"Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT

svb · 20.01.2012, 19:02

Hallo zusammen,

mein Bildschirm wurde schwarz mit der o.g. Meldung in Verbindung mit einer Zahlungsaufforderung... habe den PC abgeschaltet.

Vom Netz getrennt, Antivir Systemprüfung ergab mehrere Funde, in Quarantäne verschoben und gelöscht. Bei Neustart erschien Fehlermeldung dass "C:\Programme\C13DD/lvvm.exe" nicht gefunden werden konnte. Malwarebytes erstmals laufen gelassen, erneut mehrere Funde, in Q. verschoben und gelöscht. Fehlermeldung bzgl. lvvm.exe tauchte nicht mehr auf, aber ich bin sehr verunsichert.

Malwarebytes-Log im Anhang. Programm wurde neu installiert und zuvor nicht verwendet (keine älteren Logs vorhanden).

1) Defogger ausgeführt: keine Fehlermeldung

2) OTL ausgeführt: folgendes Ergebnis

Code:

ATTFilter

OTL logfile created on: 20.01.2012 17:35:14 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 62,08% Memory free
2,08 Gb Paging File | 1,58 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,76 Gb Total Space | 1,19 Gb Free Space | 4,63% Space Free | Partition Type: FAT32
Drive D: | 26,97 Gb Total Space | 11,56 Gb Free Space | 42,86% Space Free | Partition Type: FAT32
 
Computer Name: SIMON | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.20 17:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2012.01.03 08:37:54 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.13 20:06:44 | 000,436,903 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2011.08.13 20:06:44 | 000,151,552 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2011.08.13 20:06:44 | 000,069,632 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2011.04.08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.12 17:36:56 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.03.09 03:47:02 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\LGScsiCommandService.exe
PRC - [2009.08.06 11:46:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.10 12:15:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.24 11:21:04 | 000,360,448 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2009.03.02 12:08:44 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.16 16:22:18 | 000,356,352 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
PRC - [2006.01.02 10:31:28 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.12.12 03:35:00 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Programme\Gemeinsame Dateien\Hornet\MntrHrnt.exe
PRC - [2005.11.10 19:09:24 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
PRC - [2005.11.08 10:45:52 | 000,069,632 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2005.11.08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
PRC - [2005.10.24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005.08.31 19:59:34 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005.08.31 19:59:22 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005.08.31 19:59:22 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.07.26 11:36:00 | 000,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2005.07.25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Programme\Launch Manager\OSDCtrl.exe
PRC - [2005.04.15 11:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.02.04 11:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.05.05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002.08.30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Programme\Launch Manager\Powerkey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.05 19:04:58 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.05.15 17:35:30 | 000,385,024 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\xTools.dll
MOD - [2009.04.24 11:21:04 | 000,360,448 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
MOD - [2009.01.28 15:03:50 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.11.26 13:18:50 | 000,262,144 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\001\HP_T006.dll
MOD - [2008.10.16 16:22:18 | 000,356,352 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
MOD - [2008.10.16 15:28:30 | 000,430,080 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\xUtility.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
MOD - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.04.20 08:34:38 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005.12.12 03:35:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Hornet\HlprHrnt.dll
MOD - [2005.11.08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
MOD - [2005.09.05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005.08.31 19:59:42 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005.08.31 19:59:42 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005.08.31 19:59:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005.08.31 19:59:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005.08.24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005.07.26 11:36:00 | 000,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
MOD - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
MOD - [2005.07.25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Programme\Launch Manager\OSDCtrl.exe
MOD - [2003.12.29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2002.11.26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2002.08.30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Programme\Launch Manager\Powerkey.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (FileZilla Server)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.13 20:06:44 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.02.28 23:19:24 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.02.02 16:41:26 | 001,377,104 | ---- | M] (Flexera Software, Inc.) [Auto | Stopped] -- D:\Programme\MATLAB\R2011a\etc\win32\lmgrd.exe -- (MATLAB License Server)
SRV - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.09 03:47:02 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2009.08.06 11:46:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 12:15:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.11 20:13:22 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005.08.31 19:59:22 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2003.05.05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.13 20:06:40 | 000,211,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.08.13 20:06:40 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.08.13 20:06:40 | 000,028,896 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.12.07 23:24:56 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 11:32:22 | 010,498,688 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.06.10 12:15:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.27 00:53:54 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpGmb001.sys -- (HpGmb001)
DRV - [2009.04.27 19:30:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:02 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.06.27 12:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.06.27 12:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006.09.28 11:47:48 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2006.04.20 08:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.12.12 03:36:00 | 000,009,760 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2005.11.08 15:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.11.08 15:11:38 | 000,242,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.11.08 15:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.19 10:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.04.07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.12.15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004.12.02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.08.04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001.11.02 09:21:14 | 000,007,896 | ---- | M] (Sven Goers Software) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2000.12.19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Launch Manager\POWERKEY.SYS -- (POWERKEY)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.ucd.ie/proxy.pac"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64202
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.08.12 11:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.05.23 17:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.05.23 17:40:08 | 000,000,000 | ---D | M]
 
[2008.12.07 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2006.05.23 17:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\extensions
[2011.12.08 18:44:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.09.16 17:22:20 | 000,002,394 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\searchplugins\askcom.xml
[2006.05.23 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.19 12:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.01.18 17:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.08.12 11:16:18 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NK9BOKRW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NK9BOKRW.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NK9BOKRW.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI
[2009.10.23 14:00:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.10.30 08:56:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.01.20 17:26:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.20 17:26:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.01.20 17:26:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.20 17:26:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.20 17:26:40 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.20 17:26:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.20 17:26:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Acronis*True*Image Monitor] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [HornetMonitor] C:\Programme\Gemeinsame Dateien\Hornet\MntrHrnt.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [HP Input Device Main Program] C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [Firefox helper] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\firefox.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6399D504-F1C0-475E-9BFC-83A23B77FDDF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1\FC661.exe) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80f4a578-af4c-11dd-88a1-00038a000015}\Shell\AutoRun\command - "" = InfoStickStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.20 17:32:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.19 18:01:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.01.19 18:01:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.19 18:01:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.19 18:01:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.19 18:01:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.19 18:00:36 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.12 20:20:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
[2012.01.12 20:20:38 | 000,000,000 | ---D | C] -- C:\Programme\LP
[2012.01.07 12:28:57 | 000,011,264 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\HpGmb001.sys
[2012.01.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2012.01.07 12:27:44 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard
[2010.08.17 19:17:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010.08.17 19:17:32 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2010.08.17 19:17:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010.08.17 19:17:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.20 17:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.20 17:30:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.20 17:28:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.20 17:13:50 | 000,609,913 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Für alle Hilfesuchenden!.pdf
[2012.01.20 16:54:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.20 16:53:44 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012.01.20 16:52:50 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.01.20 16:52:42 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.20 16:52:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.19 18:00:50 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.12 06:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.12 06:35:40 | 000,494,910 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.12 06:35:40 | 000,475,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.12 06:35:40 | 000,092,144 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.12 06:35:40 | 000,077,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.07 11:42:34 | 000,606,764 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00002.pdf
[2012.01.07 11:41:26 | 000,239,648 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00001.pdf
[2012.01.05 22:45:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.04 09:52:26 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.22 17:17:42 | 000,123,616 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Alte Flecken.pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.20 17:30:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.20 17:28:45 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.20 17:13:45 | 000,609,913 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Für alle Hilfesuchenden!.pdf
[2012.01.18 06:55:26 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.07 11:42:31 | 000,606,764 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00002.pdf
[2012.01.07 11:41:24 | 000,239,648 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00001.pdf
[2011.12.22 17:17:41 | 000,123,616 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Alte Flecken.pdf
[2011.09.26 00:07:50 | 000,487,266 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-784067579-1475614593-3799683021-1005-0.dat
[2011.09.26 00:07:48 | 000,487,266 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.08.13 20:06:39 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2011.03.16 14:18:21 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2011.03.16 14:18:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2011.03.16 14:18:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2011.02.19 11:56:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011.02.09 17:38:43 | 000,139,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.12.11 21:52:27 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.08.17 19:17:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.08.17 19:17:42 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2010.08.17 19:17:42 | 000,360,448 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2010.08.17 19:17:41 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2010.08.17 19:17:32 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\DeNoise.sys
[2009.12.01 15:25:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009.10.27 18:13:56 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.20 09:46:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.10.12 18:56:13 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.10.12 18:54:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.10.12 18:54:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2008.12.10 18:01:18 | 000,000,082 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2008.04.14 18:20:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008.03.30 13:31:11 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.12.03 13:13:23 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.11.12 18:45:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.01.02 20:03:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.01.02 20:03:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.12.20 15:38:01 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2006.12.20 15:37:27 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006.12.20 15:37:26 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.12.10 18:05:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006.12.10 18:05:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006.12.06 22:52:35 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006.11.30 22:38:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.11.30 22:34:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006.11.30 22:33:58 | 000,000,918 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006.11.30 22:33:58 | 000,000,584 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006.11.30 22:33:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006.11.30 22:33:58 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.11.30 22:33:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006.11.24 13:30:43 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.06.27 08:49:37 | 000,077,824 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.06.07 12:20:11 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.05.23 18:12:47 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.05.23 17:40:06 | 000,003,151 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.05.23 06:10:50 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006.05.23 06:10:46 | 000,822,784 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006.05.23 06:10:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Outlook Addin.dll
[2006.05.23 06:10:46 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\keyManager.dll
[2006.05.23 06:10:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2006.05.23 06:10:45 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\CryptoAPI.dll
[2006.05.23 06:10:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LogSPWusage.dll
[2006.05.23 06:10:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006.05.23 06:10:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2006.05.23 06:10:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2006.05.23 06:10:45 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2006.05.23 06:09:55 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006.05.23 06:07:23 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005.12.15 12:54:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.12.15 12:34:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005.12.15 12:25:08 | 000,494,910 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.12.15 12:25:08 | 000,475,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.12.15 12:25:08 | 000,092,144 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.12.15 12:25:08 | 000,077,126 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.12.06 10:51:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.12.06 10:35:28 | 000,603,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.09 02:12:16 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005.07.05 08:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.06.02 11:27:08 | 000,000,215 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.01.21 11:48:06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004.12.17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.10.27 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004.09.13 12:33:24 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.13 12:31:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.05.14 13:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2003.07.21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002.09.12 22:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.09.12 22:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997.07.11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Docobj.dll
 
