uhli
[2010.08.31 01:13:31 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\uTorrent
[2010.10.07 22:37:42 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.07 19:52:09 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{221338B1-7DFC-4D69-93F1-00F01024EB7F}.job
[2010.10.07 22:46:02 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 22:44:08 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.03.12 00:47:20 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Academic Software Zurich
[2009.02.13 18:37:44 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Adobe
[2009.11.30 16:05:52 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Apple Computer
[2010.05.27 02:56:46 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Aseccy
[2009.12.09 17:37:54 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Avant Profiles
[2010.04.11 13:09:43 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Avira
[2008.11.01 20:54:23 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\CyberLink
[2009.01.19 23:10:51 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\DivX
[2010.08.28 14:25:52 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\dvdcss
[2010.09.03 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Ecaka
[2008.12.17 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Engelmann Media
[2010.10.07 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Etmau
[2008.10.28 20:43:40 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Identities
[2009.12.29 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\InstallShield
[2009.08.14 19:13:52 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Intel
[2010.10.07 21:46:47 | 000,000,000 | -HSD | M] -- C:\Users\dan\AppData\Roaming\lowsec
[2008.10.29 10:31:41 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Media Center Programs
[2010.10.07 00:40:58 | 000,000,000 | --SD | M] -- C:\Users\dan\AppData\Roaming\Microsoft
[2008.12.02 01:04:57 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Mozilla
[2010.06.10 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\OpenOffice.org
[2008.11.09 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\PeerNetworking
[2010.06.10 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\PrimoPDF
[2010.03.07 23:36:43 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Real
[2010.10.07 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Skype
[2010.10.07 16:04:45 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\skypePM
[2008.11.22 18:47:05 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Sun
[2009.12.17 17:01:31 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\UDC Profiles
[2010.10.07 22:40:29 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\Uhli
[2010.08.31 01:13:31 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\uTorrent
[2008.11.05 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\vlc
[2008.12.21 02:12:05 | 000,000,000 | ---D | M] -- C:\Users\dan\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2008.01.21 03:25:01 | 000,364,032 | ---- | M] () -- C:\Users\dan\AppData\Roaming\sdra64.exe
[2010.05.27 02:56:46 | 000,184,320 | ---- | M] () -- C:\Users\dan\AppData\Roaming\Aseccy\irma.exe
[2010.09.03 02:15:53 | 000,114,176 | ---- | M] () -- C:\Users\dan\AppData\Roaming\Ecaka\souhi.exe
[2010.05.26 21:31:51 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\dan\AppData\Roaming\Real\Update\setup3.10\setup.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTOR.SYS >
[2008.06.16 13:38:28 | 000,396,312 | ---- | M] (Intel Corporation) MD5=DB0C1076AB442C09D2A3AB0410DBEA0D -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.06.16 13:38:10 | 0
Kommentare
-
Lassen Sie Ihren Rechner mit unserer Notfall CD scannen.
Informationen diesbezüglich finden Sie hier:
http://www.bitdefender.de/site/KnowledgeBase/consumer/#627
Informationen bezüglich des Scanvorgangs finden Sie hier:0