========== LOP Check ==========
 
[2005.12.15 12:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.05.23 06:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2006.11.08 20:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008.04.10 14:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EcoWin
[2009.10.12 18:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.12.31 16:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.02.13 20:57:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.02.13 20:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.08.12 11:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.09.25 22:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMA
[2006.05.23 06:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer
[2006.06.07 15:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2006.07.31 20:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Alien Skin
[2006.11.24 13:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPLive
[2006.12.10 21:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2007.04.29 20:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2008.04.14 18:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft
[2008.09.11 14:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nvu
[2008.09.23 15:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Webocton - Scriptly
[2008.10.07 23:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2009.02.10 22:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.05.02 13:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit
[2009.05.04 08:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.10.29 14:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Octoshape
[2010.08.15 17:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX
[2010.10.15 17:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FinalMediaPlayer
[2011.02.13 20:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011.08.12 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Swiss Academic Software
[2011.08.13 22:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2011.08.24 15:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yWorks
[2012.01.12 20:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2004.09.13 12:09:24 | 000,000,000 | ---D | M] -- C:\I386
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOCS
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004.09.13 12:13:22 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004.09.13 12:13:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2009.08.04 16:54:08 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2004.09.13 12:14:16 | 000,000,000 | ---D | M] -- C:\ELEMENTS
[2004.09.13 12:20:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004.09.13 12:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.09.13 12:32:24 | 000,000,000 | R--D | M] -- C:\Programme
[2005.07.05 07:43:30 | 000,000,000 | ---D | M] -- C:\BOOK
[2005.07.05 07:44:36 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2005.07.05 08:01:14 | 000,000,000 | ---D | M] -- C:\Program Files
[2005.12.15 12:35:02 | 000,000,000 | ---D | M] -- C:\My Music
[2009.08.19 19:46:46 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2006.05.23 06:03:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.14 18:20:50 | 000,000,000 | ---D | M] -- C:\Brother
[2009.10.10 21:28:14 | 000,000,000 | -HSD | M] -- C:\FOUND.002
[2009.10.11 10:27:22 | 000,000,000 | -HSD | M] -- C:\FOUND.003
[2009.04.07 18:34:36 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2006.05.23 06:08:00 | 000,000,000 | ---D | M] -- C:\Acer
[2009.11.20 19:53:06 | 000,000,000 | -HSD | M] -- C:\FOUND.005
[2010.01.24 18:53:08 | 000,000,000 | -HSD | M] -- C:\FOUND.006
[2009.10.29 22:38:28 | 000,000,000 | -HSD | M] -- C:\FOUND.004
[2010.08.20 09:35:54 | 000,000,000 | -HSD | M] -- C:\FOUND.007
[2010.09.20 08:15:18 | 000,000,000 | -HSD | M] -- C:\FOUND.008
[2010.01.18 08:52:18 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2010.08.27 16:36:00 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.02.17 21:55:16 | 000,000,000 | -HSD | M] -- C:\FOUND.009
[2011.09.25 12:57:28 | 000,000,000 | ---D | M] -- C:\log
[2011.11.11 20:28:20 | 000,000,000 | -HSD | M] -- C:\FOUND.010
[2006.05.23 18:35:06 | 000,000,000 | -HSD | M] -- C:\Recycled
[2006.06.12 14:06:00 | 000,000,000 | ---D | M] -- C:\Temp
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 15:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 15:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 21:19:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 15:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 17:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 12:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 16:43:02 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 12:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 15:25:06 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 13:48:04 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 13:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2011.08.17 15:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 21:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:14 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-16 22:01:46
 
<           >

< End of report >

Extras.txt im Anhang.

3) X86-basierter PC
Gmer ausgeführt: siehe Gmer.txt im Anhang

VIELEN DANK FÜR EURE HILFE im Voraus!
MfG svb

cosinus · 23.01.2012, 13:39

Zitat:

(Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

Was hat Malwarebytes schon alles an Log erzeugt? Alle bitte posten

svb · 23.01.2012, 20:46

Hallo,

danke für deine Rückmeldung.

Malwarebytes-Log im Anhang. Programm wurde neu installiert und zuvor nicht verwendet (keine älteren Logs vorhanden).

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.19.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.11
*** :: SIMON [Administrator]

Schutz: Aktiviert

19.01.2012 18:06:46
mbam-log-2012-01-19 (18-06-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410146
Laufzeit: 2 Stunde(n), 32 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\{NSINAME} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 6
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|load (Backdoor.CycBot) -> Daten: C:\Programme\C13DD\lvvm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Daten: http=127.0.0.1:64202 -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Daten: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Daten: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|6CE.exe (Backdoor.CycBot) -> Daten: C:\Programme\LP\2DF0\6CE.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Danke für weitere Hilfe...!
svb

cosinus · 23.01.2012, 22:11

Zitat:

19.01.2012 18:06:46
mbam-log-2012-01-19 (18-06-46).txt
Datenbank Version: v2012.01.19.03

Den Scan hast du aber schon vor vier Tagen gemacht!
Bitte updaten und dem Vollscan wiederholen.

Zitat:

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.11
*** :: SIMON [Administrator]

Sowas müssen wir nachher dringend ändern!

1.) FAT32 als Systempartitions-Dateisystem ist suboptimal, es ist nicht so robust und sicher wie NTFS
2.) IE7 ist stark veraltet
3.) Du brauchst Adminrechte für alle Analysen hier, aber wenn wir hier durch sind solltest du diesem Konto die Adminrechte wegnehmen und zur Verwaltung des Rechners ein anderes Konto mit Adminrechten benutzen - mit Adminrechten wird NICHT gesurft!

svb · 24.01.2012, 21:40

Anbei der aktuelle Log...!

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
*** :: SIMON [Administrator]

Schutz: Aktiviert

24.01.2012 19:31:00
mbam-log-2012-01-24 (19-31-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 413712
Laufzeit: 1 Stunde(n), 50 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Die Hinweise klingen gut bzw. sehr plausibel.
Besten Dank schon einmal!
Gruß svb

cosinus · 24.01.2012, 22:10

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

svb · 25.01.2012, 19:48

Hier der Inhalt von log.txt

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7823871e6d36a64c94041e6e4e8588cb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-25 06:38:02
# local_time=2012-01-25 07:38:02 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775125 100 100 435228 103023502 71457 0
# compatibility_mode=8192 67108863 100 0 3864 3864 0 0
# scanned=242214
# found=2
# cleaned=0
# scan_time=8508
C:\WINDOWS\FixCamera.exe	a variant of Win32/KillProc.A application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/KillProc.A application	00000000000000000000000000000000	I

Danke & Gruß
svb

cosinus · 25.01.2012, 20:06

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

svb · 25.01.2012, 21:13

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.01.2012 20:36:24 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 58,07% Memory free
2,08 Gb Paging File | 1,51 Gb Available in Paging File | 72,65% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,76 Gb Total Space | 0,45 Gb Free Space | 1,73% Space Free | Partition Type: FAT32
Drive D: | 26,97 Gb Total Space | 11,50 Gb Free Space | 42,65% Space Free | Partition Type: FAT32
 
Computer Name: SIMON | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.20 17:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.13 20:06:44 | 000,436,903 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2011.08.13 20:06:44 | 000,151,552 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2011.08.13 20:06:44 | 000,069,632 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.12 17:36:56 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.03.09 03:47:02 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\LGScsiCommandService.exe
PRC - [2009.08.06 11:46:10 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.10 12:15:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.24 11:21:04 | 000,360,448 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2009.03.02 12:08:44 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.16 16:22:18 | 000,356,352 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
PRC - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe
PRC - [2006.01.02 10:31:28 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005.12.12 03:35:00 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Programme\Gemeinsame Dateien\Hornet\MntrHrnt.exe
PRC - [2005.11.10 19:09:24 | 000,212,992 | ---- | M] (Acer Inc) -- C:\Acer\Empowering Technology\ePower\epm-dm.exe
PRC - [2005.11.08 10:45:52 | 000,069,632 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2005.11.08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
PRC - [2005.10.24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005.08.31 19:59:34 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005.08.31 19:59:22 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005.08.31 19:59:22 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.07.26 11:36:00 | 000,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2005.07.25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Programme\Launch Manager\OSDCtrl.exe
PRC - [2005.02.04 11:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.05.05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2002.08.30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Programme\Launch Manager\Powerkey.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.05.15 17:35:30 | 000,385,024 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\xTools.dll
MOD - [2009.04.24 11:21:04 | 000,360,448 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
MOD - [2009.01.28 15:03:50 | 000,326,401 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.11.26 13:18:50 | 000,262,144 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\001\HP_T006.dll
MOD - [2008.10.16 16:22:18 | 000,356,352 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe
MOD - [2008.10.16 15:28:30 | 000,430,080 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\UI\xManager\xUtility.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.07.11 16:09:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe
MOD - [2007.05.10 13:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006.09.16 22:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.04.20 08:34:38 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005.12.12 03:35:00 | 000,045,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Hornet\HlprHrnt.dll
MOD - [2005.11.08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe
MOD - [2005.09.05 16:31:56 | 000,229,472 | ---- | M] () -- C:\Acer\Empowering Technology\NetMonitor.dll
MOD - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2005.08.31 19:59:42 | 000,184,424 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2005.08.31 19:59:42 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2005.08.31 19:59:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2005.08.31 19:59:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2005.08.24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2005.07.26 11:36:00 | 000,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
MOD - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
MOD - [2005.07.25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Programme\Launch Manager\OSDCtrl.exe
MOD - [2003.12.29 20:45:08 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ServiceControl.dll
MOD - [2002.11.26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2002.08.30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Programme\Launch Manager\Powerkey.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (FileZilla Server)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.13 20:06:44 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.02.28 23:19:24 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.02.02 16:41:26 | 001,377,104 | ---- | M] (Flexera Software, Inc.) [Auto | Stopped] -- D:\Programme\MATLAB\R2011a\etc\win32\lmgrd.exe -- (MATLAB License Server)
SRV - [2011.01.12 17:35:12 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.09 03:47:02 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
SRV - [2009.08.06 11:46:10 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 12:15:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.11 20:13:22 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006.04.20 08:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\RWTH Aachen\Cisco VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.10.24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005.08.31 19:59:48 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005.08.31 19:59:46 | 000,249,954 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005.08.31 19:59:22 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2003.05.05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.13 20:06:40 | 000,211,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2011.08.13 20:06:40 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011.08.13 20:06:40 | 000,028,896 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010.01.21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010.01.21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009.12.07 23:24:56 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 11:32:22 | 010,498,688 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.06.10 12:15:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.27 00:53:54 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpGmb001.sys -- (HpGmb001)
DRV - [2009.04.27 19:30:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:02 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.06.27 12:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007.06.27 12:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006.09.28 11:47:48 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2006.04.20 08:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.12.12 03:36:00 | 000,009,760 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\softctrl.sys -- (softctrl)
DRV - [2005.11.08 15:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.11.08 15:11:38 | 000,242,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.11.08 15:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.10.15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.06.30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.05.02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.19 10:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.04.07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.12.15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004.12.02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.08.04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004.07.19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001.11.02 09:21:14 | 000,007,896 | ---- | M] (Sven Goers Software) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\IWPORT.SYS -- (IWPORT)
DRV - [2000.12.19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Launch Manager\POWERKEY.SYS -- (POWERKEY)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.ucd.ie/proxy.pac"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64202
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011.08.12 11:16:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.05.23 17:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.05.23 17:40:08 | 000,000,000 | ---D | M]
 
[2008.12.07 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2006.05.23 17:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\extensions
[2011.12.08 18:44:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.09.16 17:22:20 | 000,002,394 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\nk9bokrw.default\searchplugins\askcom.xml
[2006.05.23 17:40:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.19 12:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NK9BOKRW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\***\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NK9BOKRW.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012.01.20 17:26:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.20 17:26:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2012.01.20 17:26:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.20 17:26:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.20 17:26:40 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.20 17:26:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.20 17:26:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Acronis*True*Image Monitor] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe ()
O4 - HKLM..\Run: [EPM-DM] c:\Acer\Empowering Technology\ePower\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [HornetMonitor] C:\Programme\Gemeinsame Dateien\Hornet\MntrHrnt.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [HP Input Device Main Program] C:\Programme\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Programme\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [Firefox helper] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\firefox.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6399D504-F1C0-475E-9BFC-83A23B77FDDF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1\FC661.exe) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80f4a578-af4c-11dd-88a1-00038a000015}\Shell\AutoRun\command - "" = InfoStickStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.25 20:31:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\OTL_20120120
[2012.01.25 20:30:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.01.25 17:12:10 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.25 17:11:57 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.24 19:13:35 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\PrivacIE
[2012.01.24 18:19:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\***\IETldCache
[2012.01.24 17:51:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.01.24 17:46:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.01.20 18:58:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.01.20 18:58:23 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.01.20 17:32:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.19 18:01:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012.01.19 18:01:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.19 18:01:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.19 18:01:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.19 18:01:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.01.19 18:00:36 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.12 20:20:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
[2012.01.12 20:20:38 | 000,000,000 | ---D | C] -- C:\Programme\LP
[2012.01.07 12:28:57 | 000,011,264 | ---- | C] (Primax Electronics Ltd.) -- C:\WINDOWS\System32\drivers\HpGmb001.sys
[2012.01.07 12:27:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2012.01.07 12:27:44 | 000,000,000 | ---D | C] -- C:\Programme\Hewlett-Packard
[2010.08.17 19:17:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2010.08.17 19:17:32 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2010.08.17 19:17:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2010.08.17 19:17:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.25 20:30:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.01.25 17:12:02 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\***\Desktop\esetsmartinstaller_enu.exe
[2012.01.25 17:07:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.25 17:07:46 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2012.01.25 17:06:22 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.01.25 17:06:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.25 17:06:12 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.21 03:08:14 | 000,000,058 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2012.01.20 19:00:36 | 000,068,586 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Logfiles.zip
[2012.01.20 18:58:10 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\7z920.exe
[2012.01.20 18:03:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\hnir4y82.exe
[2012.01.20 17:32:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.20 17:30:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.20 17:28:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.20 17:13:50 | 000,609,913 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Für alle Hilfesuchenden!.pdf
[2012.01.19 18:00:50 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.12 06:35:40 | 000,494,910 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.12 06:35:40 | 000,475,084 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.12 06:35:40 | 000,092,144 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.12 06:35:40 | 000,077,126 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.07 11:42:34 | 000,606,764 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00002.pdf
[2012.01.07 11:41:26 | 000,239,648 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00001.pdf
[2012.01.05 22:45:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.01.04 09:52:26 | 000,077,824 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.20 19:00:34 | 000,068,586 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Logfiles.zip
[2012.01.20 18:58:09 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\7z920.exe
[2012.01.20 18:03:06 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\hnir4y82.exe
[2012.01.20 17:30:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.20 17:28:45 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.20 17:13:45 | 000,609,913 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Für alle Hilfesuchenden!.pdf
[2012.01.18 06:55:26 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.07 11:42:31 | 000,606,764 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00002.pdf
[2012.01.07 11:41:24 | 000,239,648 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\CCF07012012_00001.pdf
[2011.09.26 00:07:50 | 000,487,266 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-784067579-1475614593-3799683021-1005-0.dat
[2011.09.26 00:07:48 | 000,487,266 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.08.13 20:06:39 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2011.03.16 14:18:21 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2011.03.16 14:18:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2011.03.16 14:18:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\maplecompat.dll
[2011.02.19 11:56:56 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011.02.09 17:38:43 | 000,139,276 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.12.11 21:52:27 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.08.17 19:17:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\FixCamera.exe
[2010.08.17 19:17:42 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe
[2010.08.17 19:17:42 | 000,360,448 | ---- | C] () -- C:\WINDOWS\tsnpstd3.exe
[2010.08.17 19:17:41 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2010.08.17 19:17:32 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\DeNoise.sys
[2009.12.01 15:25:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009.10.27 18:13:56 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.10.20 09:46:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.10.12 18:56:13 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.10.12 18:54:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.10.12 18:54:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2008.12.10 18:01:18 | 000,000,082 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2008.04.14 18:20:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008.03.30 13:31:11 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.12.03 13:13:23 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.11.12 18:45:51 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.01.02 20:03:31 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.01.02 20:03:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.12.20 15:38:01 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2006.12.20 15:37:27 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006.12.20 15:37:26 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006.12.10 18:05:39 | 000,000,058 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006.12.10 18:05:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006.12.06 22:52:35 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006.11.30 22:38:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.11.30 22:34:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006.11.30 22:33:58 | 000,000,918 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006.11.30 22:33:58 | 000,000,584 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006.11.30 22:33:58 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006.11.30 22:33:58 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.11.30 22:33:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006.11.24 13:30:43 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2006.06.27 08:49:37 | 000,077,824 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.06.07 12:20:11 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.05.23 18:12:47 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.05.23 17:40:06 | 000,003,151 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006.05.23 06:10:50 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006.05.23 06:10:46 | 000,822,784 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006.05.23 06:10:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Outlook Addin.dll
[2006.05.23 06:10:46 | 000,082,432 | ---- | C] () -- C:\WINDOWS\System32\keyManager.dll
[2006.05.23 06:10:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2006.05.23 06:10:45 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\CryptoAPI.dll
[2006.05.23 06:10:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LogSPWusage.dll
[2006.05.23 06:10:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006.05.23 06:10:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2006.05.23 06:10:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2006.05.23 06:10:45 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2006.05.23 06:09:55 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006.05.23 06:07:23 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005.12.15 12:54:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.12.15 12:34:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005.12.15 12:25:08 | 000,494,910 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.12.15 12:25:08 | 000,475,084 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.12.15 12:25:08 | 000,092,144 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.12.15 12:25:08 | 000,077,126 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.12.06 10:51:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.12.06 10:50:50 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.12.06 10:35:28 | 000,603,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.09 02:12:16 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005.07.05 08:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.06.02 11:27:08 | 000,000,215 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.01.21 11:48:06 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004.12.17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.10.27 15:47:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2004.09.13 12:33:24 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.09.13 12:31:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.09.07 14:23:16 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.05.14 13:04:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\XMLaunch.exe
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.11.24 15:55:48 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003.11.24 15:55:32 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2003.07.21 16:52:40 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002.09.12 22:41:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.09.12 22:41:26 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997.07.11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\Docobj.dll
 
========== LOP Check ==========
 
[2005.12.15 12:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.05.23 06:10:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2006.11.08 20:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008.04.10 14:45:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EcoWin
[2009.10.12 18:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.12.31 16:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.02.13 20:57:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.02.13 20:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.08.12 11:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011.09.25 22:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SMA
[2006.05.23 06:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer
[2006.06.07 15:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2006.07.31 20:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Alien Skin
[2006.11.24 13:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPLive
[2006.12.10 21:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2007.04.29 20:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2008.04.14 18:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft
[2008.09.11 14:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nvu
[2008.09.23 15:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Webocton - Scriptly
[2008.10.07 23:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2009.02.10 22:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.05.02 13:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit
[2009.05.04 08:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.10.29 14:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Octoshape
[2010.08.15 17:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX
[2010.10.15 17:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FinalMediaPlayer
[2011.02.13 20:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011.08.12 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Swiss Academic Software
[2011.08.13 22:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2011.08.24 15:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yWorks
[2012.01.12 20:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2004.09.13 12:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2005.12.15 12:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\You've Got Pictures Screensaver
[2005.12.15 12:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AOL
[2004.09.13 12:24:52 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2006.05.23 06:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acer
[2006.05.23 12:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2006.05.23 17:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2006.05.23 18:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft Web Folders
[2006.05.23 19:04:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CyberLink
[2006.06.07 15:23:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2006.06.11 13:27:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2006.06.20 10:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2006.07.09 23:26:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2006.07.31 20:44:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Alien Skin
[2006.10.31 12:36:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real
[2006.11.24 13:25:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PPLive
[2006.12.04 15:52:06 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Brother
[2006.12.10 21:10:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2007.01.07 21:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeAUM
[2007.04.29 20:10:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2007.06.08 16:48:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help
[2008.04.14 18:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft
[2008.09.11 14:59:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nvu
[2008.09.23 15:39:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Webocton - Scriptly
[2008.10.07 23:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2009.02.10 22:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.05.02 13:44:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit
[2009.05.04 08:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.10.12 18:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ArcSoft
[2009.10.27 18:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2009.10.27 18:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2009.10.29 14:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Octoshape
[2010.01.20 20:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2010.08.15 17:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX
[2010.08.17 19:17:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield
[2010.10.15 17:37:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FinalMediaPlayer
[2010.12.31 16:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
[2011.02.13 20:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011.08.10 17:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MathWorks
[2011.08.12 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Swiss Academic Software
[2011.08.13 22:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Acronis
[2011.08.24 15:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\yWorks
[2012.01.12 20:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
[2012.01.19 18:01:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
 
< %APPDATA%\*.exe /s >
[2007.01.06 13:47:24 | 008,386,432 | ---- | M] (Adobe Systems Inc                                           ) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdrUpd708_all_incr.exe
[2007.01.19 15:25:22 | 021,277,080 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2011.09.07 18:46:52 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{DF8CE047-FF83-4C5F-AFE4-84E61891FBBD}\MN_51.exe3_DF8CE047FF834C5FAFE484E61891FBBD.exe
[2011.09.07 18:46:52 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{DF8CE047-FF83-4C5F-AFE4-84E61891FBBD}\MN_51.exe_DF8CE047FF834C5FAFE484E61891FBBD.exe
[2011.09.07 18:46:52 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{DF8CE047-FF83-4C5F-AFE4-84E61891FBBD}\MN_51.exe1_DF8CE047FF834C5FAFE484E61891FBBD.exe
[2011.09.07 18:46:52 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{DF8CE047-FF83-4C5F-AFE4-84E61891FBBD}\MN_51.exe2_DF8CE047FF834C5FAFE484E61891FBBD.exe
[2011.09.07 18:46:52 | 000,002,238 | R--- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{DF8CE047-FF83-4C5F-AFE4-84E61891FBBD}\MN_51.exe21_DF8CE047FF834C5FAFE484E61891FBBD.exe
[2009.05.30 17:20:28 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Real\RealPlayer\Update\RealPlayer11.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.26 21:59:44 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.26 21:59:44 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.26 21:59:44 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.26 21:59:44 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.09.13 12:24:16 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2004.09.13 12:24:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.13 12:24:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

cosinus · 26.01.2012, 11:02

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.ucd.ie/proxy.pac"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64202
O4 - HKCU..\Run: [Firefox helper] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\firefox.exe File not found
O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: &Sample Toolband Serach - C:\WINDOWS\System32\ToolBand.dll (HiTRUST)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1\FC661.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80f4a578-af4c-11dd-88a1-00038a000015}\Shell\AutoRun\command - "" = InfoStickStarter.exe
:Files
C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

svb · 26.01.2012, 20:50

Hallo,

habe alle geöffneten Programme geschlossen und den OTL-Fix gestartet.

Dieser zeigte nach mehreren Stunden unverändert "killing processes DO NOT INTERRUPT" und der PC hatte sich aufgehangen.

Ein erneuter Versuch nach einem Neustart brachte das gleiche Problem.

Was kann ich tuen?

Danke und Gruß
svb

cosinus · 26.01.2012, 21:20

Mach den Fix mal im abgesicherten Modus

svb · 26.01.2012, 21:59

...danke, hat im abgesicherten Modus funktioniert!

Logfile anbei...!

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://proxy.ucd.ie/proxy.pac" removed from network.proxy.autoconfig_url
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 64202 removed from network.proxy.http_port
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Firefox helper deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Citavi Picker...\ deleted successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Sample Toolband Serach\ deleted successfully.
C:\WINDOWS\system32\ToolBand.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4430FE8-2638-42e5-B849-800749B94EED}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1\FC661.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80f4a578-af4c-11dd-88a1-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80f4a578-af4c-11dd-88a1-00038a000015}\ not found.
File InfoStickStarter.exe not found.
========== FILES ==========
C:\Dokumente und Einstellungen\***\Anwendungsdaten\0D2C1 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 3517517 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1469410 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***
->Temp folder emptied: 6705338 bytes
->Temporary Internet Files folder emptied: 55015163 bytes
->Java cache emptied: 68193470 bytes
->FireFox cache emptied: 79534595 bytes
->Flash cache emptied: 630 bytes
 
User: Administrator
->Temp folder emptied: 3517517 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2953962 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 214,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01262012_214535

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 26.01.2012, 22:17

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

svb · 27.01.2012, 07:12

Guten Morgen!

anbei das Log-File.

Code:

ATTFilter

07:03:52.0671 3344	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
07:03:53.0265 3344	============================================================
07:03:53.0265 3344	Current date / time: 2012/01/27 07:03:53.0265
07:03:53.0265 3344	SystemInfo:
07:03:53.0265 3344	
07:03:53.0265 3344	OS Version: 5.1.2600 ServicePack: 3.0
07:03:53.0265 3344	Product type: Workstation
07:03:53.0265 3344	ComputerName: SIMON
07:03:53.0265 3344	UserName: ***
07:03:53.0265 3344	Windows directory: C:\WINDOWS
07:03:53.0265 3344	System windows directory: C:\WINDOWS
07:03:53.0265 3344	Processor architecture: Intel x86
07:03:53.0265 3344	Number of processors: 1
07:03:53.0265 3344	Page size: 0x1000
07:03:53.0265 3344	Boot type: Normal boot
07:03:53.0265 3344	============================================================
07:03:54.0750 3344	Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:03:54.0765 3344	Initialize success
07:04:43.0890 2288	============================================================
07:04:43.0890 2288	Scan started
07:04:43.0890 2288	Mode: Manual; SigCheck; TDLFS; 
07:04:43.0890 2288	============================================================
07:04:44.0281 2288	Abiosdsk - ok
07:04:44.0390 2288	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:04:45.0953 2288	abp480n5 - ok
07:04:46.0109 2288	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:04:46.0296 2288	ACPI - ok
07:04:46.0328 2288	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:04:46.0515 2288	ACPIEC - ok
07:04:46.0625 2288	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:04:46.0828 2288	adpu160m - ok
07:04:46.0984 2288	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:04:47.0171 2288	aec - ok
07:04:47.0343 2288	AF15BDA         (639a9c2dab390769be8fa23854435876) C:\WINDOWS\system32\Drivers\AF15BDA.sys
07:04:47.0421 2288	AF15BDA - ok
07:04:47.0531 2288	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
07:04:47.0562 2288	Afc ( UnsignedFile.Multi.Generic ) - warning
07:04:47.0562 2288	Afc - detected UnsignedFile.Multi.Generic (1)
07:04:47.0781 2288	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:04:47.0843 2288	AFD - ok
07:04:47.0937 2288	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:04:48.0109 2288	agp440 - ok
07:04:48.0218 2288	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:04:48.0390 2288	agpCPQ - ok
07:04:48.0468 2288	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:04:48.0562 2288	Aha154x - ok
07:04:48.0671 2288	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:04:48.0843 2288	aic78u2 - ok
07:04:48.0921 2288	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:04:49.0140 2288	aic78xx - ok
07:04:49.0359 2288	ALCXWDM         (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
07:04:49.0656 2288	ALCXWDM - ok
07:04:49.0750 2288	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:04:49.0937 2288	AliIde - ok
07:04:50.0046 2288	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:04:50.0234 2288	alim1541 - ok
07:04:50.0296 2288	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:04:50.0484 2288	amdagp - ok
07:04:50.0578 2288	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:04:50.0671 2288	amsint - ok
07:04:50.0781 2288	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:04:50.0953 2288	Arp1394 - ok
07:04:51.0031 2288	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:04:51.0234 2288	asc - ok
07:04:51.0328 2288	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:04:51.0437 2288	asc3350p - ok
07:04:51.0546 2288	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:04:51.0734 2288	asc3550 - ok
07:04:51.0875 2288	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:04:52.0031 2288	AsyncMac - ok
07:04:52.0125 2288	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:04:52.0281 2288	atapi - ok
07:04:52.0453 2288	Atdisk - ok
07:04:52.0531 2288	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:04:52.0703 2288	Atmarpc - ok
07:04:52.0812 2288	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:04:53.0015 2288	audstub - ok
07:04:53.0203 2288	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
07:04:53.0218 2288	avgio - ok
07:04:53.0375 2288	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
07:04:54.0312 2288	avgntflt - ok
07:04:54.0421 2288	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
07:04:54.0453 2288	avipbb - ok
07:04:54.0593 2288	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:04:54.0687 2288	BCM43XX - ok
07:04:54.0718 2288	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:04:54.0906 2288	Beep - ok
07:04:55.0125 2288	BrScnUsb        (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
07:04:55.0156 2288	BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
07:04:55.0156 2288	BrScnUsb - detected UnsignedFile.Multi.Generic (1)
07:04:55.0312 2288	BrSerIf         (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
07:04:55.0328 2288	BrSerIf ( UnsignedFile.Multi.Generic ) - warning
07:04:55.0328 2288	BrSerIf - detected UnsignedFile.Multi.Generic (1)
07:04:55.0500 2288	BrUsbSer        (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
07:04:55.0500 2288	BrUsbSer ( UnsignedFile.Multi.Generic ) - warning
07:04:55.0500 2288	BrUsbSer - detected UnsignedFile.Multi.Generic (1)
07:04:55.0546 2288	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:04:55.0765 2288	cbidf - ok
07:04:55.0843 2288	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:04:56.0015 2288	cbidf2k - ok
07:04:56.0218 2288	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:04:56.0390 2288	CCDECODE - ok
07:04:56.0468 2288	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:04:56.0562 2288	cd20xrnt - ok
07:04:56.0593 2288	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:04:56.0796 2288	Cdaudio - ok
07:04:56.0859 2288	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:04:57.0031 2288	Cdfs - ok
07:04:57.0078 2288	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:04:57.0265 2288	Cdrom - ok
07:04:57.0421 2288	Changer - ok
07:04:57.0562 2288	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:04:57.0718 2288	CmBatt - ok
07:04:57.0812 2288	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:04:58.0015 2288	CmdIde - ok
07:04:58.0078 2288	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:04:58.0250 2288	Compbatt - ok
07:04:58.0359 2288	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:04:58.0796 2288	Cpqarray - ok
07:04:59.0000 2288	CVirtA          (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:04:59.0031 2288	CVirtA - ok
07:04:59.0234 2288	CVPNDRVA        (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:04:59.0296 2288	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
07:04:59.0296 2288	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
07:04:59.0453 2288	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:04:59.0656 2288	dac2w2k - ok
07:04:59.0750 2288	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:04:59.0937 2288	dac960nt - ok
07:05:00.0015 2288	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:05:00.0187 2288	Disk - ok
07:05:00.0312 2288	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
07:05:00.0578 2288	dmboot - ok
07:05:00.0796 2288	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
07:05:00.0968 2288	dmio - ok
07:05:01.0000 2288	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:05:01.0218 2288	dmload - ok
07:05:01.0359 2288	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:05:01.0531 2288	DMusic - ok
07:05:01.0765 2288	DNE             (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:05:01.0796 2288	DNE - ok
07:05:01.0906 2288	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:05:02.0171 2288	dpti2o - ok
07:05:02.0234 2288	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:05:02.0609 2288	drmkaud - ok
07:05:04.0046 2288	EpmPsd          (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
07:05:04.0062 2288	EpmPsd ( UnsignedFile.Multi.Generic ) - warning
07:05:04.0062 2288	EpmPsd - detected UnsignedFile.Multi.Generic (1)
07:05:04.0250 2288	EpmShd          (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
07:05:04.0281 2288	EpmShd ( UnsignedFile.Multi.Generic ) - warning
07:05:04.0281 2288	EpmShd - detected UnsignedFile.Multi.Generic (1)
07:05:04.0359 2288	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:05:04.0515 2288	Fastfat - ok
07:05:04.0578 2288	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:05:04.0750 2288	Fdc - ok
07:05:04.0843 2288	FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
07:05:05.0031 2288	FETNDIS - ok
07:05:05.0125 2288	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
07:05:05.0296 2288	Fips - ok
07:05:05.0375 2288	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:05:05.0500 2288	Flpydisk - ok
07:05:05.0890 2288	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:05:06.0062 2288	FltMgr - ok
07:05:06.0109 2288	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:05:06.0296 2288	Fs_Rec - ok
07:05:06.0484 2288	FTDIBUS         (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
07:05:06.0500 2288	FTDIBUS - ok
07:05:06.0640 2288	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:05:06.0828 2288	Ftdisk - ok
07:05:06.0828 2288	Scan interrupted by user!
07:05:06.0828 2288	Scan interrupted by user!
07:05:06.0828 2288	Scan interrupted by user!
07:05:06.0828 2288	============================================================
07:05:06.0828 2288	Scan finished
07:05:06.0828 2288	============================================================
07:05:06.0953 2448	Detected object count: 7
07:05:06.0953 2448	Actual detected object count: 7
07:05:13.0218 2448	Afc ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0218 2448	Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0218 2448	BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0218 2448	BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0234 2448	BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0234 2448	BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0234 2448	BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0234 2448	BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0234 2448	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0234 2448	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0234 2448	EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0234 2448	EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:13.0250 2448	EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
07:05:13.0250 2448	EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:05:21.0453 2208	============================================================
07:05:21.0453 2208	Scan started
07:05:21.0453 2208	Mode: Manual; SigCheck; TDLFS; 
07:05:21.0453 2208	============================================================
07:05:21.0875 2208	Abiosdsk - ok
07:05:21.0984 2208	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:05:22.0078 2208	abp480n5 - ok
07:05:22.0218 2208	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:05:22.0390 2208	ACPI - ok
07:05:22.0437 2208	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:05:22.0640 2208	ACPIEC - ok
07:05:22.0734 2208	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:05:22.0906 2208	adpu160m - ok
07:05:23.0046 2208	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:05:23.0187 2208	aec - ok
07:05:23.0375 2208	AF15BDA         (639a9c2dab390769be8fa23854435876) C:\WINDOWS\system32\Drivers\AF15BDA.sys
07:05:23.0406 2208	AF15BDA - ok
07:05:23.0531 2208	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
07:05:23.0546 2208	Afc ( UnsignedFile.Multi.Generic ) - warning
07:05:23.0546 2208	Afc - detected UnsignedFile.Multi.Generic (1)
07:05:23.0781 2208	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
07:05:23.0796 2208	AFD - ok
07:05:23.0859 2208	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
07:05:24.0000 2208	agp440 - ok
07:05:24.0109 2208	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:05:24.0250 2208	agpCPQ - ok
07:05:24.0343 2208	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:05:24.0406 2208	Aha154x - ok
07:05:24.0500 2208	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:05:24.0656 2208	aic78u2 - ok
07:05:24.0750 2208	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:05:24.0906 2208	aic78xx - ok
07:05:25.0171 2208	ALCXWDM         (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
07:05:25.0406 2208	ALCXWDM - ok
07:05:25.0500 2208	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
07:05:25.0687 2208	AliIde - ok
07:05:25.0796 2208	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:05:25.0937 2208	alim1541 - ok
07:05:26.0015 2208	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:05:26.0171 2208	amdagp - ok
07:05:26.0343 2208	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
07:05:26.0406 2208	amsint - ok
07:05:26.0531 2208	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:05:26.0687 2208	Arp1394 - ok
07:05:26.0781 2208	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
07:05:26.0937 2208	asc - ok
07:05:27.0031 2208	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:05:27.0125 2208	asc3350p - ok
07:05:27.0218 2208	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:05:27.0375 2208	asc3550 - ok
07:05:27.0531 2208	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:05:27.0671 2208	AsyncMac - ok
07:05:27.0781 2208	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:05:27.0906 2208	atapi - ok
07:05:28.0078 2208	Atdisk - ok
07:05:28.0156 2208	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:05:28.0296 2208	Atmarpc - ok
07:05:28.0406 2208	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:05:28.0562 2208	audstub - ok
07:05:28.0750 2208	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
07:05:28.0765 2208	avgio - ok
07:05:28.0890 2208	avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
07:05:28.0906 2208	avgntflt - ok
07:05:29.0015 2208	avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
07:05:29.0031 2208	avipbb - ok
07:05:29.0171 2208	BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
07:05:29.0218 2208	BCM43XX - ok
07:05:29.0281 2208	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:05:29.0453 2208	Beep - ok
07:05:29.0671 2208	BrScnUsb        (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
07:05:29.0687 2208	BrScnUsb ( UnsignedFile.Multi.Generic ) - warning
07:05:29.0687 2208	BrScnUsb - detected UnsignedFile.Multi.Generic (1)
07:05:29.0859 2208	BrSerIf         (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
07:05:29.0875 2208	BrSerIf ( UnsignedFile.Multi.Generic ) - warning
07:05:29.0875 2208	BrSerIf - detected UnsignedFile.Multi.Generic (1)
07:05:30.0031 2208	BrUsbSer        (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
07:05:30.0046 2208	BrUsbSer ( UnsignedFile.Multi.Generic ) - warning
07:05:30.0046 2208	BrUsbSer - detected UnsignedFile.Multi.Generic (1)
07:05:30.0078 2208	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:05:30.0250 2208	cbidf - ok
07:05:30.0296 2208	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:05:30.0437 2208	cbidf2k - ok
07:05:30.0625 2208	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:05:30.0781 2208	CCDECODE - ok
07:05:30.0875 2208	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:05:30.0937 2208	cd20xrnt - ok
07:05:30.0968 2208	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:05:31.0140 2208	Cdaudio - ok
07:05:31.0187 2208	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:05:31.0343 2208	Cdfs - ok
07:05:31.0406 2208	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:05:31.0562 2208	Cdrom - ok
07:05:31.0812 2208	Changer - ok
07:05:31.0921 2208	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:05:32.0062 2208	CmBatt - ok
07:05:32.0171 2208	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:05:32.0343 2208	CmdIde - ok
07:05:32.0406 2208	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:05:32.0546 2208	Compbatt - ok
07:05:32.0703 2208	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:05:32.0859 2208	Cpqarray - ok
07:05:33.0062 2208	CVirtA          (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
07:05:33.0078 2208	CVirtA - ok
07:05:33.0281 2208	CVPNDRVA        (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
07:05:33.0296 2208	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
07:05:33.0296 2208	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
07:05:33.0421 2208	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:05:33.0578 2208	dac2w2k - ok
07:05:33.0671 2208	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:05:33.0828 2208	dac960nt - ok
07:05:33.0921 2208	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:05:34.0046 2208	Disk - ok
07:05:34.0156 2208	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
07:05:34.0359 2208	dmboot - ok
07:05:34.0515 2208	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
07:05:34.0687 2208	dmio - ok
07:05:34.0734 2208	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:05:34.0890 2208	dmload - ok
07:05:35.0031 2208	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:05:35.0171 2208	DMusic - ok
07:05:35.0375 2208	DNE             (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
07:05:35.0390 2208	DNE - ok
07:05:35.0468 2208	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:05:35.0640 2208	dpti2o - ok
07:05:35.0703 2208	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:05:35.0843 2208	drmkaud - ok
07:05:36.0000 2208	EpmPsd          (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
07:05:36.0015 2208	EpmPsd ( UnsignedFile.Multi.Generic ) - warning
07:05:36.0015 2208	EpmPsd - detected UnsignedFile.Multi.Generic (1)
07:05:36.0156 2208	EpmShd          (2d0c4a7077f6c68449479f5444c580a7) C:\WINDOWS\system32\drivers\epm-shd.sys
07:05:36.0171 2208	EpmShd ( UnsignedFile.Multi.Generic ) - warning
07:05:36.0171 2208	EpmShd - detected UnsignedFile.Multi.Generic (1)
07:05:36.0265 2208	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:05:36.0406 2208	Fastfat - ok
07:05:36.0453 2208	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:05:36.0593 2208	Fdc - ok
07:05:36.0687 2208	FETNDIS         (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
07:05:36.0859 2208	FETNDIS - ok
07:05:36.0937 2208	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
07:05:37.0093 2208	Fips - ok
07:05:37.0171 2208	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:05:37.0312 2208	Flpydisk - ok
07:05:37.0484 2208	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:05:37.0656 2208	FltMgr - ok
07:05:37.0718 2208	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:05:37.0890 2208	Fs_Rec - ok
07:05:38.0093 2208	FTDIBUS         (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
07:05:38.0109 2208	FTDIBUS - ok
07:05:38.0218 2208	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:05:38.0390 2208	Ftdisk - ok
07:05:38.0578 2208	FTSER2K         (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
07:05:38.0609 2208	FTSER2K - ok
07:05:38.0734 2208	gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
07:05:38.0875 2208	gagp30kx - ok
07:05:39.0046 2208	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
07:05:39.0062 2208	GEARAspiWDM - ok
07:05:39.0171 2208	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:05:39.0312 2208	Gpc - ok
07:05:39.0453 2208	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:05:39.0609 2208	HidUsb - ok
07:05:39.0734 2208	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
07:05:39.0750 2208	Hotkey ( UnsignedFile.Multi.Generic ) - warning
07:05:39.0750 2208	Hotkey - detected UnsignedFile.Multi.Generic (1)
07:05:39.0953 2208	HpGmb001        (ba69c58d11e8c5b6d04d548d29eb249f) C:\WINDOWS\system32\DRIVERS\HpGmb001.SYS
07:05:39.0984 2208	HpGmb001 - ok
07:05:40.0093 2208	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
07:05:40.0250 2208	hpn - ok
07:05:40.0437 2208	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
07:05:40.0531 2208	HPZid412 - ok
07:05:40.0750 2208	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
07:05:40.0796 2208	HPZipr12 - ok
07:05:40.0968 2208	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
07:05:41.0031 2208	HPZius12 - ok
07:05:41.0171 2208	HSFHWICH        (9e99aad9cfea338cef2eb6bcf2d9b524) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
07:05:41.0218 2208	HSFHWICH - ok
07:05:41.0390 2208	HSF_DP          (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
07:05:41.0484 2208	HSF_DP - ok
07:05:41.0656 2208	HSF_DPV         (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
07:05:41.0750 2208	HSF_DPV - ok
07:05:41.0906 2208	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:05:41.0953 2208	HTTP - ok
07:05:42.0046 2208	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
07:05:42.0203 2208	i2omgmt - ok
07:05:42.0312 2208	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:05:42.0453 2208	i2omp - ok
07:05:42.0531 2208	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:05:42.0687 2208	i8042prt - ok
07:05:42.0859 2208	ialm            (afa7c99d211a2aff21a287bc4264cde6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
07:05:42.0937 2208	ialm - ok
07:05:43.0062 2208	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:05:43.0218 2208	Imapi - ok
07:05:43.0406 2208	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:05:43.0578 2208	ini910u - ok
07:05:43.0593 2208	int15.sys - ok
07:05:43.0671 2208	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:05:43.0812 2208	IntelIde - ok
07:05:43.0890 2208	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:05:44.0015 2208	intelppm - ok
07:05:44.0093 2208	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:05:44.0250 2208	Ip6Fw - ok
07:05:44.0281 2208	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:05:44.0453 2208	IpFilterDriver - ok
07:05:44.0578 2208	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:05:44.0718 2208	IpInIp - ok
07:05:44.0812 2208	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:05:44.0937 2208	IpNat - ok
07:05:45.0046 2208	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:05:45.0203 2208	IPSec - ok
07:05:45.0328 2208	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:05:45.0500 2208	IRENUM - ok
07:05:45.0625 2208	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:05:45.0781 2208	isapnp - ok
07:05:45.0984 2208	IWPORT          (8660a2f09aeefe933728b9fd4c7da0cf) C:\WINDOWS\SYSTEM32\DRIVERS\IWPORT.SYS
07:05:45.0984 2208	IWPORT ( UnsignedFile.Multi.Generic ) - warning
07:05:45.0984 2208	IWPORT - detected UnsignedFile.Multi.Generic (1)
07:05:46.0156 2208	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:05:46.0281 2208	Kbdclass - ok
07:05:46.0437 2208	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:05:46.0593 2208	kbdhid - ok
07:05:46.0750 2208	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:05:46.0890 2208	kmixer - ok
07:05:47.0062 2208	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:05:47.0140 2208	KSecDD - ok
07:05:47.0312 2208	lbrtfdc - ok
07:05:47.0500 2208	mailKmd - ok
07:05:47.0562 2208	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
07:05:47.0578 2208	MBAMProtector - ok
07:05:47.0734 2208	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
07:05:47.0765 2208	mdmxsdk - ok
07:05:47.0812 2208	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:05:48.0000 2208	mnmdd - ok
07:05:48.0125 2208	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
07:05:48.0281 2208	Modem - ok
07:05:48.0421 2208	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:05:48.0562 2208	Mouclass - ok
07:05:48.0781 2208	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:05:48.0953 2208	mouhid - ok
07:05:49.0062 2208	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:05:49.0218 2208	MountMgr - ok
07:05:49.0390 2208	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
07:05:49.0531 2208	MPE - ok
07:05:49.0625 2208	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:05:49.0796 2208	mraid35x - ok
07:05:49.0906 2208	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:05:50.0046 2208	MRxDAV - ok
07:05:50.0187 2208	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:05:50.0281 2208	MRxSmb - ok
07:05:50.0343 2208	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:05:50.0484 2208	Msfs - ok
07:05:50.0640 2208	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:05:50.0781 2208	MSKSSRV - ok
07:05:50.0984 2208	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:05:51.0125 2208	MSPCLOCK - ok
07:05:51.0218 2208	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:05:51.0343 2208	MSPQM - ok
07:05:51.0484 2208	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:05:51.0640 2208	mssmbios - ok
07:05:51.0812 2208	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
07:05:51.0953 2208	MSTEE - ok
07:05:52.0062 2208	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
07:05:52.0093 2208	Mup - ok
07:05:52.0281 2208	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:05:52.0421 2208	NABTSFEC - ok
07:05:52.0484 2208	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:05:52.0625 2208	NDIS - ok
07:05:52.0796 2208	NdisFilt        (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
07:05:52.0796 2208	NdisFilt ( UnsignedFile.Multi.Generic ) - warning
07:05:52.0796 2208	NdisFilt - detected UnsignedFile.Multi.Generic (1)
07:05:52.0968 2208	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:05:53.0109 2208	NdisIP - ok
07:05:53.0281 2208	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:05:53.0312 2208	NdisTapi - ok
07:05:53.0390 2208	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:05:53.0531 2208	Ndisuio - ok
07:05:53.0562 2208	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:05:53.0703 2208	NdisWan - ok
07:05:53.0859 2208	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
07:05:53.0906 2208	NDProxy - ok
07:05:53.0984 2208	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:05:54.0140 2208	NetBIOS - ok
07:05:54.0250 2208	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:05:54.0375 2208	NetBT - ok
07:05:54.0546 2208	NETMNT          (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
07:05:54.0578 2208	NETMNT ( UnsignedFile.Multi.Generic ) - warning
07:05:54.0578 2208	NETMNT - detected UnsignedFile.Multi.Generic (1)
07:05:54.0671 2208	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:05:54.0812 2208	NIC1394 - ok
07:05:54.0906 2208	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:05:55.0062 2208	Npfs - ok
07:05:55.0218 2208	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
07:05:55.0359 2208	NSCIRDA - ok
07:05:55.0515 2208	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:05:55.0718 2208	Ntfs - ok
07:05:55.0875 2208	NTIDrvr         (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
07:05:55.0890 2208	NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
07:05:55.0890 2208	NTIDrvr - detected UnsignedFile.Multi.Generic (1)
07:05:55.0937 2208	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:05:56.0125 2208	Null - ok
07:05:56.0171 2208	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:05:56.0343 2208	NwlnkFlt - ok
07:05:56.0375 2208	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:05:56.0531 2208	NwlnkFwd - ok
07:05:56.0625 2208	NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
07:05:56.0781 2208	NwlnkIpx - ok
07:05:56.0843 2208	NwlnkNb         (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
07:05:57.0000 2208	NwlnkNb - ok
07:05:57.0062 2208	NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
07:05:57.0218 2208	NwlnkSpx - ok
07:05:57.0296 2208	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:05:57.0453 2208	ohci1394 - ok
07:05:57.0609 2208	OsaFsLoc        (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
07:05:57.0625 2208	OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning
07:05:57.0625 2208	OsaFsLoc - detected UnsignedFile.Multi.Generic (1)
07:05:57.0812 2208	osaio           (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
07:05:57.0828 2208	osaio ( UnsignedFile.Multi.Generic ) - warning
07:05:57.0828 2208	osaio - detected UnsignedFile.Multi.Generic (1)
07:05:57.0953 2208	osanbm          (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
07:05:57.0953 2208	osanbm ( UnsignedFile.Multi.Generic ) - warning
07:05:57.0953 2208	osanbm - detected UnsignedFile.Multi.Generic (1)
07:05:58.0015 2208	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
07:05:58.0171 2208	Parport - ok
07:05:58.0281 2208	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:05:58.0406 2208	PartMgr - ok
07:05:58.0437 2208	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
07:05:58.0609 2208	ParVdm - ok
07:05:58.0718 2208	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
07:05:58.0859 2208	PCI - ok
07:05:59.0031 2208	PCIDump - ok
07:05:59.0125 2208	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:05:59.0281 2208	PCIIde - ok
07:05:59.0406 2208	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
07:05:59.0562 2208	Pcmcia - ok
07:05:59.0734 2208	PDCOMP - ok
07:05:59.0890 2208	PDFRAME - ok
07:06:00.0062 2208	PDRELI - ok
07:06:00.0218 2208	PDRFRAME - ok
07:06:00.0296 2208	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
07:06:00.0437 2208	perc2 - ok
07:06:00.0515 2208	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:06:00.0687 2208	perc2hib - ok
07:06:00.0843 2208	pfc             (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
07:06:00.0843 2208	pfc ( UnsignedFile.Multi.Generic ) - warning
07:06:00.0843 2208	pfc - detected UnsignedFile.Multi.Generic (1)
07:06:00.0984 2208	POWERKEY        (582099b89753bdc29db151e73c3fd4d9) C:\Programme\Launch Manager\POWERKEY.sys
07:06:00.0984 2208	POWERKEY ( UnsignedFile.Multi.Generic ) - warning
07:06:00.0984 2208	POWERKEY - detected UnsignedFile.Multi.Generic (1)
07:06:01.0156 2208	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:06:01.0296 2208	PptpMiniport - ok
07:06:01.0359 2208	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
07:06:01.0500 2208	Processor - ok
07:06:01.0562 2208	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:06:01.0703 2208	PSched - ok
07:06:01.0718 2208	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:06:01.0875 2208	Ptilink - ok
07:06:01.0968 2208	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:06:02.0125 2208	ql1080 - ok
07:06:02.0203 2208	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:06:02.0375 2208	Ql10wnt - ok
07:06:02.0453 2208	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:06:02.0609 2208	ql12160 - ok
07:06:02.0687 2208	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:06:02.0828 2208	ql1240 - ok
07:06:02.0953 2208	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:06:03.0109 2208	ql1280 - ok
07:06:03.0156 2208	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:06:03.0296 2208	RasAcd - ok
07:06:03.0421 2208	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
07:06:03.0500 2208	Rasirda - ok
07:06:03.0562 2208	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:06:03.0718 2208	Rasl2tp - ok
07:06:03.0781 2208	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:06:03.0921 2208	RasPppoe - ok
07:06:03.0937 2208	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:06:04.0109 2208	Raspti - ok
07:06:04.0234 2208	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:06:04.0375 2208	Rdbss - ok
07:06:04.0453 2208	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:06:04.0593 2208	RDPCDD - ok
07:06:04.0750 2208	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:06:04.0890 2208	rdpdr - ok
07:06:04.0968 2208	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
07:06:05.0015 2208	RDPWD - ok
07:06:05.0109 2208	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:06:05.0250 2208	redbook - ok
07:06:05.0406 2208	RTL8023xp       (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
07:06:05.0484 2208	RTL8023xp - ok
07:06:05.0703 2208	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:06:05.0859 2208	Secdrv - ok
07:06:05.0937 2208	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
07:06:06.0078 2208	serenum - ok
07:06:06.0140 2208	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
07:06:06.0281 2208	Serial - ok
07:06:06.0453 2208	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
07:06:06.0593 2208	Sfloppy - ok
07:06:06.0781 2208	Simbad - ok
07:06:06.0921 2208	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:06:07.0062 2208	sisagp - ok
07:06:07.0234 2208	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:06:07.0390 2208	SLIP - ok
07:06:07.0437 2208	snapman         (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
07:06:07.0468 2208	snapman ( UnsignedFile.Multi.Generic ) - warning
07:06:07.0468 2208	snapman - detected UnsignedFile.Multi.Generic (1)
07:06:08.0031 2208	SNPSTD3         (44d78a35ada1158647b51b179712aa57) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
07:06:08.0875 2208	SNPSTD3 ( UnsignedFile.Multi.Generic ) - warning
07:06:08.0875 2208	SNPSTD3 - detected UnsignedFile.Multi.Generic (1)
07:06:09.0109 2208	softctrl        (e5b2fceb43057fb6f9e76fc4ec04eafc) C:\WINDOWS\system32\DRIVERS\softctrl.sys
07:06:09.0125 2208	softctrl ( UnsignedFile.Multi.Generic ) - warning
07:06:09.0125 2208	softctrl - detected UnsignedFile.Multi.Generic (1)
07:06:09.0250 2208	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:06:09.0343 2208	Sparrow - ok
07:06:09.0468 2208	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:06:09.0609 2208	splitter - ok
07:06:09.0718 2208	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
07:06:09.0859 2208	sr - ok
07:06:10.0031 2208	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
07:06:10.0125 2208	Srv - ok
07:06:10.0359 2208	ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
07:06:10.0375 2208	ssmdrv - ok
07:06:10.0546 2208	StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
07:06:10.0734 2208	StillCam - ok
07:06:10.0921 2208	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:06:11.0062 2208	streamip - ok
07:06:11.0187 2208	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:06:11.0328 2208	swenum - ok
07:06:11.0468 2208	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:06:11.0593 2208	swmidi - ok
07:06:11.0718 2208	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
07:06:11.0890 2208	symc810 - ok
07:06:11.0968 2208	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:06:12.0109 2208	symc8xx - ok
07:06:12.0203 2208	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:06:12.0359 2208	sym_hi - ok
07:06:12.0453 2208	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:06:12.0593 2208	sym_u3 - ok
07:06:12.0781 2208	SynTP           (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:06:12.0812 2208	SynTP - ok
07:06:12.0906 2208	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:06:13.0046 2208	sysaudio - ok
07:06:13.0140 2208	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:06:13.0250 2208	Tcpip - ok
07:06:13.0343 2208	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:06:13.0484 2208	TDPIPE - ok
07:06:13.0562 2208	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:06:13.0703 2208	TDTCP - ok
07:06:13.0781 2208	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:06:13.0937 2208	TermDD - ok
07:06:14.0171 2208	tifsfilter      (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
07:06:14.0187 2208	tifsfilter ( UnsignedFile.Multi.Generic ) - warning
07:06:14.0187 2208	tifsfilter - detected UnsignedFile.Multi.Generic (1)
07:06:14.0359 2208	timounter       (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
07:06:14.0375 2208	timounter ( UnsignedFile.Multi.Generic ) - warning
07:06:14.0375 2208	timounter - detected UnsignedFile.Multi.Generic (1)
07:06:14.0468 2208	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
07:06:14.0640 2208	TosIde - ok
07:06:14.0828 2208	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
07:06:14.0843 2208	TuneUpUtilitiesDrv - ok
07:06:14.0953 2208	UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
07:06:14.0968 2208	UBHelper ( UnsignedFile.Multi.Generic ) - warning
07:06:14.0968 2208	UBHelper - detected UnsignedFile.Multi.Generic (1)
07:06:15.0046 2208	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:06:15.0218 2208	Udfs - ok
07:06:15.0312 2208	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
07:06:15.0406 2208	ultra - ok
07:06:15.0546 2208	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:06:15.0750 2208	Update - ok
07:06:15.0875 2208	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:06:15.0921 2208	USBAAPL - ok
07:06:16.0000 2208	usbbus          (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
07:06:16.0062 2208	usbbus - ok
07:06:16.0156 2208	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:06:16.0296 2208	usbccgp - ok
07:06:16.0468 2208	UsbDiag         (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
07:06:16.0500 2208	UsbDiag - ok
07:06:16.0640 2208	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:06:16.0781 2208	usbehci - ok
07:06:16.0843 2208	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:06:17.0000 2208	usbhub - ok
07:06:17.0156 2208	USBModem        (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
07:06:17.0171 2208	USBModem - ok
07:06:17.0250 2208	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:06:17.0390 2208	usbprint - ok
07:06:17.0562 2208	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:06:17.0718 2208	usbscan - ok
07:06:17.0953 2208	usbser          (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbser.sys
07:06:18.0062 2208	usbser - ok
07:06:18.0140 2208	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:06:18.0265 2208	usbstor - ok
07:06:18.0328 2208	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:06:18.0484 2208	usbuhci - ok
07:06:18.0531 2208	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:06:18.0671 2208	VgaSave - ok
07:06:18.0828 2208	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:06:18.0984 2208	viaagp - ok
07:06:19.0031 2208	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:06:19.0187 2208	ViaIde - ok
07:06:19.0234 2208	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
07:06:19.0359 2208	VolSnap - ok
07:06:19.0953 2208	vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
07:06:19.0984 2208	vsdatant - ok
07:06:20.0062 2208	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:06:20.0218 2208	Wanarp - ok
07:06:20.0421 2208	wanatw - ok
07:06:20.0593 2208	Wbutton - ok
07:06:20.0765 2208	WDICA - ok
07:06:20.0828 2208	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:06:20.0968 2208	wdmaud - ok
07:06:21.0156 2208	winachsf        (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
07:06:21.0203 2208	winachsf - ok
07:06:21.0296 2208	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:06:21.0437 2208	WmiAcpi - ok
07:06:21.0656 2208	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:06:21.0796 2208	WSTCODEC - ok
07:06:22.0000 2208	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:06:22.0046 2208	WudfPf - ok
07:06:22.0234 2208	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:06:22.0265 2208	WudfRd - ok
07:06:22.0312 2208	MBR (0x1B8)     (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
07:06:26.0375 2208	\Device\Harddisk0\DR0 - ok
07:06:26.0406 2208	Boot (0x1200)   (78703b00d10984cd9388f963c847a98c) \Device\Harddisk0\DR0\Partition0
07:06:26.0406 2208	\Device\Harddisk0\DR0\Partition0 - ok
07:06:26.0437 2208	Boot (0x1200)   (947fe6a98feae16014664c1c0ef1ac70) \Device\Harddisk0\DR0\Partition1
07:06:26.0437 2208	\Device\Harddisk0\DR0\Partition1 - ok
07:06:26.0437 2208	============================================================
07:06:26.0437 2208	Scan finished
07:06:26.0437 2208	============================================================
07:06:26.0468 3156	Detected object count: 23
07:06:26.0468 3156	Actual detected object count: 23
07:07:04.0984 3156	Afc ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:04.0984 3156	Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:04.0984 3156	BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:04.0984 3156	BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:04.0984 3156	BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:04.0984 3156	BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:04.0984 3156	BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:04.0984 3156	BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:04.0984 3156	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:04.0984 3156	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0000 3156	EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0000 3156	EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0000 3156	EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0000 3156	EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0000 3156	Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0000 3156	Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0000 3156	IWPORT ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0000 3156	IWPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0015 3156	NdisFilt ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0015 3156	NdisFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0015 3156	NETMNT ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0015 3156	NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0015 3156	NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0015 3156	NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0015 3156	OsaFsLoc ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0015 3156	OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0031 3156	osaio ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0031 3156	osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0031 3156	osanbm ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0031 3156	osanbm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0031 3156	pfc ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0031 3156	pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0031 3156	POWERKEY ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0031 3156	POWERKEY ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0031 3156	snapman ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0031 3156	snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0046 3156	SNPSTD3 ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0046 3156	SNPSTD3 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0046 3156	softctrl ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0046 3156	softctrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0046 3156	tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0046 3156	tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0046 3156	timounter ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0046 3156	timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:07:05.0062 3156	UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:07:05.0062 3156	UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke und Gruß
svb

26.01.2012, 21:20	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT Mach den Fix mal im abgesicherten Modus __________________ Logfiles bitte immer in CODE-Tags posten

"Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT

Log-Analyse und Auswertung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" - svb DANKT